Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.247.origin
- Android.Triada.248.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- 1####.####.1
- 1####.####.190:8088
- 1####.####.1:8088
- 1####.####.88
- 1####.####.88:8999
- 6####.####.140
- a####.####.com
- i####.####.com
- l####.####.com
- res####.####.com
Запросы HTTP GET:
- 1####.####.190:8088/sdkserver/adData/adInfo/sdk/1501432303194.jar
- 1####.####.88/catServer/upload/images/5e9b3c3c-c105-4901-bee3-1079140d85...
- 6####.####.140/ando/i/mon?k=####&d=####
- i####.####.com/ando-res/ads/0/9/837ec120-ccf8-4ad0-b6fd-1303ff645eca/773...
- res####.####.com/v3/ip?key=####
Запросы HTTP POST:
- 1####.####.1/sdkserver/v2/updateSdk
- 1####.####.1:8088/sdkserver/v2/addSdk
- 1####.####.88:8999/catServer/recommend!status.action
- a####.####.com/app_logs
- l####.####.com/sdk.php
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/03c3d0b5cbb4c74607af9092b5c9d52001c17b336196877bcd4e2efca76d9681.0.tmp
- <Package Folder>/cache/####/0456616ec46368af94767de9cd8491371c6f47a0e58b10c76784551facbf6095.0.tmp
- <Package Folder>/cache/####/182598ba2ab0ff981b8a2a0999de23ee006fb646d49e694f87b9062f010edb10.0.tmp
- <Package Folder>/cache/####/1acc0c6e6b6012c2bac6e88d52a0975de30b4ae51ace91b2c927b7bfc5f05184.0.tmp
- <Package Folder>/cache/####/1f5beef5dd90baa70d67d36ccbd415282c14be47cf24ccde24ddc3efa87b05dc.0.tmp
- <Package Folder>/cache/####/27c2a19b60fc7ccc7a9bd4e2feb03f26018e7a69a36049b01812b62272f6cd69.0.tmp
- <Package Folder>/cache/####/2d00bdb820c336dcf5155c72ad9472431891e00df5ae2a418cad51e2017b5993.0.tmp
- <Package Folder>/cache/####/2ffe3e468bdae393a4f7e89d50ced109989f7c925e1878e708600e53a4afd670.0.tmp
- <Package Folder>/cache/####/30bb6f60b18a93bf1bac3730eaff5ad3f81fe92731d17d36985664d9aed25b67.0.tmp
- <Package Folder>/cache/####/34922784a4e887c59539620068fef0a1a4c529914b124e3a871a3dc08aa07680.0.tmp
- <Package Folder>/cache/####/38c467c78851194651e6226e78d58f367ae08d6b9dbb550ea565f77c369aeadb.0.tmp
- <Package Folder>/cache/####/410e5d1ad502d98b74c65b0759d00de4d82fb9ccfc3dee391efdd55f921b8d45.0.tmp
- <Package Folder>/cache/####/424d829a3ed8e5e0d3c3d01985f4035bf3c27e7e47701e52e097b634bc83db9f.0
- <Package Folder>/cache/####/43716287b1dd9e2253ff81dc746335600969624387d71acc210328586435d89d.0.tmp
- <Package Folder>/cache/####/4f58997a26a6f66978bb72025c9207ef0a14aa868c64a852cf50223560ce5ee7.0.tmp
- <Package Folder>/cache/####/543f089d1728354ab0e3f6acf1561a93d0f072c3aafe03f040c9fdd862630340.0.tmp
- <Package Folder>/cache/####/55af1d6178151870083479d48dc57b895baf09012377d54a22c1e17cbe647e65.0.tmp
- <Package Folder>/cache/####/57885d18ce9270cd97a163c515c03ea97c60c3f1da609f8ea1a689e140c318f3.0.tmp
- <Package Folder>/cache/####/5e7c10a10b579e04593f5d5570fe44e8c0501ddeab2727a95eaa855e79129f0c.0.tmp
