Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 12114516412: systemcGx1dG8yNTAwMjY2OTkxODc3NDM=
Предлагает установить сторонние приложения.
Сетевая активность:
Подключается к:
- 1####.####.172
- 1####.####.181
- 1####.####.209
- 1####.####.212
- 1####.####.80
- 1####.####.80:8001
- c####.####.com
- c####.####.net
- d####.####.com
- d####.####.com:8080
- g####.####.net
- g####.####.net:8080
- mo####.####.com
- mobads-####.####.com
- p####.####.cn
- p####.####.com
- sd####.####.com
- ub####.####.com
- w####.####.com
- w####.####.com:7758
Запросы HTTP GET:
- 1####.####.181/sdkPayInit.html
- 1####.####.209/adcms/app/api/isAccessEnable.jhtm
- 1####.####.212/mobads.php?01sK000####
- 1####.####.80/hbilling/jd
- 1####.####.80:8001/hbilling/ver
- c####.####.com/20170715/tongyu-pay-lib-2159-ymt.apk
- d####.####.com/egsb/otherPay/querySMSLimitMoney
- mo####.####.com/ads/css/min/main.css
- mobads-####.####.com/dz.zb?type=####&apid=####&appsid=####&bdr=####&bran...
- mobads-####.####.com/upload/apps/baidu_dsp9_and100rb9bae4d5858.apk
- p####.####.com/sdkMis/getRdoUrl
- ub####.####.com/media/v1/0f0000npWj05lc5ud7u1L0.jpg
- w####.####.com/adx.php?c=####&ext=####
- w####.####.com/rdo/order/invalid;jsessionid=572108E76741F05F81BB4EFE602A...
Запросы HTTP POST:
- 1####.####.172/osdk/gi.do?t=####&p=####
- c####.####.net/cat.php/Cat/SCR?ver=####&tp=####
- d####.####.com:8080/hlpayserver/api/11
- g####.####.net/migusdk/verification/checkSdkUpdate
- g####.####.net:8080/migusdk/tl/initcttl
- p####.####.cn/index.php/API
- sd####.####.com/behaviorLogging/eventLogging/accept?
- w####.####.com/normandie/QuerySafechargeRuleV2
- w####.####.com:7758/normandie/QueryConfigPolicy
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_baidu_ad_sdk/__xadsdk__remote__final__3b919353-d788-45db-a97c-26b327e4a01e.jar
- <Package Folder>/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar
- <Package Folder>/app_database/ApplicationCache.db-journal
- <Package Folder>/app_database/ApplicationCache.db-journal (deleted)
- <Package Folder>/app_lib/libmiguED.so
- <Package Folder>/app_tongyu/####/tongyu-pay-lib.apk
- <Package Folder>/cache/####/-1077373966-113958476
- <Package Folder>/cache/####/-11306913931306835640
- <Package Folder>/cache/####/-1346548293-517559575
- <Package Folder>/cache/####/-269259791-70755296
- <Package Folder>/cache/####/-9236635161219822678
- <Package Folder>/cache/####/839725001882190681
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/index
- <Package Folder>/databases/####/cc.db
- <Package Folder>/databases/####/cc.db-journal
- <Package Folder>/databases/OPAYDB
- <Package Folder>/databases/OPAYDB-journal
- <Package Folder>/databases/TestinAgent.db-journal
- <Package Folder>/databases/adshower.db-journal
- <Package Folder>/databases/mp.db
- <Package Folder>/databases/mp.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal (deleted)
- <Package Folder>/files/####/MiguPay.Sdk20.Lib_26002_344EAA6187C551BFE03C528618CB42A2.dat
- <Package Folder>/files/####/mg20css.dat
- <Package Folder>/files/####/mg20dss.dat
- <Package Folder>/files/MiguPay.Sdk20.Lib_26002_344EAA6187C551BFE03C528618CB42A2.dat
- <Package Folder>/files/__sdk_m_0f0000npWj05lc5ud7u1L0.jpg
- <Package Folder>/files/appsdkmg0_.jar
- <Package Folder>/files/hbilling.dat
- <Package Folder>/files/hbilling.dat.temp
- <Package Folder>/files/hbilling.dat.temp (deleted)
- <Package Folder>/files/jacruntime.dex (deleted)
- <Package Folder>/files/ly.jar
- <Package Folder>/files/ly.jar.temp (deleted)
- <Package Folder>/files/mg20css.dat
- <Package Folder>/files/mg20dss.dat
- <Package Folder>/files/mg20irid.dat
- <Package Folder>/files/mobclick_agent_cached_<Package>33
- <Package Folder>/files/pid
- <Package Folder>/files/save_data
- <Package Folder>/files/sdk_prefs
- <Package Folder>/jacruntime.dex
- <Package Folder>/shared_prefs/PreferanceUtil.xml
- <Package Folder>/shared_prefs/PreferanceUtil.xml.bak
- <Package Folder>/shared_prefs/PreferanceUtil.xml.bak (deleted)
- <Package Folder>/shared_prefs/TestinCrash.xml
- <Package Folder>/shared_prefs/__sdk_remote_dl_2.xml
- <Package Folder>/shared_prefs/__x_adsdk_agent_header__.xml
- <Package Folder>/shared_prefs/__xadsdk_downloaded__version__.xml
- <Package Folder>/shared_prefs/com.baidu.mobads.loader.xml
- <Package Folder>/shared_prefs/cpMsg.xml
- <Package Folder>/shared_prefs/device_id.xml.xml
- <Package Folder>/shared_prefs/dycsdp.xml
- <Package Folder>/shared_prefs/getFlag.xml
- <Package Folder>/shared_prefs/install_sent.xml
- <Package Folder>/shared_prefs/opaysdk.xml
- <Package Folder>/shared_prefs/port.xml
- <Package Folder>/shared_prefs/port.xml.bak
- <Package Folder>/shared_prefs/port.xml.bak (deleted)
- <Package Folder>/shared_prefs/senderReceiver.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak (deleted)
- <Package Folder>/shared_prefs/xcngame.xml
- <SD-Card>/Download/####/ShareData.txt
- <SD-Card>/Download/####/deviceId.txt
- <SD-Card>/Download/####/msgflag.txt
- <SD-Card>/Download/####/sdk_prefs.txt
- <SD-Card>/bddownload/a768eb07b10391479674a30bc34187f1.apk.tmp
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/sh
- <dexopt>
- <su-internal:request>
- <su-internal:result>
- app_process /system/bin com.android.commands.am.Am startservice --user 0 -n <Package>/com.opay.android.service.OpayService
- cat /sys/class/net/wlan0/address
- chmod 777 /data/data/cl.zwbjjshd.hk4/files/ly.jar
- chmod 777 <Package Folder>/files/ly.jar
- dumpsys activity
- getprop persist.vivo.multiwindow
- getprop persist.vivo.multiwindow_active
- getprop ro.build.version.emui
- grep mFocusedActivity
- ls -l /sbin/su
- ls -l /system/bin/su
- ls -l /system/sbin/su
- ls -l /system/xbin/su
- ls -l /vendor/bin/su
- sh
- su
Использует повышенные привилегии.
Может автоматически отправлять СМС-сообщения.
