Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.248.origin
Сетевая активность:
Подключается к:
- h####.####.com
- i####.####.com
- s####.####.cn
- 6####.####.140
- l####.####.com
- m####.####.cn
Запросы HTTP GET:
- m####.####.cn/m/evuuxC3Vx9aDT9RHfFOIJml8dBFZmKMd86VdiQ
- 6####.####.140/ando/i/mon?k=####&d=####
- i####.####.com/ando-res/ads/4/5/d73ab4a4-4c75-43a7-a3c9-5bdabd9437c8/d26...
- s####.####.cn/t?r=####&p=####
Запросы HTTP POST:
- h####.####.com/(unknown)/sys/clientActivation.gy?oh=####&ov=####
- l####.####.com/sdk.php
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/pE8UbfFUuvoFtEsKiGv9XeKM8AAjhz1k.new
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/jmnOXiHsElWQ-MtWwAgAx7Tz4lc=.new
- <Package Folder>/files/uuclient_files/UFsGJV1LxLT6hnwO/qjFNNcIu-rduKcj-.new
- <Package Folder>/databases/uuclient_4tIPxsA0__QmFoi7Z7s_MA_3wfo=-journal
- <Package Folder>/shared_prefs/uuclient_20BdQqfRsHH1CQPqGU-zN5fasXk=.xml
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/fqURYVp8Zt6SD__yif9tIA==.new
- <Package Folder>/files/uuclient_files/TIpOTAhZHVuavVDj/B_T7LWxUigqpuSU4D7h_Xw7lDRCpdrzs
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/5esygk3tlvGE9UuNDOkx1L07PVU=.new
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/2OsDlMUsFYNXnRe8A1J187GWqKvBUM1x.new
- <Package Folder>/files/uuclient_files/u6VSjxz-w3U=/nkfjryfCunHLFihmMzLd669HupPDpCkTJdLMlw==
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/kWApjFQ0TbSWxEP3hid0B2oO258XrcTM.new
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/jmnOXiHsElWQ-MtWwAgAx7Tz4lc=
- <Package Folder>/code-9497126/68MsNpC26HHxt1l4/BlltqTuMj5s=.jar
- <Package Folder>/databases/uuclient_wV2lBeIOKpC1F4jN-journal
- <Package Folder>/files/zh_data/idGBWYy8gfWPHBGI331Zxg==/U3Y8l64LPEV967D0o3uR7kRYuG8=
- <Package Folder>/databases/account.db
- <Package Folder>/files/uuclient_files/Ueq5UDVEpun5U73o/yzFZ6-TNgUPWO1eum4aHsqxlGST-N-85.old
- <Package Folder>/files/zh_data/IUzhXZvxBeEWBpe7_sDyGw==
- <Package Folder>/files/uuclient_files/TIpOTAhZHVuavVDj/FKSO-PTG-6bHG6iKfVdjtUdNFkk=
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/bwQQ0EB_Q6Ce81oMk0OktJjO-DM=.new
- <Package Folder>/databases/uuclient_taqV8ikBAoOIXbuclM-4WEMp_6Y=-journal
- <Package Folder>/shared_prefs/uuclient_j1FBI_eDeBFw-aB8.xml
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/P3DZzQQDRsG6o2yMwksnHS8sTLdyQ0Op8eoFv_y50Ek=.new
- <Package Folder>/shared_prefs/uuclient_rteFMdh6psyiKtZ3tm7QqNi-MgNoLF4XAHYCtg==.xml
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/J24PatNsy9qVfHmMd12Pgp36P81j6Ex9.new
- <Package Folder>/files/zh_data/idGBWYy8gfWPHBGI331Zxg==/runner_info.prop
- <Package Folder>/files/WnLy1KfgEzNRhdxoJaTxsg==/rFL06I9eFW8fCbW-e-ozLssOndU=
- <Package Folder>/files/zh_data/IUzhXZvxBeEWBpe7_sDyGw==.new
- <Package Folder>/databases/uuclient_taqV8ikBAoOIXbuclM-4WEMp_6Y=
- <Package Folder>/databases/uuclient_Kbs3XetlM2SXICbdG56LqA==