- <Package Folder>/cache/####/62b0dd32dd6dd6259353fd15d8675b2dca68154899f255fc95caeab644eef7bb.0.tmp
- <Package Folder>/cache/####/633a3f3f8de565e5d1993f223046e66ebc1d207b12ee9478d1f18e3d8f9ea9cd.0.tmp
- <Package Folder>/cache/####/68183c7fe74f40da13584103f9cfd91abb889edc88c007c4a376b5ac2e418153.0.tmp
- <Package Folder>/cache/####/6beba163d413229f743400ec7ac7e7189eef6fed891ee0c2694455fbf5347d4d.0.tmp
- <Package Folder>/cache/####/6c5fae4130dcad5d1d159df179b3851fdb7ba01ddf3a4ee61b14cae23520938e.0.tmp
- <Package Folder>/cache/####/6fd22ccc39839c7846e32ce68bd9b7c9902d552a4f52b52c980919b9677937a4.0.tmp
- <Package Folder>/cache/####/70cc2ea5695ce78302b4ef0930e48bf5925f129c7d83313ff49da2714b757864.0.tmp
- <Package Folder>/cache/####/8008b3f3d40401bd28bf49be8ea661025a05dbc64d878181aaf0f0b3c1ff6f32.0.tmp
- <Package Folder>/cache/####/8aabff9ff6b990b7bb65d75b731b0d0d5315461c7618407799dea0338e5911a8.0.tmp
- <Package Folder>/cache/####/9000de5ba38c58e1c081fe50579f8143448cc757b793ab0f435d838816707d68.0.tmp
- <Package Folder>/cache/####/947b4e63f138d820251951612f57eee0eb5be52ae9900a5e44c3f92ceb0f35a7.0.tmp
- <Package Folder>/cache/####/98a7fc3121eb5c8b029959b0b82304c42c606848f49a79ca81a5197fac6f01e6.0.tmp
- <Package Folder>/cache/####/9952852a4f66a704f41ad49dcc8e0a547dff49987f8bfcef2dd43ca3841041ed.0.tmp
- <Package Folder>/cache/####/9fffb2c2363903f6b127eb536a3205564afd39cac760b6918965d59ee612cba6.0.tmp
- <Package Folder>/cache/####/a387f08654cbb98652097a0b823d52a33d531632c7d07341d67cb7d87fcdfd8c.0.tmp
- <Package Folder>/cache/####/a4cfb92e0ffb1e0503f564d0d9125405e96eb47a31ccc3831bab97adb34614ed.0.tmp
- <Package Folder>/cache/####/a737aec4de7d6142d2183b2f4c54f33328e1363eea7dfde11ac43e634e5c6615.0.tmp
- <Package Folder>/cache/####/aa2dfe35e12d0e9cd8efa4151c9c0f829e31ccb03b5e48fe71e08904cf498673.0.tmp
- <Package Folder>/cache/####/b037f5b2966d76c75dbf03a13b2546db8124a71c6810edbc20d5f91ad61d3897.0.tmp
- <Package Folder>/cache/####/b48cb2a260967ed54990c01dd688e3dee52549c90f2d15077051dad1d8283d95.0.tmp
- <Package Folder>/cache/####/c767fad60c5195a532f24992f3bfc7efbb1cb2ebd28abddbac73f2d095b01c8f.0.tmp
- <Package Folder>/cache/####/cf6d9ae37301618a3b585018b17f7114dc2971b51a69126a3bdb2b1e9323c376.0.tmp
- <Package Folder>/cache/####/d2f93d502fb20a509b35236170befdb254f09d4b40e76d4712cd12c656f8e504.0.tmp
- <Package Folder>/cache/####/d33b6f381cc7223ef0e2f92725b0d2b576cabc072998fb610bc8ed6c79e69bd2.0.tmp
- <Package Folder>/cache/####/d79d4ebd00eb1d1a36bfa0cd82d995ce033a0c5c3bb830ae491633d755f2e121.0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/e92f217dc3b83ebf3e95c288e122f325d3b77836ecdb39abf858f987f150c2ef.0.tmp
- <Package Folder>/cache/####/ead6c1c732626ba1afbc459aaaba2e0a3cd6c0c63d3975dbdb706044761c7b58.0.tmp
- <Package Folder>/cache/####/ee8ea376a3972c3e6bd57fae86637d02eb3f12eb93a536a8c40a5a1ddc77b618.0.tmp
