Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.DownLoader.589.origin
Сетевая активность:
Подключается к:
- 1####.####.67
- 5####.####.56
- a####.####.com
- c####.####.cn
- c####.####.org
- g####.####.top
Запросы HTTP GET:
- 5####.####.56/checker
- c####.####.cn/upload/201705/22/img/20170522095522738.png
- c####.####.org/strategy/dev_root
Запросы HTTP POST:
- 1####.####.67/strategy/interface.html
- a####.####.com/ad-service/ad/mark
- g####.####.top/jzbdt/ac/f
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_2030cee0-ff5a-45f0-bdeb-f178d2d0384a/Matrix
- <Package Folder>/app_2030cee0-ff5a-45f0-bdeb-f178d2d0384a/ddexe
- <Package Folder>/app_2030cee0-ff5a-45f0-bdeb-f178d2d0384a/debuggerd
- <Package Folder>/app_2030cee0-ff5a-45f0-bdeb-f178d2d0384a/fileWork
- <Package Folder>/app_2030cee0-ff5a-45f0-bdeb-f178d2d0384a/install-recovery.sh
- <Package Folder>/app_2030cee0-ff5a-45f0-bdeb-f178d2d0384a/pidof
- <Package Folder>/app_2030cee0-ff5a-45f0-bdeb-f178d2d0384a/su
- <Package Folder>/app_2030cee0-ff5a-45f0-bdeb-f178d2d0384a/supolicy
- <Package Folder>/app_2030cee0-ff5a-45f0-bdeb-f178d2d0384a/toolbox
- <Package Folder>/app_2030cee0-ff5a-45f0-bdeb-f178d2d0384a/wsroot.sh
- <Package Folder>/app_5fd527c5-0771-4c35-a8a1-a74326df5273/checker.jar
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/Matrix
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/ddexe
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/debuggerd
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/device.db
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/fileWork
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/install-recovery.sh
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/pidof
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/root3
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/su
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/supolicy
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/toolbox
- <Package Folder>/app_7b466a7e-79e8-4141-a64c-5fe1f2d8c22d/wsroot.sh
- <Package Folder>/app_8232111f-9c64-4868-99d9-6b90385aca5a/Matrix
- <Package Folder>/app_8232111f-9c64-4868-99d9-6b90385aca5a/ddexe
- <Package Folder>/app_8232111f-9c64-4868-99d9-6b90385aca5a/debuggerd
- <Package Folder>/app_8232111f-9c64-4868-99d9-6b90385aca5a/fileWork
- <Package Folder>/app_8232111f-9c64-4868-99d9-6b90385aca5a/install-recovery.sh
- <Package Folder>/app_8232111f-9c64-4868-99d9-6b90385aca5a/pidof
- <Package Folder>/app_8232111f-9c64-4868-99d9-6b90385aca5a/su
- <Package Folder>/app_8232111f-9c64-4868-99d9-6b90385aca5a/supolicy
- <Package Folder>/app_8232111f-9c64-4868-99d9-6b90385aca5a/toolbox
- <Package Folder>/app_8232111f-9c64-4868-99d9-6b90385aca5a/wsroot.sh
- <Package Folder>/app_89e310d0-1c71-49ef-95e6-edc2d21f2de9/Matrix
- <Package Folder>/app_89e310d0-1c71-49ef-95e6-edc2d21f2de9/ddexe
- <Package Folder>/app_89e310d0-1c71-49ef-95e6-edc2d21f2de9/debuggerd
- <Package Folder>/app_89e310d0-1c71-49ef-95e6-edc2d21f2de9/fileWork
- <Package Folder>/app_89e310d0-1c71-49ef-95e6-edc2d21f2de9/install-recovery.sh
- <Package Folder>/app_89e310d0-1c71-49ef-95e6-edc2d21f2de9/pidof
- <Package Folder>/app_89e310d0-1c71-49ef-95e6-edc2d21f2de9/su
- <Package Folder>/app_89e310d0-1c71-49ef-95e6-edc2d21f2de9/supolicy
- <Package Folder>/app_89e310d0-1c71-49ef-95e6-edc2d21f2de9/toolbox
- <Package Folder>/app_89e310d0-1c71-49ef-95e6-edc2d21f2de9/wsroot.sh
- <Package Folder>/app_df7bd94f-2779-41e7-9729-6ce363b5dc47/Matrix
- <Package Folder>/app_df7bd94f-2779-41e7-9729-6ce363b5dc47/ddexe
- <Package Folder>/app_df7bd94f-2779-41e7-9729-6ce363b5dc47/debuggerd
- <Package Folder>/app_df7bd94f-2779-41e7-9729-6ce363b5dc47/fileWork
- <Package Folder>/app_df7bd94f-2779-41e7-9729-6ce363b5dc47/install-recovery.sh
- <Package Folder>/app_df7bd94f-2779-41e7-9729-6ce363b5dc47/pidof
- <Package Folder>/app_df7bd94f-2779-41e7-9729-6ce363b5dc47/su
