Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.MobiDash.1.origin
Сетевая активность:
Подключается к:
- a####.####.mobi
- a####.####.com
- r####.####.com
Запросы HTTP GET:
- r####.####.com/exchange/rtb/ad/2c9d2b4f015b5b10318d116acde8011e?mode=###...
- r####.####.com/nad?v1=####&model=####&adr=####&dx=####&v4=####&dy=####&v...
- r####.####.com/exchange/rtb/ad/2c9d2b50015b5b0ffef7113b979600b7?mode=###...
- r####.####.com/2.0/ad?v1=####&model=####&adr=####&etf=####&dx=####&v4=##...
- a####.####.com/m/ad?id=####&nsv=####&dn=####&bundle=####&q=####&z=####&o...
- r####.####.com/exchange/rtb/ad/2c9d2b4f015b5b10318d116a3fd6011a?mode=###...
- a####.####.com/m/open?v=####&id=####&av=####&udid=####&dnt=####
- r####.####.com/2.0/ad?v1=####&model=####&adr=####&dx=####&v4=####&dy=###...
- r####.####.com/exchange/rtb/ad/2c9d2b4f015b5b10318d113a7ee700c5?mode=###...
- a####.####.com/m/ad?v=####&id=####&nv=####&dn=####&bundle=####&q=####&z=...
- a####.####.mobi/getAd?apid=####&ua=####&hswd=####&hsht=####&uip=####&sdk...
Запросы HTTP POST:
- r####.####.com/device?api_key=####
- a####.####.com/admax/sdk/report/2?dcn=####
- r####.####.com/pix?event=####&ts=####&platform=####&model=####&package_n...
- a####.####.com/admax/sdk/playlist/1
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970391-0001-0830-EB6ADD652ADFSessionOS.cls_temp
- <Package Folder>/shared_prefs/com.applovin.sdk.1.xml.bak
- <Package Folder>/code_cache/secondary-dexes/MultiDex.lock
- <Package Folder>/shared_prefs/com.facebook.internal.preferences.APP_SETTINGS.xml
- <Package Folder>/shared_prefs/com.tune.ma.profile.xml
- <Package Folder>/shared_prefs/com.google.android.gms.analytics.prefs.xml
- <Package Folder>/files/.com.millennialmedia/.reporting/request_e71d3843-5c51-45e5-b9d0-0fedd0af6f38.tmp
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/com.crashlytics.prefs.xml
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970391-0001-0830-EB6ADD652ADFSessionDevice.cls_temp
- <Package Folder>/files/gaClientId
- <Package Folder>/shared_prefs/admob.xml
- <Package Folder>/shared_prefs/com.applovin.sdk.impl.postbackQueue.domain.xml
- <Package Folder>/shared_prefs/mopubSettings.xml
- <Package Folder>/shared_prefs/com.mobileapptracking.xml.bak
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics.tap.tmp
- <Package Folder>/shared_prefs/com.google.android.gms.analytics.prefs.xml.bak
- <Package Folder>/files/.com.millennialmedia/.reporting/request_53c33189-fc35-495d-8964-58f755127486.tmp
- <Package Folder>/files/.com.millennialmedia/.reporting/request_9f1ba729-22e0-4915-97ae-ad78b43fd6a8.tmp
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;io.fabric.sdk.android.l.xml
- <Package Folder>/files/.com.millennialmedia/.reporting/siteid
- <Package Folder>/code_cache/secondary-dexes/tmp-<Package>-1.apk.classes-1302279432.zip
- <Package Folder>/shared_prefs/storedData.xml
- <Package Folder>/shared_prefs/com.applovin.sdk.1.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.attributionTracking.xml
- <Package Folder>/files/file
- <Package Folder>/files/AdjustIoActivityState
- <Package Folder>/app_app_apk/solitaireGooglePlay.dat.jar
- <Package Folder>/shared_prefs/com.facebook.ads.FEATURE_CONFIG.xml
- <Package Folder>/shared_prefs/storedData.xml.bak
- <Package Folder>/shared_prefs/SDKIDFA.xml
- <Package Folder>/shared_prefs/mat_queue.xml
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970391-0001-0830-EB6ADD652ADFSessionApp.cls_temp
- <Package Folder>/shared_prefs/com.mobileapptracking.xml
- <Package Folder>/shared_prefs/AmazonMobileAds.xml
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/cache/1478228129219.jar
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android;answers;settings.xml
- <Package Folder>/cache/1478228129219.tmp
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics_to_send/sa_8c8be21b-71f0-48b7-9123-6d89c59209a8_1495006104749.tap
- <Package Folder>/files/.com.millennialmedia/.reporting/request_c9e995f2-261e-4077-9876-1a23591e1eff.tmp
- <Package Folder>/shared_prefs/mat_queue.xml.bak
- <Package Folder>/files/.yflurrydatasenderblock.079d0adc-456a-4bdd-9182-bfaea6dd4886
- <Package Folder>/files/.YFlurrySenderIndex.info.AnalyticsMain
- <Package Folder>/shared_prefs/com.applovin.sdk.impl.postbackQueue.domain.xml.bak
- <Package Folder>/files/.com.millennialmedia/.reporting/request_b826a21c-e591-45a4-ad1a-3c8ec2b62283.tmp
- <Package Folder>/cache/ApplicationCache.db-journal
- <Package Folder>/code_cache/secondary-dexes/tmp-<Package>-1.apk.classes913979117.zip
- <Package Folder>/files/AdjustIoPackageQueue
- <Package Folder>/shared_prefs/FBAdPrefs.xml
- <Package Folder>/files/.Fabric/io.fabric.sdk.android;fabric/com.crashlytics.settings.json
- <Package Folder>/files/.com.millennialmedia/.reporting/request_b9489eb3-7bb4-4043-b9aa-7c10d23d7e92.tmp
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/initialization_marker
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics.tap
- <Package Folder>/files/.com.millennialmedia/.reporting/request_c224f081-9e8b-4a74-ad8a-8971ce7d1ecc.tmp
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970391-0001-0830-EB6ADD652ADFBeginSession.cls_temp
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android.crashlytics-core;com.crashlytics.android.core.CrashlyticsCore.xml
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics_to_send/sa_5d453066-588d-4104-a139-7596d5f8d27c_1495006105708.tap
- <Package Folder>/shared_prefs/com.facebook.sdk.appEventPreferences.xml
- <Package Folder>/files/.YFlurrySenderIndex.info.AnalyticsData_VT6J6PCZFYXWFGNMY2JW_239
- <Package Folder>/files/.com.millennialmedia/handshake.json
- <Package Folder>/shared_prefs/TwitterAdvertisingInfoPreferences.xml
- <Package Folder>/databases/google_analytics_v4.db-journal
- <Package Folder>/files/AdjustAttribution
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/webviewCacheChromium/data_0
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
Может автоматически отправлять СМС-сообщения.
