Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Mixi.16.origin
- Android.Mixi.13.origin
Сетевая активность:
Подключается к:
- g####.####.com
- i####.####.com
- o####.####.com
- p####.####.com
- d####.####.com
- api####.####.com
- l####.####.com
- m####.####.com
- a####.####.com
Запросы HTTP GET:
- i####.####.com/2/article/extensions/v3/?iid=####&device_id=####&ac=####&...
- i####.####.com/service/3/app_components/?screen_type=####&iid=####&devic...
- l####.####.com/collect/applog/v3/settings/?ac=####&channel=####&aid=####...
- i####.####.com/article/content/13/1/6421484031749144833/6421488971313840...
- i####.####.com/2/article/hot_words/?iid=####&device_id=####&ac=####&chan...
- p####.####.com/list/190x124/216d00159c709ca84324.webp
- l####.####.com/large/e5800106503a62d7d01
- i####.####.com/follow/update/tips/?update_time=####&update_version=####&...
- l####.####.com/2/user/info/?ac=####&channel=####&aid=####&app_name=####&...
- g####.####.com/cr/sdk/goplaysdk_statistics_method.dat
- i####.####.com/service/1/app_activity/?view_cursor=####&iid=####&device_...
- m####.####.com/monitor/settings/?ac=####&channel=####&aid=####&app_name=...
- p####.####.com/large/41100086b9219c08ef8
- l####.####.com/service/2/app_alert/?has_market=####&lang=####&carrier=##...
- i####.####.com/2/article/city/?ac=####&channel=####&aid=####&app_name=##...
- i####.####.com/article/content/13/1/6421731845759648001/6421734673654743...
- l####.####.com/service/2/app_notify/?allow_notify=####&leave_time=####&i...
- i####.####.com/entry/subscription_list/v1/?req_type=####&iid=####&device...
- p####.####.com/list/190x124/21320005190f5b3e04a3.webp
- l####.####.com/large/16ab00084889329b3e98
- i####.####.com/promotion/app/lt/?iid=####&device_id=####&ac=####&channel...
- p####.####.com/list/190x124/212c0004aef936e243b2.webp
- l####.####.com/feedback/2/list/?appkey=####&count=####&iid=####&device_i...
- i####.####.com/article/content/13/1/6348626333266460930/6421463513734054...
- l####.####.com/site/download/app/pl/news_article/5760/ss_plugin.json?upd...
- p####.####.com/list/190x124/216d00164520d2a2d5c2.webp
- d####.####.com/get_domains/v4/?ac=####&channel=####&aid=####&app_name=##...
- i####.####.com/article/content/13/1/6421677364871315714/6421679755799560...
- l####.####.com/2/user/info/?iid=####&device_id=####&ac=####&channel=####...
- l####.####.com/large/e590013c4f5f0ed36c8
Запросы HTTP POST:
- api####.####.com/v3/log/init
- l####.####.com/service/2/app_log_config/?ac=####&channel=####&aid=####&a...
- i####.####.com/service/1/refresh_ad/?ac=####&channel=####&aid=####&app_n...
- i####.####.com/service/1/collect_settings/?iid=####&device_id=####&ac=##...
- g####.####.com/cr/sv/getEPList
- i####.####.com/article/category/sort/v1/?ac=####&channel=####&aid=####&a...
- i####.####.com/stream/widget/interest/1/conf_words?iid=####&device_id=##...
- o####.####.com/v2/get_update_time
- i####.####.com/service/1/z_app_stats/?iid=####&device_id=####&ac=####&ch...
- l####.####.com/service/2/app_log_config/?iid=####&device_id=####&ac=####...
- i####.####.com/article/category/get_subscribed/v1/?ac=####&channel=####&...
- o####.####.com/v2/check_config_update
- i####.####.com/api/news/feed/v45/?ac=####&channel=####&aid=####&app_name...
- a####.####.com/app_logs
- d####.####.com/xs.gif?k=####&iv=####&c=####&dm=####&ac=####&s=####
- i####.####.com/location/suloin/?ac=####&channel=####&aid=####&app_name=#...
- i####.####.com/service/14/app_ad/?_unused=####&carrier=####&mcc_mnc=####...
