Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.SmsSend.1848.origin
- Android.SmsSend.1848.origin
- Android.SmsSend.1848.origin
- Android.Triada.247.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.SmsSend.1848.origin
- Android.SmsSend.1848.origin
- Android.SmsSend.1848.origin
- Android.Triada.247.origin
Сетевая активность:
Подключается к:
- 6####.####.140
- a####.####.com
- i####.####.com
- i####.####.com:10003
- k####.####.com
- k####.####.com:8090
- l####.####.com
- p####.####.com
- p####.####.com:9000
- re####.####.com
- re####.####.com:10002
- s####.####.com
- s####.####.com:8888
Запросы HTTP GET:
- 6####.####.140/ando/i/mon?k=####&d=####
- i####.####.com/ando-res/ads/black/640x270.png
- p####.####.com/cityjson?ie=####
- p####.####.com:9000/versionpatch?updVersion=####&crc32=####&version=####...
- re####.####.com/v1/sdk/init?net_name=####&imei=####&package_name=####&sd...
- re####.####.com:10002/v1/sdk/init?net_name=####&imei=####&package_name=#...
- s####.####.com/v1/sdk/init?net_name=####&imei=####&package_name=####&sdk...
- s####.####.com:8888/v1/sdk/init?net_name=####&imei=####&package_name=###...
Запросы HTTP POST:
- a####.####.com/app_logs
- i####.####.com:10003/v2/chis
- k####.####.com/storage/receive
- k####.####.com:8090/storage/receive
- l####.####.com/sdk.php
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/code-7925681/lKCBk_elWJXxGvUz
- <Package Folder>/databases/MA_epay_db
- <Package Folder>/databases/MA_epay_db-journal
- <Package Folder>/databases/bil_db
- <Package Folder>/databases/bil_db-journal
- <Package Folder>/databases/nWNlYQ6RfZLDytZKPaS5Kp0INncvsd1c_Jb-CwP7rj-2N2Oo-2tpLqA==
- <Package Folder>/databases/nWNlYQ6RfZLDytZKPaS5Kp0INncvsd1c_Jb-CwP7rj-2N2Oo-2tpLqA==-journal
- <Package Folder>/databases/nWNlYQ6RfZLDytZKPaS5Kp0INncvsd1c_RIQUwAS0nCvTV_byQ5xwnhJqinc=
- <Package Folder>/databases/nWNlYQ6RfZLDytZKPaS5Kp0INncvsd1c_RIQUwAS0nCvTV_byQ5xwnhJqinc=-journal
- <Package Folder>/databases/nWNlYQ6RfZLDytZKPaS5Kp0INncvsd1c_dhILlzQBykg=-journal
- <Package Folder>/databases/nWNlYQ6RfZLDytZKPaS5Kp0INncvsd1c_pkcLBaXfqnPSvmGa-wn0ew==
- <Package Folder>/databases/nWNlYQ6RfZLDytZKPaS5Kp0INncvsd1c_pkcLBaXfqnPSvmGa-wn0ew==-journal
- <Package Folder>/databases/nWNlYQ6RfZLDytZKPaS5Kp0INncvsd1c_q6_o9tecVT6YQEef
- <Package Folder>/databases/nWNlYQ6RfZLDytZKPaS5Kp0INncvsd1c_q6_o9tecVT6YQEef-journal
- <Package Folder>/databases/p2_epay_db
- <Package Folder>/databases/p2_epay_db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/####/18d6ee44-56af-4f13-9667-4d5f96433c17.pic.temp
- <Package Folder>/files/####/1b8ibL5UdOYVNh6Ai3snXQ==
- <Package Folder>/files/####/26f888af-c965-45a0-9608-5cd81f20bb71.pic
- <Package Folder>/files/####/2vCwm811iCKt8SYfdK6NSDKzdPWvZ5zd9fU0WEStAm0=.new
