Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.38.origin
- Android.Triada.170.origin
Сетевая активность:
Подключается к:
- j####.####.COM
- bbb####.com
- 2y####.####.com
- w####.####.com:10081
- nei####.com
- f####.####.com
- w####.####.com
- j####.####.COM:12956
Запросы HTTP GET:
- 2y####.####.com/R4562458532240021
- f####.####.com/pic/xlbk/2017-03-30/small770c4ac437cec5350033ebcae2717935...
- f####.####.com/pic/2017-03-31/smalle86fc8f1ddae18706adf717a59149b26.jpg
- f####.####.com/pic/2017-03-31/small31d11bdba4553a8034a67fd91275dcd0.jpg
- f####.####.com/pic/2017-03-31/smallb7db27929a5641c664c016db7f93cfe4.jpg
- f####.####.com/pic/2017-03-31/smallb8cbcb00c15ae82b4423674e92e9938c.jpg
- nei####.com/api/index.php?a=####&c=####&id=####
- f####.####.com/pic/2017-03-31/smalld383ff3be5495c7dc1a28bf743a57c10.jpg
- f####.####.com/mm/2017-03-30/smalle1ee1d4b8a164135e931b56da2aec3b2149085...
- f####.####.com/thumb/e9ee50fbfd74c221d200ad548d4646f5.thumb.jpg
- f####.####.com/ps/2017-03-23/smalla4a72bfd82db9dd08af6040c4cf01664149025...
- f####.####.com/pic/2017-03-31/small858082e78a24d280c7034484df0023b0.jpg
- f####.####.com/mm/2017-03-30/small6b5397e76f97be6b1f12ebc276b50ff9149085...
- f####.####.com/mm/2017-03-30/smallc96f8ee51e524c54984f49bcf7bdc619149085...
- nei####.com/api/index.php?a=####&orderBy=####&c=####&page=####&classid=#...
- f####.####.com/pic/2017-03-31/small3a32d1893dc76adbc4fe343a5c02fe02.jpg
- f####.####.com/mm/2017-03-30/small544d8792a46100aab9db8d3c8d0158c3149085...
- f####.####.com/pic/2017-03-31/small65c76c2ca161d9889a264ae5a3fab0b4.jpg
- f####.####.com/pic/2017-03-31/smalla172f3426aef01da046f7872a315da0a.jpg
- f####.####.com/pic/2017-03-31/smalled891fe3991e02504ef18c8aa0f03be5.jpg
- f####.####.com/gaoxiaomanhua/2017-03-29/small534d70f2d95122587c0fff02639...
- f####.####.com/thumb/13b6d91549ebe58bd29f0ccc5842e675.thumb.jpg
- f####.####.com/gaoxiaomanhua/2017-03-29/small816d0699ef2911873c716a44368...
- f####.####.com/pic/2017-03-31/smallccb1295fb718961d50c8a613e10a48c7.jpg
- f####.####.com/pic/xlbk/2017-03-30/smallc9904e5800881a5bce17f2368d7e8620...
- f####.####.com/mm/2017-03-30/small78be0c2a6242b10babb3d257eadbbf2c149085...
- f####.####.com/ps/2017-03-23/small96e9df4efe80198b4237f9b71d695ffb149025...
- f####.####.com/pic/xlbk/2017-03-30/small723d28c76a4b28180b56a83eac748bbd...
- f####.####.com/pic/2017-03-31/smallde50abbbd530ff5be893092724385911.jpg
- f####.####.com/pic/2017-03-31/small21b41983eb45f9692c519fcc2f6bf016.jpg
- f####.####.com/mm/2017-03-30/smalld64b66c55067477cc97d9fc2dfe1d19c149085...
- f####.####.com/pic/2017-03-31/small5284fff395ca5bbe6a574b660a9b71b6.jpg
- f####.####.com/gaoxiaomanhua/2017-03-29/smallb115515b19c05b90761f8975b82...