- <Package Folder>/cache/####/f04fb305c64b8d5d39ad6fc887a636f348bf9bee8abcf71d4e3fb9e3e318c523.0.tmp
- <Package Folder>/cache/####/f4a2766cbc510912473cd42836a217da3548839e5259441b2b6307c6dc1c0331.0.tmp
- <Package Folder>/cache/####/f98f7ddafb8dfc384d2dcabc7ef73c75510576a1dd9ce4ddfc43315db2c14f3a.0.tmp
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/faaf73074176c4aa5c3d1d4cdfaa43011f88342b3e168b5c042c052b651a5836.0.tmp
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/code-415396/AU0r_NMQtDY8lHw_
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/download.db-journal
- <Package Folder>/databases/pN-iQkPkihFX6k1Ud3O9xK1Rqt2K8hcso9BVDfgBwV8=_1qboGx8yb3gtpwgjHX3p7Q==
- <Package Folder>/databases/pN-iQkPkihFX6k1Ud3O9xK1Rqt2K8hcso9BVDfgBwV8=_1qboGx8yb3gtpwgjHX3p7Q==-journal
- <Package Folder>/databases/pN-iQkPkihFX6k1Ud3O9xK1Rqt2K8hcso9BVDfgBwV8=_8XJ9Mv8HRcm0vsHj3iIXqzLeUHg=
- <Package Folder>/databases/pN-iQkPkihFX6k1Ud3O9xK1Rqt2K8hcso9BVDfgBwV8=_8XJ9Mv8HRcm0vsHj3iIXqzLeUHg=-journal
- <Package Folder>/databases/pN-iQkPkihFX6k1Ud3O9xK1Rqt2K8hcso9BVDfgBwV8=_G6o-vjFWE_uabGXf
- <Package Folder>/databases/pN-iQkPkihFX6k1Ud3O9xK1Rqt2K8hcso9BVDfgBwV8=_G6o-vjFWE_uabGXf-journal
- <Package Folder>/databases/pN-iQkPkihFX6k1Ud3O9xK1Rqt2K8hcso9BVDfgBwV8=_YmbioZUN6R2bTqPKWxE5vQ==
- <Package Folder>/databases/pN-iQkPkihFX6k1Ud3O9xK1Rqt2K8hcso9BVDfgBwV8=_YmbioZUN6R2bTqPKWxE5vQ==-journal
- <Package Folder>/databases/pN-iQkPkihFX6k1Ud3O9xK1Rqt2K8hcso9BVDfgBwV8=_i1gENJp-d30=-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/####/-fJf28qNCjt4bFD6_mfhfA==
- <Package Folder>/files/####/-fJf28qNCjt4bFD6_mfhfA==.new
- <Package Folder>/files/####/0akEApCtXretldtWxw9TGYhr_mFH9Nqhki3SyQ==.new
- <Package Folder>/files/####/1coovH1-boQI9sfPoCpYkA==
- <Package Folder>/files/####/224879ce-b994-4139-9fec-a3d93892a588.pic
- <Package Folder>/files/####/256a3e4d-7925-44ba-8bf6-2d3624871b0e.pic.temp
- <Package Folder>/files/####/2GKOSYlEayF9jQVjHyGKyF2iCsuXSE13.new
- <Package Folder>/files/####/2u4Gtu8uKqLPjTGVCZaU83h3NI4HIoHQKhQfsJXyQmI=.new
- <Package Folder>/files/####/3xMO-_Ix33iv301_o9SPr6gBvGI=.new
- <Package Folder>/files/####/47e24017-772e-434f-aa4e-58f6a3441185.pic.temp
- <Package Folder>/files/####/64eed8d4-e31a-421d-9fc2-0ab0f852507b.pic.temp
- <Package Folder>/files/####/6ao3ONrrpMUr7ctgQYw5eW1I0yGX8d1zaD9vow==.new
- <Package Folder>/files/####/6b91427a-db30-468e-991c-884c1cef12dd.pic.temp
- <Package Folder>/files/####/87c7d2bd-4f9b-4dd2-a527-e18af51f2e5c.pic.temp
- <Package Folder>/files/####/9833dd32-d394-4db8-8922-84ed2cc3b403.pic
- <Package Folder>/files/####/9ZPucgiVQMGDt2cOcvVVoZJCqNCSNkAnQR4tbA==.new
- <Package Folder>/files/####/AgfIZf7kQ2wAX7TZ
- <Package Folder>/files/####/ECcGpKURae7c0HTr54QE-Bhv8ik=.new
- <Package Folder>/files/####/EsEpBv_IRhBUQt6iow-aI1I-nik=