- <Package Folder>/files/####/50418c29-bf70-48ed-a9f5-b411611efbd8.pic.temp
- <Package Folder>/files/####/7acce5b0-31be-438d-872a-0b4ba41a23f4.pic.temp
- <Package Folder>/files/####/96220705-068e-4d41-8739-f262b9108878.pic.temp
- <Package Folder>/files/####/9Krhnydbs_PGOz7g.new
- <Package Folder>/files/####/9MoxlYoh31uGEdYy
- <Package Folder>/files/####/9c4c951e-195b-4145-b6fc-4b3a800f268a.pic.temp
- <Package Folder>/files/####/BMzqqd7F6RFF72vduoec6g==.new
- <Package Folder>/files/####/Fq1twosadvL55zJ1qnA2vrogMlYxiJA0peU1EtLBr-M=.new
- <Package Folder>/files/####/GGa6hkykc-ywIcVYgMn7rLlIXzE=
- <Package Folder>/files/####/JdEj7-4zJg2u4r9mtyZzRg==
- <Package Folder>/files/####/Ku03AelJsVS97aRatKK7DHAgNqfAlUWSPtV9RlUod_s=.new
- <Package Folder>/files/####/L28720VyA89cPa_xJb_MH_R4mh0=.new
- <Package Folder>/files/####/MhXk5lCbxAR_xrobEK-RbQ==.new
- <Package Folder>/files/####/Q0XaM-z_tiOdHTvvjT10SkbcqCcnOhBE.new
- <Package Folder>/files/####/RDfEqV3Jz2C_mhaDFmrtwaeXM3a3nV0C
- <Package Folder>/files/####/RDfEqV3Jz2C_mhaDFmrtwaeXM3a3nV0C.new
- <Package Folder>/files/####/RDfEqV3Jz2C_mhaDFmrtwaeXM3a3nV0C.old (deleted)
- <Package Folder>/files/####/ULZz7ePER4WzoyPPFCBz2rdgvfg=.temp
- <Package Folder>/files/####/W2MrmoYEIuYKDpLFE-BbDm5zfTI=
- <Package Folder>/files/####/W2MrmoYEIuYKDpLFE-BbDm5zfTI=.new
- <Package Folder>/files/####/WxuE1Gl8USSd0oN6AF9Qq_9eL1OMnH-RoBaoZa0-uRg=.new
- <Package Folder>/files/####/XYeFPrmehKb1KoV1xepo7Seg-ZUoWwcyJEICnA==.new
- <Package Folder>/files/####/YWlkRb_d72uak_O2gOLGFun8H9NhVp4d.new
- <Package Folder>/files/####/aYVUnDNJCI7Xyn66BN47g4QD0To=.new
- <Package Folder>/files/####/dXiZXVpp-ajt3Of9rYAFIaEDdEK494kOMDSFDw==.new
- <Package Folder>/files/####/dcfc7f4b-a070-432c-b101-634ae0e98e01.pic.temp
- <Package Folder>/files/####/f21748bd-87e2-4eb0-a254-133ac79ec509.pic
- <Package Folder>/files/####/gbAH_CmqTHSmFu9aXev3qhKN976MHh_T.new
- <Package Folder>/files/####/gckbg_f.zip
- <Package Folder>/files/####/lja71JFaYuEQH3SIdQzjZQ==
- <Package Folder>/files/####/lja71JFaYuEQH3SIdQzjZQ==.new
- <Package Folder>/files/####/m9hMAJ6fp-Kt7Ok9xPcY87pbPog=.new
- <Package Folder>/files/####/plus.jar
- <Package Folder>/files/####/reNIZSZaZtebXiBQTuWupaXis9FJ8VyH.new
- <Package Folder>/files/####/runner_info.prop.new
- <Package Folder>/files/####/sAhtt2b_k_JhOryXoWbH86IjJrE=
- <Package Folder>/files/####/sAhtt2b_k_JhOryXoWbH86IjJrE=.new
- <Package Folder>/files/####/vQfraQ9mCHzpcL1wp8RF7OP-XSq6j1ae.new
- <Package Folder>/files/####/wLJQKcW5UbMGcws064_R2SKg7gtVQ58Q.new
- <Package Folder>/files/####/xXzeb2QHnXKUJ3s_1KcF68SjMRWmcPl9.new
- <Package Folder>/files/####/yHWAkSEMqFSsE93kjCsULbJRq3WrzvU3E0_q6g==.new