- <Package Folder>/files/zh_data/o_S6HoFxxEqDcmoce0N1vQ==/IvGAmCpxv64bLBwKxzNOZg==
- <Package Folder>/shared_prefs/uuclient_G3wN5TAX0UITIDzU3g3JwgeDoVYYcIm8.xml.bak
- <Package Folder>/files/uuclient_files/NDNaaSdLj79P592T/JwxEbIgx4fifvfRccLD6Z3UZmXk=/69385724-0734-461a-b107-9d3022750f16.res
- <Package Folder>/shared_prefs/uuclient_ad_smart_rc_rundata.prefs.xml
- <Package Folder>/shared_prefs/uuclient_ad_smart_ssp_rundata.prefs.xml
- <Package Folder>/shared_prefs/uuclient_arekvX4lfBPlk_Pn7jc7oIDfEHm0ZJJGoXQSxA==.xml
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/2Qsvo_ylo08sfYGAR0xq6kjLH9k8IxoWMrN4dvnB5Z0=.new
- <Package Folder>/files/uuclient_files/NDNaaSdLj79P592T/NNzIXKX-7VnrsDDR/706566d4-a2c3-412c-9c03-a106af79a355.res.temp
- <Package Folder>/files/uuclient_files/NDNaaSdLj79P592T/JwxEbIgx4fifvfRccLD6Z3UZmXk=/fa600ea0-ee11-41d7-8fc4-cc4757d253d5.res
- <Package Folder>/databases/uuclient_27zS238CvcQCnmr8_j2hXA==-journal
- <Package Folder>/databases/uuclient_iKYcoj2cZBcjmdReY-1n2g==-journal
- <Package Folder>/files/zh_data/V3Ro3erFjOIwZKru947bPA==/data.dat.tmp
- <Package Folder>/code-9497126/F2zVCobgeaY6MAmP
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/shared_prefs/uuclient_G3wN5TAX0UITIDzU3g3JwgeDoVYYcIm8.xml
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/UE3rWJAn_HWxhbsg8CUqkDTE1Ux6O-G8.new
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/UE5MLA9pwXZG1eXdCr5iYeyZXj-NOcQbHV_4Uw==.new
- <Package Folder>/databases/uuclient_rYqszvIxWVPhoMGt
- <Package Folder>/files/uuclient_files/NDNaaSdLj79P592T/NNzIXKX-7VnrsDDR/1dff804e-5af0-4503-8a98-f8723a79d4ec.res.temp
- <Package Folder>/files/zh_data/8SGi2j11Xi44bWqDzCUmxw==
- <Package Folder>/databases/uuclient_-WlMEGMeHMbVn-QMOptTXLurFEE=
- <Package Folder>/files/uuclient_files/BRjwlSHO2oQ=/UWASVq0HHXFJYqXtA3e6hA==/2663957e-7c50-4dd1-afbd-49d7adeb2db2.d
- <Package Folder>/files/zh_data/o_S6HoFxxEqDcmoce0N1vQ==/fMwBszcpKUCQ_gjZ
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/ZszPuodaxIUdrWn45rzPrA==.old
- <Package Folder>/shared_prefs/uuclient_ad_smart_sr_rundata.prefs.xml
- <Package Folder>/databases/uuclient_yMZ2PcTyh-B6sJRXUlwF9Q==-journal
- <Package Folder>/databases/uuclient_I9PY9Bfo9OQy4W58-journal
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/NlrfAqQxVUq7Qv5axMNlTOh1VP4=.new
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/bwQQ0EB_Q6Ce81oMk0OktJjO-DM=
- <Package Folder>/files/zh_data/o_S6HoFxxEqDcmoce0N1vQ==/lZd3atgOfFupxaWSuBUENDdeC7k=
- <Package Folder>/files/uuclient_files/MpJNz86z_Dnu5Fmj/dh-o5MsqXMQCHBJBZh-ahcZpWgokQVcWWhBwXA==
- <Package Folder>/shared_prefs/uuclient_aO4B_vpFEVi2L9NpESk0JOh07Os=.xml
- <Package Folder>/databases/uuclient_PT62goNasKVqr0tUP1UeJg==
- <Package Folder>/files/zh_data/TfwdHX6qHv0AkshSW_kmmg==/B2yTqSut4Hgsco5t.zip
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/9P0jDt64s0RRK_NHZ01pEqlmsF_JNEt37wMAEA==.new
