Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Click.131.origin
Сетевая активность:
Подключается к:
- 7j####.####.com
- a####.####.com
- c-h####.####.com
- d####.####.com
- n####.####.hk
- p####.####.com
- s####.####.com
Запросы HTTP GET:
- 7j####.####.com/tdata_gcr824
- d####.####.com/CampaignApiService?pub_key=####&os=####&countries=####&le...
- n####.####.hk/v1/articles?channel=####&country=####&language=####&limit=...
- p####.####.com/upload/2FAE7DC8FFFFA035586CA7E03484FF02.jpg
- s####.####.com/config/hz-hzv3.conf
- s####.####.com/sites/www.ibtimes.com/files/styles/md/public/2017/07/31/e...
Запросы HTTP POST:
- a####.####.com/rest/sur?ak=####&av=####&c=####&v=####&s=####&d=####&sv=#...
- c-h####.####.com/api.php?format=####&t=####
- s####.####.com/api.php?format=####&t=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.cache/secData.dex
- <Package Folder>/.cache/secData.dve
- <Package Folder>/.cache/secData.jar
- <Package Folder>/app_alisdk_plugin_list/1501143493536.pluginlist
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_0 (deleted)
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_1 (deleted)
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_2 (deleted)
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/data_3 (deleted)
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/index (deleted)
- <Package Folder>/com.secneo.tmp
- <Package Folder>/databases/HORSEbROWSER.db
- <Package Folder>/databases/HORSEbROWSER.db-journal
- <Package Folder>/databases/pushext.db-journal
- <Package Folder>/databases/pushg.db-journal
- <Package Folder>/databases/pushsdk.db-journal
- <Package Folder>/databases/tmpd8.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/gdaemon_20161017
- <Package Folder>/files/init.pid
- <Package Folder>/files/init_c.pid
- <Package Folder>/files/push.pid
- <Package Folder>/files/run.pid
- <Package Folder>/files/tdata_WqQ090
- <Package Folder>/files/tdata_WqQ090.jar
- <Package Folder>/files/tdata_gcr824
- <Package Folder>/files/tdata_gcr824.jar
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/UTCommon.xml
- <Package Folder>/shared_prefs/UTMCConf-1846875864.xml
- <Package Folder>/shared_prefs/UTMCConf754589127.xml
- <Package Folder>/shared_prefs/UTMCLog-1846875864.xml
- <Package Folder>/shared_prefs/UTMCLog754589127.xml
- <Package Folder>/shared_prefs/ZYASDKPOIEJMFKL##@!!!.xml
- <Package Folder>/shared_prefs/ZYASDKPOIEJMFKL##@!!!.xml.bak
- <Package Folder>/shared_prefs/basefragment_share_name.xml
- <Package Folder>/shared_prefs/card_share_name.xml
- <Package Folder>/shared_prefs/onesdk_device.xml
- <Package Folder>/shared_prefs/settings_share_name.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/<Package>/asdklog_a
- <SD-Card>/<Package>/asdklog_s
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/15b9cxbp861gg2t1mgnzbia0f
- <SD-Card>/Android/####/1feutbzuledjr7n0nuufja7ck
- <SD-Card>/Android/####/1g6pl8ni1bx277pdjiic5pfaj
- <SD-Card>/Android/####/1jz5jcwb1icdf89zshzh70u71
- <SD-Card>/Android/####/1l6g41vn9znep8c8m9v71chvk
- <SD-Card>/Android/####/1sik7ltlxjo3ih8997lmqbns1
- <SD-Card>/Android/####/1tibdoehcx8refgp9x6akbsr2
- <SD-Card>/Android/####/1vmpprff5m38gake7d4wm4x8i
- <SD-Card>/Android/####/24r2vlstdwdsjn63fwacwdysr
- <SD-Card>/Android/####/28c22ph0fb8niz34njm0ruoi4
- <SD-Card>/Android/####/2bdrmfwmg6unj2frqhb6w6jqv
- <SD-Card>/Android/####/2cztwc1xa663o3u7vq7b8hb2f
- <SD-Card>/Android/####/2dd6n6r9sjvri4kupts16acg
- <SD-Card>/Android/####/2k3ejbj1ye6p0j04w0ei15ybm
- <SD-Card>/Android/####/2l9b9cmsh67q9u1skjc6vkani
- <SD-Card>/Android/####/2v0mp88ewwncv5w431shgn8t1
- <SD-Card>/Android/####/2wlaifhr4py3s7kyx45vyp1aj
- <SD-Card>/Android/####/2wogkz09kxfualxzzhm9750et
- <SD-Card>/Android/####/2xsycrd2brgt39ue35yzawkzh
- <SD-Card>/Android/####/30rg7mahbf5hcjynqky9d9rsk
- <SD-Card>/Android/####/32jxesgqeuu1np4qrxbiynwi4
- <SD-Card>/Android/####/38kk8x7g9ziea3jdlvpq5ow48
