Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Loki.15.origin
- Android.DownLoader.533.origin
- Android.Loki.10.origin
Сетевая активность:
Подключается к:
- s####.####.com
- re####.####.com
- 3####.####.104
- i####.####.com
- n####.####.com
- a####.####.com
Запросы HTTP GET:
- a####.####.com/video/categoryname?sextype=####
- a####.####.com/images/category/3.jpg
- a####.####.com/video/homerecommend?recommendtime=####&tags=####&&sextype...
- i####.####.com/preview/4b/4b1c04b6a485d0d04b616fdab412de37_380x214.jpg
- a####.####.com/video/collection?id=####&page=####&sextype=####
- a####.####.com/images/category/2.jpg
- a####.####.com/images/category/24.jpg
- a####.####.com/images/category/vip.jpg
- n####.####.com/setting?app_id=####&sign=####
- a####.####.com/images/category/75.jpg
- a####.####.com/video/homerecommend?tags=####&&sextype=####
- re####.####.com/ad/find?platform=####&os_version=####&package_name=####&...
- a####.####.com/images/category/23.jpg
- a####.####.com/images/category/35.jpg
- i####.####.com/preview/09/093bba1f73b1e15f97c41e71978d9b7d_380x214.jpg
- i####.####.com/preview/9e/9ec8e23beb24ece2ef89b87ebce0d4f4_380x214.jpg
- i####.####.com/preview/90/90e842ea24a2b2f27c6c9e7212e1a458_380x214.jpg
- a####.####.com/images/category/04beac16467909712c10454746873398.jpg
- a####.####.com/push/message
- a####.####.com/images/category/31.jpg
- s####.####.com/log/base?appid=####&type=####
- a####.####.com/config/tsxfm
- a####.####.com/images/category/cate1.jpg
- i####.####.com/preview/9b/9b6f49ff8a263edd3743a33c3a9d52c0_380x214.jpg
- a####.####.com/group2/M00/04/9F/ClE5B1c13NuASl7tAZIYTULuE6c517.mp4?t=###...
- a####.####.com/config/init
- a####.####.com/images/category/54.jpg
- a####.####.com/config/ads_strategy?adsType=####
- a####.####.com/video/detailinfo?id=####
- 3####.####.104/group2/M00/04/9F/ClE5B1c13NuASl7tAZIYTULuE6c517.mp4?t=###...
- a####.####.com/source/query?appid=####
Запросы HTTP POST:
- s####.####.com/log/frabtek?appid=####
- s####.####.com/log/event?appid=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/shared_prefs/settings.xml.bak
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E7901FA-0001-0741-1649519AAB15SessionDevice.cls_temp
- /sdcard/Android/data/####/cache/uil-images/1cx69h1r0l7yl7irmi2iwpgub0.tmp
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087EB4029F-0001-09D7-1649519AAB15BeginSession.cls_temp
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics_to_send/sa_31cf031b-6383-4b72-add2-43100ce32176_1493728943111.tap
- /data/data/####/files/ryitlzm/libpAYTzlXJzIKnYayqlala.so
- /data/data/####/shared_prefs/com.google.android.gms.analytics.prefs.xml.bak
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E8A00FE-0001-08A6-1649519AAB15SessionOS.cls_temp
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E7901FA-0001-0741-1649519AAB15SessionUser.cls_temp
- /data/data/####/shared_prefs/ADSTRATEGY.xml
- /data/data/####/shared_prefs/multidex.version.xml
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087EB4029F-0001-09D7-1649519AAB15SessionDevice.cls_temp
- /sdcard/Android/data/####/cache/uil-images/12hmywb9zas783diqo1zw9eri0.tmp
- /sdcard/.sysAndroid/sys
- /data/data/####/databases/webview.db-journal
- /data/data/####/databases/downloads.db-journal
- /data/data/####/shared_prefs/com.nativedroid.module.offerprobe.xml
- /sdcard/Android/data/####/cache/uil-images/7185go04gc4alrma2vudywulz0
- /sdcard/Android/data/####/cache/uil-images/4begq2yudhbud10zj8pkb4waq0.tmp
- /data/data/####/files/gaClientId
- /sdcard/Android/data/####/cache/uil-images/6d1jd1g5e5fabm0eds539wvlc0.tmp
