Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.226.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Triada.226.origin
Сетевая активность:
Подключается к:
- 6####.####.140
- i####.####.com
- p####.####.cc
- p####.####.com
Запросы HTTP GET:
- 6####.####.140/ando/i/mon?k=####&d=####
- i####.####.com/ando-res/ads/3/2/eff3c843-7d88-43f5-8d7e-c94c4a29226a/e1c...
- p####.####.com/sdkMis/getRdoUrl
Запросы HTTP POST:
- p####.####.cc/index.php/MC/LP
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_dex02558/apk.dex (deleted)
- <Package Folder>/app_dex02784/apk.dex (deleted)
- <Package Folder>/app_dex07258/apk.dex (deleted)
- <Package Folder>/app_tongyu/####/tongyu-pay-lib.apk
- <Package Folder>/app_tpservice/qsha_80001_5096.dex
- <Package Folder>/app_workbench11466/apk.zip
- <Package Folder>/app_workbench11852/apk.zip
- <Package Folder>/app_workbench17152/apk.zip
- <Package Folder>/app_workbench17298/apk.zip
- <Package Folder>/app_workbench22598/apk.zip
- <Package Folder>/app_workbench28044/apk.zip
- <Package Folder>/app_workbench50534/apk.zip
- <Package Folder>/app_workbench55980/apk.zip
- <Package Folder>/app_workbench56366/apk.zip
- <Package Folder>/app_workbench61892/apk.zip
- <Package Folder>/app_workbench67258/apk.zip
- <Package Folder>/app_workbench67418/apk.zip
- <Package Folder>/app_workbench78310/apk.zip
- <Package Folder>/cache/zw.apk
- <Package Folder>/cache/zw.dex
- <Package Folder>/code-8641649/####/hIHQk771UzDq6MeI.jar
- <Package Folder>/code-8641649/X-Jxr5PDVvwJxFFR
- <Package Folder>/databases/1boCM_6-3n3-riFJdOOODjE7F0b_3uKt_6-fwGkQXTxFEcmeAQDGgQg==
- <Package Folder>/databases/1boCM_6-3n3-riFJdOOODjE7F0b_3uKt_6-fwGkQXTxFEcmeAQDGgQg==-journal
- <Package Folder>/databases/1boCM_6-3n3-riFJdOOODjE7F0b_3uKt_J8mm84FHjZ75ifLKiVtjFa7MMS8=
- <Package Folder>/databases/1boCM_6-3n3-riFJdOOODjE7F0b_3uKt_J8mm84FHjZ75ifLKiVtjFa7MMS8=-journal
- <Package Folder>/databases/1boCM_6-3n3-riFJdOOODjE7F0b_3uKt_L8E7QKp1qgg=
- <Package Folder>/databases/1boCM_6-3n3-riFJdOOODjE7F0b_3uKt_L8E7QKp1qgg=-journal
- <Package Folder>/databases/1boCM_6-3n3-riFJdOOODjE7F0b_3uKt_i5dE0-Izw9_EHqmwSZ2I6w==
- <Package Folder>/databases/1boCM_6-3n3-riFJdOOODjE7F0b_3uKt_i5dE0-Izw9_EHqmwSZ2I6w==-journal
- <Package Folder>/databases/1boCM_6-3n3-riFJdOOODjE7F0b_3uKt_yEaF6hVbW6f18FCN
- <Package Folder>/databases/1boCM_6-3n3-riFJdOOODjE7F0b_3uKt_yEaF6hVbW6f18FCN-journal
- <Package Folder>/databases/Data_sync.db
- <Package Folder>/databases/Data_sync.db-journal
- <Package Folder>/databases/MaiStore.db
- <Package Folder>/databases/MaiStore.db-journal
- <Package Folder>/databases/webview.db
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/####/0F3JuU3V5P4Htv8AurrDsg==.new
- <Package Folder>/files/####/133e614c-b914-48de-8679-619499bdc1e5.pic
- <Package Folder>/files/####/3APKK6MuSNB_ChlKtAflFw==.new
- <Package Folder>/files/####/41SW9ueZSyVyozz74GSgNWAD6lFAHonD.new
- <Package Folder>/files/####/58ba1456-f484-4d3b-88a4-1c31b6fd2836.pic.temp
- <Package Folder>/files/####/75697215-d813-4507-bcea-cf7a42ee9b13.pic.temp
- <Package Folder>/files/####/81740e72-d370-43ae-a967-d70a22748916.pic.temp
- <Package Folder>/files/####/8c796a0b-faf2-4460-ac88-cfd13654b7a7.pic.temp
- <Package Folder>/files/####/966847c0-c75d-4b0d-9105-dd834d7fa3e3.pic.temp
- <Package Folder>/files/####/9a772e67-e316-4fbf-9cd3-28723bfa87b8.pic.temp
- <Package Folder>/files/####/9bK3XHZy4zoy1tSzUQTbyFPbZt4=.new
- <Package Folder>/files/####/CTa9jomJvq9YqUjc4PPaVg==.new
- <Package Folder>/files/####/Cz7K1YBZhRhyE3o5RsRHnpP4U5xC1X7DlLnRKQ==.new
- <Package Folder>/files/####/Ha7xJGY0nShIb7u0.dex
- <Package Folder>/files/####/Ha7xJGY0nShIb7u0.zip