- <SD-Card>/Android/####/3afs49p0qpd95qp76ipllmej1
- <SD-Card>/Android/####/3ll3nktbzbar0ppgbrnxm72ec
- <SD-Card>/Android/####/3mo18y44jt9dsf6hr0axrnxxy
- <SD-Card>/Android/####/3quw7ot4e3m46jqu7zblfp918
- <SD-Card>/Android/####/3tjstaqyoc57ng0nsfhs9z0pm
- <SD-Card>/Android/####/3w25dcy5auhjw81alebh7qog5
- <SD-Card>/Android/####/3w5ulwhiv01tg1wk42uagpvj7
- <SD-Card>/Android/####/41l4o8hhr9d28xz0j2dvmcmxe
- <SD-Card>/Android/####/43gmbx91n7r90c9tepjs0nz1z
- <SD-Card>/Android/####/49autrzgvmdt3uyp087a2nkkt
- <SD-Card>/Android/####/4he1o3omzzlwqs2peqbnyoshz
- <SD-Card>/Android/####/4jfjtygcj1suew1gdmlun0tek
- <SD-Card>/Android/####/4na0y0t5hz1n01heo2pk6tbj0
- <SD-Card>/Android/####/4qot82cm15k78fm0k22tqgx12
- <SD-Card>/Android/####/4u693wyfmahp2dp064w7okzzx
- <SD-Card>/Android/####/4yetfbhd7vbh39dgg8d3ily17
- <SD-Card>/Android/####/56iahlzgzug3e4zmp1m25kxah
- <SD-Card>/Android/####/5c01k6w6lsnlqsmpgb4yvl676
- <SD-Card>/Android/####/5f3e73y17xgcz37ptly2vnftz
- <SD-Card>/Android/####/5km90gav25qusg6m0r3g6maxx
- <SD-Card>/Android/####/5kzyjikx8aqamc4v119uy0m2y
- <SD-Card>/Android/####/5qspyb1z4bdj9iqalvtjb6yzj
- <SD-Card>/Android/####/5v0w0gsdekt7j3roxthao7bb2
- <SD-Card>/Android/####/5x7hubi9z9j54pq810ze18onz
- <SD-Card>/Android/####/5zd1cti57grzn7j6cjdmnx67q
- <SD-Card>/Android/####/5zt9i4nllniu296mwdhf54759
- <SD-Card>/Android/####/60vqpe51sf7xdda4kagmwdyim
- <SD-Card>/Android/####/60yoeuj1zw2xl5omxfe8isbkt
- <SD-Card>/Android/####/62mw3yj222tms7bsym9r9xpns
- <SD-Card>/Android/####/6340kddsxbrnzvdp96axwuhae
- <SD-Card>/Android/####/645n8u2d576pr2iq4o6gc1dw
- <SD-Card>/Android/####/648bs8liq7iq90w89lrqsrta9
- <SD-Card>/Android/####/65dnsorj4abz1ckmv38yb4umt
- <SD-Card>/Android/####/67gcm3764f7tdqsbkx7hy5lx1
- <SD-Card>/Android/####/6975op5adddqpoxshrlpoo7gj
- <SD-Card>/Android/####/6b3h5vo0krtbyiwe0wd1a14w3
- <SD-Card>/Android/####/6d1hmd3khdgxq2sgde6k5fpyq
- <SD-Card>/Android/####/6oy0o6xcvmnl519981c9q4v4z
- <SD-Card>/Android/####/75g6oioefio0s53zfsraru7bn
- <SD-Card>/Android/####/76tltntchkxhwadny2quwebey
- <SD-Card>/Android/####/77mcnwto2nq8iateaa49hblj5
- <SD-Card>/Android/####/780xy61ljg0vaeqfe9vsa6lzi
- <SD-Card>/Android/####/7azxwlpekyjytt37h5w653t3t
- <SD-Card>/Android/####/7bgowsbaku56frzojlfipu6z4
- <SD-Card>/Android/####/7fsf56g7sgicgslegh96c67y4
- <SD-Card>/Android/####/7g9cdy3i7xmyh5wgzry2d6fj5
- <SD-Card>/Android/####/7ghne97z5w5t4xpb30w280aye
- <SD-Card>/Android/####/7k8azxhlzqafdam7beyrohzi
- <SD-Card>/Android/####/e6s04cask2or6ghc3ipo5kax
- <SD-Card>/Android/####/emawwx5ngv8ug6rtmksr2p54
- <SD-Card>/Android/####/hxl0ck6qtn3vd76laukps7m1
- <SD-Card>/Android/####/jd0ye1gqskgo98d3jrxmraln
- <SD-Card>/Android/####/lbtsxc6ft9pynyd5whb22hxb
- <SD-Card>/Android/####/n1cwst6mm2jyuqo7q0llkav6
- <SD-Card>/Android/####/s3zwrunzgyz572204bll37so
- <SD-Card>/Android/####/wb6bvsftr6bhka0qghet25f9
- <SD-Card>/libs/<Package>.db
- <SD-Card>/libs/app.db
- <SD-Card>/libs/com.getui.sdk.deviceId.db
- <SD-Card>/libs/com.igexin.sdk.deviceId.db
- <SD-Card>/system/####/tdata_WqQ090
- <SD-Card>/system/####/tdata_gcr824
Другие:
Запускает следующие shell-скрипты:
- /data/data/com.zhuoyian.horsebrowser/files/gdaemon_20161017 0 com.zhuoyian.horsebrowser/com.igexin.sdk.PushService 25615 300 0
- chmod 700 /data/data/com.zhuoyian.horsebrowser/files/gdaemon_20161017
- chmod 700 <Package Folder>/files/gdaemon_20161017
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 25615 300 0
Загружает динамические библиотеки:
- SecShell
- getuiext2
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
Осуществляет доступ к информации о сети
Осуществляет доступ к информации о телефоне (номер, imei и тд.)
Осуществляет доступ к информации об установленных приложениях
Осуществляет доступ к информации о запущенных приложениях
Добавляет задания в системный планировщик
Отрисовывает собственные окна поверх других приложений