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics_to_send/sa_50768f64-173d-44f3-81ba-701369bc4dcd_1493728888826.tap
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics.tap
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087EAE012E-0001-0976-1649519AAB15SessionDevice.cls_temp
- /data/data/####/shared_prefs/com.crashlytics.prefs.xml
- /sdcard/Android/data/####/cache/data/1532574993-2871-en_US.0
- /data/data/####/shared_prefs/com.facebook.ads.FEATURE_CONFIG.xml
- /data/data/####/app_indicators/indicator_p
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087EAE012E-0001-0976-1649519AAB15SessionApp.cls_temp
- /data/data/####/files/ebAlINmpirWDlleAbt.dex
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E7901FA-0001-0741-1649519AAB15BeginSession.cls_temp
- /data/data/####/files/ryitlzm/libGHbCCzRlvZUnJzWvzxc.so
- /data/data/####/databases/viewrecord.db-journal
- /sdcard/Android/data/####/cache/uil-images/1mc0w63u7ouyzwl82gxv3hukm0
- /sdcard/Android/data/####/cache/data/journal
- /sdcard/Android/data/####/cache/uil-images/journal
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E780283-0001-0718-1649519AAB15SessionApp.cls_temp
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E780283-0001-0718-1649519AAB15BeginSession.cls_temp
- /sdcard/Android/data/####/cache/uil-images/4l6kd8o2anel2kh3ik3p38rkq0
- /data/data/####/shared_prefs/com.google.android.gms.analytics.prefs.xml
- /data/data/####/shared_prefs/track_user_behavior.xml
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087EAE012E-0001-0976-1649519AAB15SessionOS.cls_temp
- /data/data/####/shared_prefs/SDKIDFA.xml
- /sdcard/Android/data/####/cache/data/1532574962-2871-en_US.0
- /data/data/####/files/ryitlzm/libdoLjpEgprcPFTWtjdynamicloader.so
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics_to_send/sa_8a23f776-3cbd-42dc-a8ff-95d747da8372_1493728889921.tap
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E8A00FE-0001-08A6-1649519AAB15SessionApp.cls_temp
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E8A00FE-0001-08A6-1649519AAB15SessionUser.cls_temp
- /data/data/####/files/pAYTzlXJzIKnYayqlala.jar
- /sdcard/Android/data/####/cache/uil-images/27yghi8cmjn8isvi0nnr6jg2z0.tmp
- /sdcard/Android/data/####/cache/uil-images/nd91bijnjbtrgtaki2yid40s0.tmp
- /data/data/####/shared_prefs/sdk_scl_pid_config.xml
- /sdcard/Android/data/####/cache/.nomedia
- /data/data/####/shared_prefs/XHubs.xml
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087EB4029F-0001-09D7-1649519AAB15SessionOS.cls_temp
- /sdcard/Android/data/####/cache/uil-images/2vk9nlgb3m4d9ft9l7473jbi70.tmp
- /data/data/####/files/log/crash_log
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087EAE012E-0001-0976-1649519AAB15SessionUser.cls_temp
- /data/data/####/files/ebAlINmpirWDlleAbt.jar
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E780283-0001-0718-1649519AAB15SessionUser.cls_temp
- /data/data/####/shared_prefs/TwitterAdvertisingInfoPreferences.xml
- /data/data/####/shared_prefs/settings.xml
- /data/data/####/databases/ob_analytics.db-journal
- /data/data/####/shared_prefs/BASE.xml
- /data/data/####/shared_prefs/BASE.xml.bak
- /data/data/####/files/doLjpEgprcPFTWtjdynamicloader.jar
- /data/data/####/shared_prefs/onemobile_analytics.xml
- /data/data/####/files/ZOLvMoxbvDHzOTJGdaemon.so
- /sdcard/Android/data/####/cache/data/-1607542805-2871-en_US.0
- /sdcard/XHubs/.nomedia
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E7901FA-0001-0741-1649519AAB15SessionApp.cls_temp
- /data/data/####/shared_prefs/FBAdPrefs.xml
- /data/data/####/databases/categorycount.db-journal
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E8A00FE-0001-08A6-1649519AAB15SessionDevice.cls_temp