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/ZszPuodaxIUdrWn45rzPrA==.new
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/jmnOXiHsElWQ-MtWwAgAx7Tz4lc=.old
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/ZszPuodaxIUdrWn45rzPrA==
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/wMnfFdjmE7Kyv33bRmaCUryKuwEedQvR.new
- <Package Folder>/files/uuclient_files/Ueq5UDVEpun5U73o/yzFZ6-TNgUPWO1eum4aHsqxlGST-N-85
- <Package Folder>/files/uuclient_files/vR48I2IAv5GNfwRrMoe0zA==/daemon_exe
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/q1Bf--uaGHnL3ftZVU0QfUtxrVo3JQ5XKEjQMY919dg=.new
- <Package Folder>/databases/uuclient_Kbs3XetlM2SXICbdG56LqA==-journal
- <Package Folder>/databases/uuclient_I9PY9Bfo9OQy4W58
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/NlrfAqQxVUq7Qv5axMNlTOh1VP4=
- <Package Folder>/files/zh_data/fprPQ1iT2-2slPBUUZNsNnKkMPYU24F_
- <Package Folder>/files/uuclient_files/u6VSjxz-w3U=/KnYofbnAhLaX2h9QIeiL5K1mS8X6G1s5VxChKw==
- <Package Folder>/files/uuclient_files/u6VSjxz-w3U=/8hh3_g_s5s3baE_zit8MjhU4IgJaUO2HPrf3ag==
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/databases/uuclient_4tIPxsA0__QmFoi7Z7s_MA_3wfo=
- <Package Folder>/shared_prefs/uuclient_D5oBCDtqlY5fHT4_W3I6hgaQnauuMXKeSfAD2Q==.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/databases/uuclient_wV2lBeIOKpC1F4jN
- <Package Folder>/files/uuclient_files/BRjwlSHO2oQ=/JCYJQ-OOoEM3wZjZoLrWUQ==
- <Package Folder>/files/uuclient_files/Ueq5UDVEpun5U73o/yzFZ6-TNgUPWO1eum4aHsqxlGST-N-85.new
- <Package Folder>/shared_prefs/uuclient_ad_smart_strip_rundata.prefs.xml
- <Package Folder>/databases/uuclient_-WlMEGMeHMbVn-QMOptTXLurFEE=-journal
- <Package Folder>/files/uuclient_files/NDNaaSdLj79P592T/NNzIXKX-7VnrsDDR/619f02a5-0662-4573-b6b2-b58ee8db474a.res.temp
- <Package Folder>/shared_prefs/uuclient_Rx5MmlgW-7BfuUsPcMp-tQ==.xml
- <Package Folder>/databases/account.db-journal
- <Package Folder>/databases/uuclient_rYqszvIxWVPhoMGt-journal
- <Package Folder>/files/uuclient_files/goriavD6mgknW24EeqhM-g==/dwfGIbl3e1vbgOkgx8Fddmd9igSe6t4Pd7pyDQ==.new
- <Package Folder>/shared_prefs/uuclient_4UXG7oGA-Y1QEyc_eYpAX7qUdxo=.xml
- <Package Folder>/databases/uuclient_PT62goNasKVqr0tUP1UeJg==-journal
- <Package Folder>/databases/uuclient_27zS238CvcQCnmr8_j2hXA==
- <Package Folder>/shared_prefs/uuclient_aAkaNlu8V1xDBQxOZ7WQKN9TXL0=.xml
Другие:
Запускает следующие shell-скрипты:
- sh ./daemon_exe com.wanjiang.jyyh.wu
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- ./daemon_exe com.wanjiang.jyyh.wu
- /data/data/####/code-9497126/F2zVCobgeaY6MAmP -p #### -c com.wanjiang.jyyh.chgkdw.a.f.a -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- sh <Package Folder>/code-9497126/F2zVCobgeaY6MAmP -p <Package> -c com.wanjiang.jyyh.chgkdw.a.f.a -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- <dexopt>
Может автоматически отправлять СМС-сообщения.