- <Package Folder>/app_df7bd94f-2779-41e7-9729-6ce363b5dc47/supolicy
- <Package Folder>/app_df7bd94f-2779-41e7-9729-6ce363b5dc47/toolbox
- <Package Folder>/app_df7bd94f-2779-41e7-9729-6ce363b5dc47/wsroot.sh
- <Package Folder>/app_fe982b52-db4b-4dd7-a5e1-9ccc0b633bb8/Matrix
- <Package Folder>/app_fe982b52-db4b-4dd7-a5e1-9ccc0b633bb8/ddexe
- <Package Folder>/app_fe982b52-db4b-4dd7-a5e1-9ccc0b633bb8/debuggerd
- <Package Folder>/app_fe982b52-db4b-4dd7-a5e1-9ccc0b633bb8/fileWork
- <Package Folder>/app_fe982b52-db4b-4dd7-a5e1-9ccc0b633bb8/install-recovery.sh
- <Package Folder>/app_fe982b52-db4b-4dd7-a5e1-9ccc0b633bb8/pidof
- <Package Folder>/app_fe982b52-db4b-4dd7-a5e1-9ccc0b633bb8/su
- <Package Folder>/app_fe982b52-db4b-4dd7-a5e1-9ccc0b633bb8/supolicy
- <Package Folder>/app_fe982b52-db4b-4dd7-a5e1-9ccc0b633bb8/toolbox
- <Package Folder>/app_fe982b52-db4b-4dd7-a5e1-9ccc0b633bb8/wsroot.sh
- <Package Folder>/app_jgls/.log.lock
- <Package Folder>/app_jgls/.log.ls
- <Package Folder>/app_plugin_download/11148ba9-53f2-43b4-bb6f-0d5157249480
- <Package Folder>/app_plugin_download/4a2c0bf9-c4d3-412c-a4c5-6bd44420c737
- <Package Folder>/app_subox/1740c449fc10be62df60ba0f18696c9f
- <Package Folder>/app_subox/32edd79a240b5f1e461d069caab1ec3e
- <Package Folder>/app_subox/8b6f263391259b7a8e5f58ee71852ca8
- <Package Folder>/app_subox/b0141e478b25af7c40a8cca8de6c4708
- <Package Folder>/app_subox/b18a021d11a3004d25017230b681476b
- <Package Folder>/app_subox/c61913b615fb6224701377a119081f36
- <Package Folder>/app_subox_download/09214ce6-0e36-41a1-9264-53169a408af5
- <Package Folder>/app_subox_download/1402bfbe-92c7-45fc-bd6f-dc9d8ec339ea
- <Package Folder>/app_subox_download/184e143d-b12c-4e47-a46f-dd8f626d19c7
- <Package Folder>/app_subox_download/2986dad6-5820-4727-8fc4-3b96a1e4c6cc
- <Package Folder>/app_subox_download/3a797567-0c78-4289-9eec-0a09b87fafa1
- <Package Folder>/app_subox_download/7a0fca2f-771c-4626-b965-6e746d3adbc9
- <Package Folder>/app_subox_download/af7d381a-4024-49d6-af94-8925fa0f9c75
- <Package Folder>/app_subox_download/eb69ef4b-2955-492f-8c72-5ffee4a3a6fc
- <Package Folder>/databases/google_analytics_v2.db-journal
- <Package Folder>/databases/t_u.db-journal
- <Package Folder>/databases/webviewCache.db
- <Package Folder>/databases/webviewCache.db-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/SUBOXLOG_
- <Package Folder>/files/ei.jar
- <Package Folder>/files/gaClientId
- <Package Folder>/files/sk.jar
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/desk.xml
- <Package Folder>/shared_prefs/dsi.xml
- <Package Folder>/shared_prefs/jg_app_update_settings_random.xml
- <Package Folder>/shared_prefs/kr.xml
- <Package Folder>/shared_prefs/kr.xml.bak
- <Package Folder>/shared_prefs/qihoo_jiagu_crash_report.xml
- <Package Folder>/shared_prefs/sfe.xml
- <Package Folder>/shared_prefs/sfe.xml.bak
- <Package Folder>/shared_prefs/subox.xml
- <Package Folder>/shared_prefs/wv.xml
- <Package Folder>/shared_prefs/wv.xml.bak
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/0d32a050b9b2297a8b94c7cce4c4fcf4.apk
- <SD-Card>/Android/####/V2.8.2.txt
- <SD-Card>/Android/####/b.tmp
- <SD-Card>/Android/####/b77ffeb883dc9
- <SD-Card>/EasyVoiceRecorder/.nomedia
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
- chmod 755 /data/data/com.zero.kuaisulyj/.jiagu/libjiagu.so
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/0d32a050b9b2297a8b94c7cce4c4fcf4.apk
- chmod 777 /storage/emulated/0/Android/data/com.zero.kuaisulyj/files/Download/Android/azb/0d32a050b9b2297a8b94c7cce4c4fcf4.apk
- chmod 777 Matrix ddexe debuggerd device.db fileWork install-recovery.sh pidof root3 su supolicy toolbox wsroot.sh
- chmod 777 Matrix ddexe debuggerd fileWork install-recovery.sh pidof su supolicy toolbox wsroot.sh
- sh
Использует специальную библиотеку для скрытия исполняемого байткода.
