Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.20
Загружает из Интернета следующие детектируемые угрозы:
- Android.Xiny.20
Сетевая активность:
Подключается к:
- a####.####.com
- b####.####.cn
- d####.####.cn
- o####.####.com
Запросы HTTP GET:
- d####.####.cn/jarFile/SDKAutoUpdate/giantt.jar
Запросы HTTP POST:
- a####.####.com/app_logs
- b####.####.cn/cw/cp.action?requestId=####&g=####
- o####.####.com/v2/check_config_update
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/databases/downloadswc
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/.YFlurrySenderIndex.info.AnalyticsData_THD5YZRW33SZQCBK5CGK_216
- <Package Folder>/files/.YFlurrySenderIndex.info.AnalyticsMain
- <Package Folder>/files/.imprint
- <Package Folder>/files/.yflurrydatasenderblock.3f8e8681-20be-41d8-acfc-962bc939518b
- <Package Folder>/files/.yflurryreport.-1d01022d7598f25c
- <Package Folder>/files/AppEventsLogger.persistedevents
- <Package Folder>/files/black.data
- <Package Folder>/files/blocked.data
- <Package Folder>/files/mobclick_agent_cached_<Package>2017011201
- <Package Folder>/files/ping.dat
- <Package Folder>/files/servers.dat
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/files/user_info.dat
- <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/a.xml
- <Package Folder>/shared_prefs/app.prefs.xml
- <Package Folder>/shared_prefs/com.facebook.internal.preferences.APP_SETTINGS.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.appEventPreferences.xml
- <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml.bak
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml.bak (deleted)
- <Package Folder>/shared_prefs/onlineconfig_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak (deleted)
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/journal
- <SD-Card>/Android/####/journal.tmp
- <SD-Card>/Download/####/4.5_giantt.jar.tmp
- <SD-Card>/dt/restime.dat
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
- <error:2>
- ping -c 1 -w 1 124-147-172-163.rev.cloud.scaleway.com
- ping -c 1 -w 1 128.199.143.141
- ping -c 1 -w 1 128.199.219.131
- ping -c 1 -w 1 128.199.245.239
- ping -c 1 -w 1 138.197.130.150
- ping -c 1 -w 1 138.197.14.20
- ping -c 1 -w 1 138.197.148.84
- ping -c 1 -w 1 138.197.150.251
- ping -c 1 -w 1 138.197.159.103
- ping -c 1 -w 1 138.197.203.131
- ping -c 1 -w 1 138.197.214.113
- ping -c 1 -w 1 138.68.164.226
- ping -c 1 -w 1 138.68.224.23
- ping -c 1 -w 1 139.59.12.191
- ping -c 1 -w 1 139.59.155.218
- ping -c 1 -w 1 139.59.247.95
- ping -c 1 -w 1 139.59.26.200
- ping -c 1 -w 1 139.59.28.195
- ping -c 1 -w 1 139.59.6.147
- ping -c 1 -w 1 178.62.12.127
- ping -c 1 -w 1 178.62.19.246
- ping -c 1 -w 1 178.62.200.168
- ping -c 1 -w 1 178.62.214.164
- ping -c 1 -w 1 178.62.47.52
- ping -c 1 -w 1 188.166.82.100
- ping -c 1 -w 1 188.166.82.106
- ping -c 1 -w 1 193.183.98.218
- ping -c 1 -w 1 207.154.198.159
- ping -c 1 -w 1 207.154.198.99
- ping -c 1 -w 1 207.154.200.228
- ping -c 1 -w 1 45.76.216.109.vultr.com
- ping -c 1 -w 1 55-167-172-163.rev.cloud.scaleway.com
