Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.155.origin
- Android.Triada.178
- Android.Triada.178
- Android.Triada.248.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Triada.155.origin
- Android.Triada.178
- Android.Triada.178
- Android.Triada.248.origin
Сетевая активность:
Подключается к:
- 1####.####.34:19000
- 1####.####.57:10001
- a####.####.com
- huangda####.com
- i####.####.com
- l####.####.com
Запросы HTTP GET:
- 1####.####.57:10001/v1/order/get?phone=####&imei=####&sdk_version=####&c...
- a####.####.com/ando/i/mon?k=####&d=####
- huangda####.com/active!activeLog.action?provider=####&clickId=####&manu=...
- i####.####.com/ando-res/ads/black/640x270.png
Запросы HTTP POST:
- 1####.####.34:19000/v2/chis
- l####.####.com/sdk.php
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/EOZTzhVG.jar
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/index
- <Package Folder>/code-8806992/evcD-LdIsN-yZtTh
- <Package Folder>/databases/####/cc.db
- <Package Folder>/databases/####/cc.db-journal
- <Package Folder>/databases/qK0wa5A8KQdMGhDBFUpylPPq5yIwI3qS_FTOnn6bgaxTM0R207MtPyw==
- <Package Folder>/databases/qK0wa5A8KQdMGhDBFUpylPPq5yIwI3qS_FTOnn6bgaxTM0R207MtPyw==-journal
- <Package Folder>/databases/qK0wa5A8KQdMGhDBFUpylPPq5yIwI3qS_HhaBteLD7Fo=-journal
- <Package Folder>/databases/qK0wa5A8KQdMGhDBFUpylPPq5yIwI3qS_Kb6gUlAlpDIHUy5wSpuc9A==
- <Package Folder>/databases/qK0wa5A8KQdMGhDBFUpylPPq5yIwI3qS_Kb6gUlAlpDIHUy5wSpuc9A==-journal
- <Package Folder>/databases/qK0wa5A8KQdMGhDBFUpylPPq5yIwI3qS_U1xwUm6pUfXT2rcy
- <Package Folder>/databases/qK0wa5A8KQdMGhDBFUpylPPq5yIwI3qS_U1xwUm6pUfXT2rcy-journal
- <Package Folder>/databases/qK0wa5A8KQdMGhDBFUpylPPq5yIwI3qS_c4-MxChjzWoX9iMpfmC7zL2nkVc=
- <Package Folder>/databases/qK0wa5A8KQdMGhDBFUpylPPq5yIwI3qS_c4-MxChjzWoX9iMpfmC7zL2nkVc=-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/####/0b1c2ec3-6f85-43e1-a432-01ca9f22021a.pic
- <Package Folder>/files/####/1kPvAlvKxu2yQW9wqfI1BGywbw8UT8Nx.new
- <Package Folder>/files/####/3XfQCWrSSV0l_Uyf2cPriDoObfM=.new
- <Package Folder>/files/####/481fb3c5-c5b9-44d1-857a-67091d2098f0.pic.temp
- <Package Folder>/files/####/4o2FHvH70nA2ABcPGhKoDCuwQdJ1Uhd0RVfKvw==.new
- <Package Folder>/files/####/72fc3de7-f3e5-49a3-a437-4c4e2a7fd65e.pic.temp
- <Package Folder>/files/####/766ecefe-1bb0-48c4-a755-e3e14e4d2aa4.pic.temp
- <Package Folder>/files/####/992fa662-0765-4f14-9264-4e9ea99fe5bc.pic.temp
- <Package Folder>/files/####/AF2evECNFVzQNcvLIH1fLNoMqNU=.new
- <Package Folder>/files/####/AMJUPoAnCVSxgTjEAf9vxyqidEuO0nzdy53A9g==.new
- <Package Folder>/files/####/AmpFiOUQQuB_CSCzSECknw==
- <Package Folder>/files/####/HQkvesaJLdmM_Qsn5PNq6UOkocolMfBB.new
- <Package Folder>/files/####/KXPvaHwvKiY9qgjX-e7-4g==
- <Package Folder>/files/####/KXPvaHwvKiY9qgjX-e7-4g==.new
- <Package Folder>/files/####/NmDNHYqxeGyeVA4T.new