- f####.####.com/ps/2017-03-23/smalld53f53544a12ad487a525f6924b173b1149025...
- f####.####.com/thumb/8ec3eec1eede47ab36aaafdaf1fddc8b.thumb.jpg
- 2y####.####.com/Z68KL1522154563421
- f####.####.com/thumb/67b504e48d09a5fb742068203573b5ff.thumb.jpg
- f####.####.com/mm/2017-03-30/small986356598bbab6f5e05303d56db98459149085...
- f####.####.com/pic/2017-03-31/small392591b42335716f025df81953ca81a0.jpg
- f####.####.com/mm/2017-03-30/small4e0abe92d696b1c19052d0adc4d791b8149085...
- 2y####.####.com/N9687742244553469
- f####.####.com/pic/2017-03-31/small68ca944d4691e1a284359f96c426e470.jpg
- f####.####.com/mm/2017-03-30/smalla77258819b42b02e1d99f501eac723b2149085...
- f####.####.com/pic/2017-03-31/smallbcf61a94de48e4b597426353b9f2333e.jpg
- f####.####.com/mm/2017-03-30/small74c522ee40b816eb5d6f776b3bb07496149085...
- f####.####.com/pic/2017-03-31/small8bebcd56fa9552b72a5d0a8b179d7f2b.jpg
- f####.####.com/mm/2017-03-30/small56d145b003629aecb53022699a766e68149085...
- f####.####.com/pic/2017-03-31/small1a7ff492f76ad3c272e71c8775f68d31.jpg
- f####.####.com/pic/2017-03-31/small4453e17632b64dc13816c923eeb8f447.jpg
- f####.####.com/pic/2017-03-31/smallf688776e48f07752e6ea39c7fa0defb7.jpg
- f####.####.com/mm/2017-03-30/small370fbca9e1e94d125d9f29af0565aaee149085...
- f####.####.com/mm/2017-03-30/small18a62044b2b5604ab8edf6e57428c679149085...
- f####.####.com/pic/2017-03-31/small18921350b834b9ba00eedd7f446e5cb4.jpg
- f####.####.com/pic/2017-03-31/small7b0a33301205590e3f7b1d7c2f19a0c1.jpg
Запросы HTTP POST:
- bbb####.com/rtr
- w####.####.com/OsService/OsStrategy
- w####.####.com:10081/OsService/OsStrategy
- j####.####.COM:12956/fsds988d1e7f2c2c/interface.php
- j####.####.COM/fsds988d1e7f2c2c/interface.php
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/databases/download.db-journal
- /sdcard/Download/.top/ss/Damnhb10
- /data/data/####/files/mobclick_agent_cached_####1
- /data/data/####/databases/cc/cc.db-journal
- /data/data/####/files/mySdk.jar
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/files/sss.pdb
- /data/data/####/files/hncm
- /data/data/####/files/hncm.jar
- /data/data/####/databases/cc/cc.db
- /data/data/####/shared_prefs/config.xml
- /data/data/####/shared_prefs/config.xml.bak
- /data/data/####/files/mwpe.png
- /data/data/####/shared_prefs/xapcinfo.xml
- /data/data/####/shared_prefs/phone.xml
Другие:
Запускает следующие shell-скрипты:
- cufsmgr eb47495f7bb
- /system/bin/dexopt --dex 27 44 40 78012 /data/data/####/files/hncm.jar 1232629878 321336163 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework
- cufsdosck ac554db364f
- conbb od2gf04pd9
- /system/bin/dexopt --dex 27 84 40 208900 /data/data/####/files/mySdk.jar 1251311163 2000887099 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framew
- getprop ro.product.cpu.abi
- getprop ro.board.platform
- cat /proc/version
- /system/bin/dexopt --dex 27 52 40 208900 /data/data/####/files/mySdk.jar 1251311163 2000887099 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framew
Может автоматически отправлять СМС-сообщения.