- <Package Folder>/files/####/MEoxlYCgBK27CmiiE_t12mmaOqfVnmcx.new
- <Package Folder>/files/####/Pf-Kj7KG_CEyd1_QYn_hmEgmR7L98q-71Biyr498Wzw=.new
- <Package Folder>/files/####/WZMMnt1QxJHIUE3BJ9eqW5htPzlLLb254uhGilmRNOI=.new
- <Package Folder>/files/####/Yrz630cE3AYl2k5IUKMm9Y9EHEryyOvdc0SYbu5OK50=.new
- <Package Folder>/files/####/ad260a28-54f4-444f-91d1-8193e3e054c2.pic
- <Package Folder>/files/####/blqPFuEQhSkqsIb3lRVyS2fGEyUvk0Ht5nuU7w==.new
- <Package Folder>/files/####/d7e8c2af-90bb-4c9e-8df8-18be52df56f4.pic.temp
- <Package Folder>/files/####/eCSOk-CQ3Y7lk3QzzwdsGRFM9Fd90IRP
- <Package Folder>/files/####/eCSOk-CQ3Y7lk3QzzwdsGRFM9Fd90IRP.new
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/f6Bjz1AcJ8IHyy-H7j2_UiSxrwo=
- <Package Folder>/files/####/f6Bjz1AcJ8IHyy-H7j2_UiSxrwo=.new
- <Package Folder>/files/####/fBcouXgfn6pSJldZEh9nqR0q1Ds=.new
- <Package Folder>/files/####/fdlkgTadShdduKF1bPuC2_-jZrHmu_Ig.new
- <Package Folder>/files/####/h6RzpWP7VWeuB3V5lkmA6h7msTR6jIz5.new
- <Package Folder>/files/####/jfyWxkIMcur5hiUoDg8MLA==
- <Package Folder>/files/####/lz8FweULtZOK3NHgOvkw27uuoFc=
- <Package Folder>/files/####/mHDCxeCv447trodhFpTFCdUErroC-AZn.new
- <Package Folder>/files/####/o4AQVC1XudFPm5yPXHBckw==
- <Package Folder>/files/####/qepvq_f.dex
- <Package Folder>/files/####/qepvq_f.zip
- <Package Folder>/files/####/runner_info.prop.new
- <Package Folder>/files/####/slJzSM568oBlN9X6
- <Package Folder>/files/####/smAOrQ50MzXLfDDV.new
- <Package Folder>/files/####/wXXVJU0d2kq1o7gflyOAJvc-Vmo=
- <Package Folder>/files/####/wXXVJU0d2kq1o7gflyOAJvc-Vmo=.new
- <Package Folder>/files/####/wjzpPtlIwMao0QjDuj2IGmsIj41tuVg-m1UTTCFSbUM=.new
- <Package Folder>/files/####/wxq_EJK7gzP_Nt1oeVMoT-yFW3fCdr4s.new
- <Package Folder>/files/####/xU95HmtnDErDPGKYPCS6azayFrz2vsQd.new
- <Package Folder>/files/####/ybUW9h3meK8QEUeucUnSezvSHEXoC_zu08ewCg==.new
- <Package Folder>/files/####/zxppw0amS54ktVBFFpEXFzqMuVQ=.new
- <Package Folder>/files/com.dyl.pay.ui.apk
- <Package Folder>/files/libabc
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/share_data.xml
- <Package Folder>/shared_prefs/share_data.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <SD-Card>/.armsd/####/2e066c4d-2669-400f-ae2f-ea31a7d89f49.res
- <SD-Card>/.armsd/####/45a9e50d-07e2-42d7-a2fe-290f404e16a0.res
- <SD-Card>/.armsd/####/4860a530-0ede-4610-b30a-2463f69ecb37.res
- <SD-Card>/.armsd/####/4fc9096f-b3f6-4f56-a008-d7628cf1d59f.res
- <SD-Card>/.armsd/####/5636b4c7-e06a-4dfc-a5cf-b02128f4f510.res
- <SD-Card>/.armsd/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
- <SD-Card>/.armsd/####/8a56099a-be57-49c7-9bab-6e37f03e5cb7.res
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
- <SD-Card>/.armsd/####/MP8MtaBuguN9jnuSwtN1kQ==
- <SD-Card>/.armsd/####/c6d9f3c3-08e1-477a-8697-b3f6b3d7655c.res
- <SD-Card>/.armsd/####/r_pkDgN4OhnkSa0D
- <SD-Card>/.env/.uunique.new
- <SD-Card>/.tpservice/####/qsha_80001_5096.jar
- <SD-Card>/.twservice/qshp_3003_2272.zip
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/com.skymobi.pay.plugin.main.data
- <SD-Card>/Android/####/com.skymobi.pay.plugin.recordupload.data
- <SD-Card>/Android/####/com.skymobi.pay.plugin.smspay.data
Другие:
Запускает следующие shell-скрипты:
- /data/data/zw.bdtrbnggrrfcd.htsphawzacle.f9cf012b.i295f5c15d/code-8641649/X-Jxr5PDVvwJxFFR -p zw.bdtrbnggrrfcd.htsphawzacle.f9cf012b.i295f5c15d -a com.uu.action.client -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- <dexopt>
- cat /sys/class/net/wlan0/address
- sh <Package Folder>/code-8641649/X-Jxr5PDVvwJxFFR -p <Package> -a com.uu.action.client -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