- <Package Folder>/files/####/OtC4jn-B4gBnJoGLEt1Xlw==
- <Package Folder>/files/####/OtC4jn-B4gBnJoGLEt1Xlw==.new
- <Package Folder>/files/####/TgOT-jiTuGAlWeS-yLclR_a_Vu76dzu-JppvWHQ55tI=.new
- <Package Folder>/files/####/X2Kn2vmRrAjdAOSk
- <Package Folder>/files/####/Y_tGYKme0BmdVzdyoYRu1ZE2oRI=
- <Package Folder>/files/####/YksLr3kal5dq1fkIL56iC6uiedY=.new
- <Package Folder>/files/####/_a7cika8riKoZzreGl_zO9FVAYwSeTn_.new
- <Package Folder>/files/####/c6544a58-e15d-40ed-a08d-94448416b545.pic
- <Package Folder>/files/####/c8a7eb1b-4b66-41f0-b023-f8886d0180da.pic.temp
- <Package Folder>/files/####/cKfwWVLS92oT3bPpAs9olK2pn8M=
- <Package Folder>/files/####/data.dat.tmp
- <Package Folder>/files/####/f4866b0f-366b-4a34-87bf-cbda4398d583.pic.temp
- <Package Folder>/files/####/f_OlzubegizawiMF40f3QE7b5cudPQkgFoAVmFf0mOs=.new
- <Package Folder>/files/####/fbJEGt49UuGMUUTQSLhacSIq6ERqZBJzV7YCug==.new
- <Package Folder>/files/####/g6rx3JVIN_C-_zlVH4rUb6amaHbmq7gbDqdJ4gZgF0Y=.new
- <Package Folder>/files/####/g8qrXcLqTteoAiTI8JlXswcw01lYUGEg.new
- <Package Folder>/files/####/gOOryxj6uq7m_n96eFhWR5Ba7kv-53VA.new
- <Package Folder>/files/####/hzo-wRlN0-j1kGkw34ohp8RMMK2Zp2AxPFwPZehnXfA=.new
- <Package Folder>/files/####/libus.so
- <Package Folder>/files/####/npQUr0DxdmzqFju1I8c91mZEvNQ=.new
- <Package Folder>/files/####/rZul9Na4GoKEKYh9gnaFiw==.new
- <Package Folder>/files/####/runner_info.prop.new
- <Package Folder>/files/####/sbcnua_f.zip
- <Package Folder>/files/####/wtFHt9PJzAWdolE7BSzDD52kyON5fuEk.new
- <Package Folder>/files/####/xB5f5jZJxtnAWzc_9KLNA2nINxe0lp_L
- <Package Folder>/files/####/xB5f5jZJxtnAWzc_9KLNA2nINxe0lp_L.new
- <Package Folder>/files/####/xB5f5jZJxtnAWzc_9KLNA2nINxe0lp_L.old (deleted)
- <Package Folder>/files/####/yGGxIG613NwjmzmhTZzBeRJpsP4jJjmT.new
- <Package Folder>/files/####/z1PDUW87fgIG2xpP.zip
- <Package Folder>/shared_prefs/pretw.xml
- <Package Folder>/shared_prefs/twj.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/zzconfig.xml
- <SD-Card>/.armsd/####/57c1a08b-cf0e-46f1-a7b9-d027b201588d.res
- <SD-Card>/.armsd/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
- <SD-Card>/.armsd/####/6c8309db-caea-44ab-bcfd-7e2a7d06a2f4.res
- <SD-Card>/.armsd/####/9dfc6d2c-f2d8-42ec-9791-d7c4934d7822.res
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
- <SD-Card>/.armsd/####/MP8MtaBuguN9jnuSwtN1kQ==
- <SD-Card>/.armsd/####/a31ce9c3-dba2-40c6-a562-703e925cf6b0.res
- <SD-Card>/.armsd/####/r_pkDgN4OhnkSa0D
- <SD-Card>/.env/.uunique.new
- <SD-Card>/.twservice/####/tw
- <SD-Card>/.twservice/qshp_3002_2206.zip
- <SD-Card>/Download/channel_conf
- <SD-Card>/Download/channel_conf1
Другие:
Запускает следующие shell-скрипты:
- /data/data/wjqmhefy.myllz.phj.dhulw/code-8806992/evcD-LdIsN-yZtTh -p wjqmhefy.myllz.phj.dhulw -c com.hoxq.lpve.uwisuq.a.a.c.b -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- <dexopt>
- <error:2>