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/files/1495005894311.jar
- /data/anr/traces.txt
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/databases/ss_app_log.db-journal
- <Package Folder>/shared_prefs/app_track.xml
- <Package Folder>/files/ss_plugins/tempimage248194954.tmp
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/files/us.gTUmYrU29PRdR4R6yu7801WO9RKg6
- <Package Folder>/files/1495005888759_cgr.so
- <Package Folder>/PreExcuModsInfo.txt
- <Package Folder>/shared_prefs/push_setting.xml
- <Package Folder>/databases/feedback.db-journal
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/ReadyHost.txt
- <Package Folder>/cache/ss-http-cache-v2/247761a052c97c955fa442a874996b0c.0.tmp
- <Package Folder>/databases/ss_push_log.db
- <Package Folder>/shared_prefs/multi_process_config.xml.bak
- <Package Folder>/shared_prefs/event_setting_config.xml
- <Package Folder>/cache/image_cache/v2.ols100.1/62/AecNqkI0iER_CW7IB21RsUxQSCU.-837593241.tmp
- <Package Folder>/files/mobclick_agent_cached_<Package>583
- <Package Folder>/cache/image_cache/v2.ols100.1/65/Jq1i38MJ3NXI710DdOH36eRVJbM.-188691576.tmp
- <Package Folder>/shared_prefs/applog_stats.xml
- <Package Folder>/files/ssLib/liblive_chat.so
- <Package Folder>/XmSmLockFile.txt
- <Package Folder>/shared_prefs/AppStore.xml
- <Package Folder>/cache/ss-http-cache-v2/247761a052c97c955fa442a874996b0c.1.tmp
- <Package Folder>/shared_prefs/mipush.xml.bak
- <Package Folder>/shared_prefs/app_log_encrypt_switch_count.xml.bak
- <Package Folder>/shared_prefs/plugin_update_info.xml
- <Package Folder>/shared_prefs/ss_location.xml
- <Package Folder>/shared_prefs/misc_config.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/mipush_extra.xml
- <Package Folder>/shared_prefs/main_app_settings.xml.bak
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml.bak
- <Package Folder>/databases/ss_push_log.db-journal
- <Package Folder>/files/us.T17FY4m87RSIUTGZ3NfuewV7QLJ45
- <Package Folder>/files/__local_stat_cache.json
- <Package Folder>/databases/core_event.db-journal
- <Package Folder>/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
- <Package Folder>/shared_prefs/custom_channels.xml
- <Package Folder>/cache/ss-http-cache-v2/journal
- <Package Folder>/shared_prefs/ss_splash_ad.xml.bak
- <Package Folder>/shared_prefs/com.ss.spipe_setting.xml
- <Package Folder>/shared_prefs/snssdk_openudid.xml
- <Package Folder>/shared_prefs/ss_splash_ad.xml
- <Package Folder>/files/us.3aFT7gr1sQiEIpmZ3r213ML3U6j3x
- <Package Folder>/shared_prefs/ss_app_config.xml.bak
- <Package Folder>/files/gTUmYrU29.jar
- <Package Folder>/app_file_dex/MasterControl.jar
- <Package Folder>/shared_prefs/app_log_encrypt_switch_count.xml
- <Package Folder>/cache/image_cache/v2.ols100.1/35/HkO83deo0Ic46x4TEC99WSCelh0.573871708.tmp
- <Package Folder>/cache/image_cache/v2.ols100.1/17/yGXZ0FZ-NzfQRr9Vm4kbBnQjcQM.-763221587.tmp
- <Package Folder>/shared_prefs/main_app_settings.xml
- <Package Folder>/files/libcuid.so
- <Package Folder>/shared_prefs/multi_process_config.xml
- <Package Folder>/cache/load_dex.tmp
- <Package Folder>/shared_prefs/app_setting.xml.bak
- <Package Folder>/shared_prefs/last_know_location.xml
- <Package Folder>/shared_prefs/ss_refresh_ad.xml
- <Package Folder>/databases/lib_log_queue.db-journal
- <Package Folder>/shared_prefs/app_setting.xml
- <Package Folder>/files/ss_plugins/ss_plugin.json
- <Package Folder>/shared_prefs/mipush.xml
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/shared_prefs/ss_app_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/__local_ap_info_cache.json
- <Package Folder>/cache/ss-http-cache-v2/f3e45ac0fe4438b553b39cc22615be16.0
- <Package Folder>/cache/ss-http-cache-v2/f3e45ac0fe4438b553b39cc22615be16.1
- <Package Folder>/files/.imprint
- <Package Folder>/shared_prefs/hijack_info.xml
- <Package Folder>/files/secondary-dexes/<Package>-1.apk.classes-646668077.zip
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/files/secondary-dexes/<Package>-1.apk.classes248194954.zip
- <Package Folder>/databases/article.db-journal
Другие:
Запускает следующие shell-скрипты:
- sh <Package Folder>/files/us.3aFT7gr1sQiEIpmZ3r213ML3U6j3x -h c48756b39e9e402ca3e1026d88799eaa <Package Folder>/.syslib-
- sh <Package Folder>/lib/libsupervisor.so <Package> com.ss.android.message.NotifyService <Package>:push <Package Folder> 0
- getprop ro.build.version.emui
- getenforce
- sh -c /system/usr/toolbox rm -f <Package Folder>/files/us.T17FY4m87RSIUTGZ3NfuewV7QLJ45 > /dev/null 2>&1
- sh -c /system/usr/toolbox rm -f <Package Folder>/files/gTUmYrU29.jar > /dev/null 2>&1
- chmod 0771 /data/data/####/.syslib-
- <dexopt>
- sh -c /system/usr/toolbox rm -f <Package Folder>/files/gTUmYrU29.dex > /dev/null 2>&1
- sh <Package Folder>/files/us.T17FY4m87RSIUTGZ3NfuewV7QLJ45 -h c48756b39e9e402ca3e1026d88799eaa <Package Folder>/.syslib-
- /data/data/####/files/us.gTUmYrU29PRdR4R6yu7801WO9RKg6 -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
- chmod 0771 <Package Folder>/.syslib-
- /data/data/####/files/us.3aFT7gr1sQiEIpmZ3r213ML3U6j3x -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
- getprop persist.vivo.multiwindow
- sh <Package Folder>/files/us.gTUmYrU29PRdR4R6yu7801WO9RKg6 -h c48756b39e9e402ca3e1026d88799eaa <Package Folder>/.syslib-
- /data/data/####/files/us.T17FY4m87RSIUTGZ3NfuewV7QLJ45 -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
- getprop persist.vivo.multiwindow_active
- /data/data/####/lib/libsupervisor.so #### com.ss.android.message.NotifyService ####:push /data/data/#### 0
Может автоматически отправлять СМС-сообщения.