- <Package Folder>/files/####/zLsWqu92XEHTRWVy.zip
- <Package Folder>/files/####/zek7DJaZmjxf4p6sfXlC8nScRhY=.temp
- <Package Folder>/files/.imprint
- <Package Folder>/files/mj.apk
- <Package Folder>/files/mj.dex (deleted)
- <Package Folder>/files/mobclick_agent_cached_<Package>37
- <Package Folder>/files/plugin.apk
- <Package Folder>/files/rdata_comdaoezbnr
- <Package Folder>/files/rdata_comdaoezbnr.new
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/pspace/nexor.jar
- <Package Folder>/pspace/prim.jar
- <Package Folder>/shared_prefs/b_setting.xml
- <Package Folder>/shared_prefs/b_share.xml
- <Package Folder>/shared_prefs/game_data.xml
- <Package Folder>/shared_prefs/game_e_c_data.xml
- <Package Folder>/shared_prefs/jiepay_config.xml
- <Package Folder>/shared_prefs/jiepay_config.xml.bak
- <Package Folder>/shared_prefs/ma_call.xml
- <Package Folder>/shared_prefs/ma_data.xml
- <Package Folder>/shared_prefs/ma_epay_share.xml
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/nnt_data.xml
- <Package Folder>/shared_prefs/p2_call.xml
- <Package Folder>/shared_prefs/p2_call.xml.bak
- <Package Folder>/shared_prefs/p2_data.xml
- <Package Folder>/shared_prefs/p2_edition.xml
- <Package Folder>/shared_prefs/p2_epay_share.xml
- <Package Folder>/shared_prefs/p2_epay_share.xml.bak
- <Package Folder>/shared_prefs/share_ecd.xml
- <Package Folder>/shared_prefs/share_version.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/shared_prefs/zzconfig.xml
- <SD-Card>/.armsd/####/44eb7d44-c128-4619-a7f7-bb2631880e72.res
- <SD-Card>/.armsd/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
- <SD-Card>/.armsd/####/MP8MtaBuguN9jnuSwtN1kQ==
- <SD-Card>/.armsd/####/dbcd4a5d-4345-46ca-b5dc-9bd7cd3cfc05.res
- <SD-Card>/.armsd/####/e02a41ad-7afc-408d-a4d4-7d98ea581e4e.res
- <SD-Card>/.armsd/####/e0e8401a-1e59-41d1-bf1c-f7c72251d7d5.res
- <SD-Card>/.armsd/####/ebeb964a-e1f5-450a-bcfe-65875ab56576.res
- <SD-Card>/.armsd/####/r_pkDgN4OhnkSa0D
- <SD-Card>/.env/.uunique.new
Другие:
Запускает следующие shell-скрипты:
- /data/data/com.meiyou.ren.gaos/code-1373334/lKCBk_elWJXxGvUz -p com.meiyou.ren.gaos -c com.daoe.zbnr.afivbw.a.a.d.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- /data/data/com.meiyou.ren.gaos/code-7925681/lKCBk_elWJXxGvUz -p com.meiyou.ren.gaos -c com.daoe.zbnr.afivbw.a.a.d.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- <dexopt>
- <error:2>
- sh <Package Folder>/code-1373334/lKCBk_elWJXxGvUz -p <Package> -c com.daoe.zbnr.afivbw.a.a.d.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- sh <Package Folder>/code-7925681/lKCBk_elWJXxGvUz -p <Package> -c com.daoe.zbnr.afivbw.a.a.d.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
Может автоматически отправлять СМС-сообщения.
