Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.186
- Android.Xiny.186
Загружает из Интернета следующие детектируемые угрозы:
- Android.Xiny.186
- Android.Xiny.186
Сетевая активность:
Подключается к:
- bbcm####.####.net
- cdn-rad####.####.com
- class####.fr
- d####.####.net
- deephou####.com
- deutsch####.de
- dotr####.eu
- globus####.dk
- jazzb####.####.ch
- jazzr####.fr
- ra####.org
- radio-b####.info
- radioi####.it
- radiopa####.com
- ret####.se
- s####.####.de
- sbli####.com
- sbli####.com:3000
- so####.com
- st####.####.de
- st####.####.uk
- swr-swr####.####.de
Запросы HTTP GET:
- bbcm####.####.net/stream/bbcmedia_radio4fm_mf_p
- cdn-rad####.####.com/s93546q.png
- class####.fr/favicon.ico
- d####.####.net//favicon.ico
- deephou####.com/wp-content/uploads/2016/10/customheader2.png
- deutsch####.de/themes/dradio/icons/dlf/favicon-196x196.png
- dotr####.eu/images/open_graph.jpg
- globus####.dk/favicon.ico
- jazzb####.####.ch/jazzblues-high.mp3
- jazzr####.fr/media/radio/thumb/90x90_blues.png
- ra####.org/wp-content/uploads/2016/01/icon.jpg
- radio-b####.info/webservice/v2/json/url/59591
- radioi####.it/images/asset/logo.png
- radiopa####.com/78602061-9c94-4bed-bdc4-e76609d3b926.png
- ret####.se/wp-content/themes/suits-child/favicons/smalltile.png
- s####.####.de/dlf/01/104/ogg/stream.ogg
- sbli####.com/json/rsdk.json
- sbli####.com:3000/
- so####.com/img3/groovesalad-400.jpg
- st####.####.de/images/broadcasts/ea/a3/1436/c175.png
- st####.####.uk/radio/83/1.92.20170704121920/img/logos/v2/bbc_radio_fourf...
- swr-swr####.####.de/swr/swr3/live/mp3/128/stream.mp3
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.cache/secData.dex
- <Package Folder>/.cache/secData.dve
- <Package Folder>/.cache/secData.jar
- <Package Folder>/cache/####/-1054688343519785461
- <Package Folder>/cache/http_cdn_radiotime_logos_tunein_com_s93546q_png.dat
- <Package Folder>/cache/http_de_dwg_radio_net_favicon_ico.dat
- <Package Folder>/cache/http_retrofm_se_wp_content_themes_suits_child_favicons_smalltile_png.dat
- <Package Folder>/cache/http_somafm_com_img3_groovesalad_400_jpg.dat
- <Package Folder>/cache/http_static_radio_de_images_broadcasts_39_2e_14126_c175_png.dat
- <Package Folder>/cache/http_static_radio_de_images_broadcasts_ea_a3_1436_c175_png.dat
- <Package Folder>/cache/http_tr_dwg_radio_net_favicon_ico.dat
- <Package Folder>/cache/http_www_deephouselounge_com_wp_content_uploads_2016_10_customheader2_png.dat
- <Package Folder>/cache/http_www_deutschlandfunk_de_themes_dradio_icons_dlf_favicon_196x196_png.dat
- <Package Folder>/cache/http_www_dotradio_eu_images_open_graph_jpg.dat
- <Package Folder>/cache/http_www_jazzradio_fr_media_radio_thumb_90x90_blues_png.dat
- <Package Folder>/cache/http_www_radio5_org_wp_content_uploads_2016_01_icon_jpg.dat
- <Package Folder>/cache/http_www_radioibiza_it_images_asset_logo_png.dat
- <Package Folder>/cache/http_www_radioparadise_com_78602061_9c94_4bed_bdc4_e76609d3b926_png.dat
- <Package Folder>/cache/https_i3_radionomy_com_radios_400_16f0899d_e88b_4a2e_a6ea_fa51f42a4acf_png_clearcache_true_version_636321768337227894_original_true.dat
- <Package Folder>/cache/https_i3_radionomy_com_radios_400_e998fade_5c2a_426c_9520_0aa02849f49e_jpg_clearcache_true_version_636321761844328654_original_true.dat
- <Package Folder>/cache/https_ichef_bbci_co_uk_images_ic_336xn_p029jc4l_jpg.dat
- <Package Folder>/cache/https_scontent_mxp1_1_xx_fbcdn_net_v_t1_0_1_p200x200_10419553_543415272490670_7798950955351699394_n_jpg_oh_dd7c1215900287b9dd6dcd1b3713526c_oe_5A071C78.dat
- <Package Folder>/cache/https_upload_wikimedia_org_wikipedia_commons_thumb_b_b9_SWR3_Logo_svg_175px_SWR3_Logo_svg_png.dat
- <Package Folder>/cache/https_upload_wikimedia_org_wikipedia_en_thumb_1_15_87_8_UCFM_Logo_jpg_250px_87_8_UCFM_Logo_jpg.dat
- <Package Folder>/cache/https_www_franceinter_fr_img_logo_app_png.dat
- <Package Folder>/cache/www_radio_browser_info_webservice_json_stations_lastchange_100
- <Package Folder>/cache/www_radio_browser_info_webservice_json_stations_topclick_100
- <Package Folder>/cache/www_radio_browser_info_webservice_json_stations_topvote_100
- <Package Folder>/cache/www_radio_browser_info_webservice_v2_json_url_371
- <Package Folder>/cache/www_radio_browser_info_webservice_v2_json_url_45778
- <Package Folder>/cache/www_radio_browser_info_webservice_v2_json_url_59591
- <Package Folder>/cache/www_radio_browser_info_webservice_v2_json_url_64096
- <Package Folder>/cache/www_radio_browser_info_webservice_v2_json_url_73987
- <Package Folder>/com.secneo.tmp
- <Package Folder>/com.secneo.tmp (deleted)
- <Package Folder>/databases/google_app_measurement_local.db
- <Package Folder>/databases/google_app_measurement_local.db-journal
- <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml.bak
- <Package Folder>/shared_prefs/conf.xml.xml
- <Package Folder>/shared_prefs/system_device_id.xml
- <SD-Card>/Android/channel_id
- <SD-Card>/Android/system_device_id
- <SD-Card>/DCIM/channel_id
- <SD-Card>/DCIM/system_device_id
Другие:
Запускает следующие shell-скрипты:
- ps |grep sysser