- <Package Folder>/files/####/F0qnSldNGJcajB0dgsqztWxdoa_F80Z6WF-IQ9p_F8o=.new
- <Package Folder>/files/####/Hv-jqkJeA7aefEJLpj5wMw==
- <Package Folder>/files/####/Hv-jqkJeA7aefEJLpj5wMw==.new
- <Package Folder>/files/####/KQ0oDcHJ0k3k8HQEPp2EuKJkGkBwieZW.new
- <Package Folder>/files/####/Ouvjp6__FeLqqQljGOygPw==
- <Package Folder>/files/####/RtrffDZ1UPwo_wyA.new
- <Package Folder>/files/####/Svm5T6qjHK09cRm1cxKDpuGm8dKR3Dm21uu__fo2_IE=.new
- <Package Folder>/files/####/UWSZ-eBwVjA2djpYZDcUvn8WVGY=
- <Package Folder>/files/####/WIBcauR_SxyQs6iCWCsrtP2LdoE=.new
- <Package Folder>/files/####/WbKy-63tcYUCbgk9.zip
- <Package Folder>/files/####/WgKzXVejrqt4hRqOx43u7TYG1F_DpYFB.new
- <Package Folder>/files/####/ZgtsLjtl2y1dioJFA6w63dmGb6HM-w1X.new
- <Package Folder>/files/####/e2f8d650-4f09-48aa-823a-2a1fa17837aa.pic.temp
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/fHEBf92ApvJDBmUIbJGsvf_1CCUsEVHj.new
- <Package Folder>/files/####/fHEBf92ApvJDBmUIbJGsvf_1CCUsEVHj.old (deleted)
- <Package Folder>/files/####/oD9eXgUx-lEPHM08N3tjbw==.new
- <Package Folder>/files/####/pAgkt2w1yhLsfF724_9R4AfMYInV2SXc.new
- <Package Folder>/files/####/runner_info.prop.new
- <Package Folder>/files/####/txdcxq_f.zip
- <Package Folder>/files/####/vBxcu7ksCn2VMHtDBYb7VYTX1Ps=.new
- <Package Folder>/files/####/yc6SBZKf9cfFjAXW9uInrZnpma_--SXS.new
- <Package Folder>/files/####/zaZBJq2wl8QKvfwxIliTFYzXeBriy6b4
- <Package Folder>/files/####/zaZBJq2wl8QKvfwxIliTFYzXeBriy6b4.new
- <Package Folder>/files/####/zaZBJq2wl8QKvfwxIliTFYzXeBriy6b4.old (deleted)
- <Package Folder>/files/####/zarYd1En_qKMVFzk1P77px34y0_g_SphgKuIJX6Ur5s=.new
- <Package Folder>/files/.imprint
- <Package Folder>/files/exid.dat
- <Package Folder>/files/patch.jar
- <Package Folder>/files/rdata_comandroidsupport.new
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/share_data.xml
- <Package Folder>/shared_prefs/share_data.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.armsd/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
- <SD-Card>/.armsd/####/6317061f-bb9c-4014-9c2f-03909a3201b5.res
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
- <SD-Card>/.armsd/####/MP8MtaBuguN9jnuSwtN1kQ==
- <SD-Card>/.armsd/####/d0888d19-43d9-4f72-b5d2-ee3868895b3b.res
- <SD-Card>/.armsd/####/f7f0370a-a1e0-4b86-8bad-c9ffd9431a55.res
- <SD-Card>/.armsd/####/r_pkDgN4OhnkSa0D
- <SD-Card>/.env/.uunique.new
Другие:
Запускает следующие shell-скрипты:
- /data/data/com.outman.ganjia.dief2d/code-415396/AU0r_NMQtDY8lHw_ -p com.outman.ganjia.dief2d -c com.android.support.vajdxa.hi.hi.pw.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- sh <Package Folder>/code-415396/AU0r_NMQtDY8lHw_ -p <Package> -c com.android.support.vajdxa.hi.hi.pw.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
- RSA-ECB-PKCS1Padding
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