- /sdcard/Android/data/####/cache/data/journal.tmp
- /sdcard/Android/data/####/cache/uil-images/66l7cqtwe6lcx9sd9taeqg8ge0.tmp
- /data/data/####/files/GHbCCzRlvZUnJzWvzxc.jar
- /data/data/####/shared_prefs/com.crashlytics.sdk.android;answers;settings.xml
- /data/data/####/databases/favoritelist.db-journal
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087EAE012E-0001-0976-1649519AAB15BeginSession.cls_temp
- /sdcard/Android/data/####/cache/data/1897200700-2871-en_US.0
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/initialization_marker
- /sdcard/Android/data/####/cache/data/-1231584312-2871-en_US.0
- /data/data/####/files/ryitlzm/libebAlINmpirWDlleAbt.so
- /sdcard/Android/data/####/cache/data/1532575086-2871-en_US.0
- /sdcard/Android/data/####/cache/uil-images/386vhre60g7923teje6qztb0i0
- /data/data/####/shared_prefs/1mobile_ads_settings.xml
- /data/data/####/app_indicators/indicator_d
- /sdcard/Android/data/####/cache/data/631260778-2871-en_US.0
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/files/libLboaKIvFpPEXUspkbootstrap.so
- /data/data/####/files/.Fabric/io.fabric.sdk.android;fabric/com.crashlytics.settings.json
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E7901FA-0001-0741-1649519AAB15SessionOS.cls_temp
- /sdcard/Android/data/####/cache/data/1532574931-2871-en_US.0
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E8A00FE-0001-08A6-1649519AAB15BeginSession.cls_temp
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E780283-0001-0718-1649519AAB15SessionOS.cls_temp
- /data/data/####/databases/google_analytics_v4.db-journal
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087EB4029F-0001-09D7-1649519AAB15SessionApp.cls_temp
- /data/data/####/databases/sp_db-journal
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/59087E780283-0001-0718-1649519AAB15SessionDevice.cls
- /data/data/####/files/log/agent_log
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics_to_send/sa_0e949559-aaff-4399-9b92-02c6a3aaaf69_1493728889797.tap
- /sdcard/Android/data/####/cache/uil-images/3tep16fmvexsxpj52um49rvh70.tmp
- /sdcard/.googlex9/.xamdecoq0962
- /data/data/####/shared_prefs/io.fabric.sdk.android;fabric;b.a.a.a.u.xml
- /data/data/####/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics.tap.tmp
- /data/data/####/shared_prefs/android-lockpattern_a6eedbe5-1cf9-4684-8134-ad4ec9f6a131.xml.bak
- /sdcard/Android/data/####/cache/data/1532575055-2871-en_US.0
- /sdcard/Android/data/####/cache/uil-images/4ak2csz5auast3mcn5dapjzqp0.tmp
- /sdcard/Android/data/####/cache/uil-images/journal.tmp
- /sdcard/Android/data/####/cache/uil-images/1leth08zbfmrymvna4hks9nvq0.tmp
- /data/data/####/shared_prefs/android-lockpattern_a6eedbe5-1cf9-4684-8134-ad4ec9f6a131.xml
- /sdcard/Android/data/####/cache/uil-images/1a5fo2qxzg9wzu2fsq0kd3uq70.tmp
Другие:
Запускает следующие shell-скрипты:
- /system/bin/dexopt --dex 27 45 40 799732 /data/data/####/files/pAYTzlXJzIKnYayqlala.jar 1251241783 788561170 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/fram
- /system/bin/dexopt --dex 27 51 40 30568 /data/data/####/files/doLjpEgprcPFTWtjdynamicloader.jar 1251241769 2065674270 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /sy
- /system/bin/dexopt --dex 27 54 40 35056 /data/data/####/files/ebAlINmpirWDlleAbt.jar 1250721955 -1090894027 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/frame
- /system/bin/dexopt --dex 27 45 40 1220 /data/data/####/files/GHbCCzRlvZUnJzWvzxc.jar 1251241783 -551504757 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framew
Может автоматически отправлять СМС-сообщения.
