Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- a####.####.com
- a####.####.com:8011
- and####.####.com
- bili####.com
- c####.####.cn
- c####.####.top
- e####.####.top
- h####.####.com
- i####.####.com
- l####.####.com
Запросы HTTP GET:
- a####.####.com/api/series/indexV2?offset=####&count=####
- bili####.com/video/av13048954
- c####.####.cn/upload/201703/10/img/20170310154746318.png
- c####.####.top/upload/201708/7/app/20170807142709208.apk
- h####.####.com/hj_res/FizBJQnepeDcjmcQ3N747jOTmgzF.jpg?imageVi####
- i####.####.com/bfs/archive/3786df9141f68246c477c1bb18485a4aa9af83ac.png
- i####.####.com/bfs/archive/4a480da743f89ab29db51a963aaa61e8388bb0c3.jpg
- i####.####.com/bfs/archive/ee2e7537d6b51d25588401c204f77818e8a5f15c.jpg
Запросы HTTP POST:
- a####.####.com/app_logs
- a####.####.com:8011/rqd/async?aid=####
- and####.####.com/rqd/async?aid=####
- e####.####.top/hadat/lx/xhp
- l####.####.com/sdk.php
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_crashrecord/1004
- <Package Folder>/cache/####/-1118661919-1884918690
- <Package Folder>/cache/####/-11186619191759761614
- <Package Folder>/cache/####/-11810510211924894852
- <Package Folder>/cache/####/-1977761073-2123566100
- <Package Folder>/cache/####/-292080974353757
- <Package Folder>/cache/####/2042124110-1789673635
- <Package Folder>/cache/####/410804788-1433676193
- <Package Folder>/cache/####/4108047881650420970
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_0 (deleted)
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_1 (deleted)
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_2 (deleted)
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/data_3 (deleted)
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/index (deleted)
- <Package Folder>/databases/bugly_db_-journal
- <Package Folder>/databases/hanjudb.db-journal
- <Package Folder>/databases/t_u.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/####/firll.dat
- <Package Folder>/files/####/ofl.config
- <Package Folder>/files/####/ofl_location.db
- <Package Folder>/files/####/ofl_location.db-journal
- <Package Folder>/files/####/ofl_statistics.db
- <Package Folder>/files/####/ofl_statistics.db-journal
- <Package Folder>/files/.imprint
- <Package Folder>/files/iq.jar
- <Package Folder>/files/ko.jar
- <Package Folder>/files/libcuid.so
- <Package Folder>/files/local_crash_lock
- <Package Folder>/files/mobclick_agent_cached_<Package>8200
- <Package Folder>/files/security_info
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/files/yp.jar
- <Package Folder>/shared_prefs/crashrecord.xml
- <Package Folder>/shared_prefs/dsi.xml
- <Package Folder>/shared_prefs/hanju_app_prefer.xml
- <Package Folder>/shared_prefs/hanju_app_prefer.xml.bak
- <Package Folder>/shared_prefs/kr.xml
- <Package Folder>/shared_prefs/kr.xml.bak
- <Package Folder>/shared_prefs/mipush.xml
- <Package Folder>/shared_prefs/mipush_extra.xml
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/sfe.xml
- <Package Folder>/shared_prefs/sfe.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/shared_prefs/wv.xml
- <Package Folder>/shared_prefs/wv.xml.bak
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/02a8f59fecf73417c5ff7fe252e4f9143edcfe63d04e1b7fd7be72c679542449.0.tmp
- <SD-Card>/Android/####/062e71b83023f
- <SD-Card>/Android/####/0dcfd5bf9e8506a92dcd148d2fa8c9a796f8aafa4d2192d77ae3bc9fb5f94d36.0.tmp
- <SD-Card>/Android/####/10699c7d687e48cf9794e26047df383ac957e154f1d1b931254289f93330bca0.0.tmp
- <SD-Card>/Android/####/168353696a2cdc36344794cc12ec74cc4df31b0eb05331c613d56f7814f14810.0.tmp
- <SD-Card>/Android/####/1e53fde5d97f64c808c40e4911457a14761bee8eee83be3bbc56ac41d98592bc.0.tmp
- <SD-Card>/Android/####/272f4bacadc24ea98edf473158c230acb21070399b8e0b963c7105d98fdd2304.0.tmp
- <SD-Card>/Android/####/2efd8fa684ae05d4fccd5582aa7d7ff4faa42fa497b0fdbc41944a37299b6075.0.tmp
- <SD-Card>/Android/####/32052230634280b41637e9ce6758bb1be4aa79d2c835f90d4f934a303f28a683.0.tmp
- <SD-Card>/Android/####/3425579e8f9f89d5028bd48ee11617f88d5a4b9ec31ac56f0e6287382797f587.0.tmp
- <SD-Card>/Android/####/3886bdee0247a8beb6b9d3ca6568e66f8896e9f0a95d3dab2991fca30b40f3eb.0.tmp
- <SD-Card>/Android/####/456738bd6f63823f16591a58999f48ba20f2788f982bc753a7e207848b01a403.0.tmp
- <SD-Card>/Android/####/47c5c012161732ed68b6da6b39c52258f9605b402f0dde45ea11dbb687e277c1.0.tmp
- <SD-Card>/Android/####/48ff0be46d51d3e10357be43e832156583b595cbea9510824e074e16f4d5ac16.0.tmp
- <SD-Card>/Android/####/54de32a18cf3505a951db42bfeee026b8cc8774340a203b65d88255b1d53ed98.0.tmp
- <SD-Card>/Android/####/551c74147edd2a413a0f09431acb352d5707779bb9419d27c35dce22f4e7647d.0.tmp
- <SD-Card>/Android/####/57814491f8c244ff04a6ce56472ffa52d47ce5673731a98a01945204e6bb1529.0.tmp
- <SD-Card>/Android/####/6b4c43e9d5bc874516e7e035486a4ca628443e1d0298fbfce92746181e363599.0.tmp
- <SD-Card>/Android/####/6c9dc5f2ab119fe9b93112a4417bd4455e447c0454cf49e291c965753d748435.0.tmp
- <SD-Card>/Android/####/764b9c24e4fba7cd11fad4e26a1d0ad854f096c5f8420403eaf8facefe917a25.0.tmp
- <SD-Card>/Android/####/80732b6b332745e000f8bc5470e85657e03677ab019c3347a3351676ce2c0e27.0.tmp
- <SD-Card>/Android/####/80dcc71d9183e18333e18b0f7050604db720511751d51ab4f5678e88283a6f75.0.tmp
- <SD-Card>/Android/####/80dfce7da71f55c24774a1731d7ab848da92a0f7728482f580cd50c3b1bab975.0.tmp
- <SD-Card>/Android/####/84cbe35b9f169dd5a2402b036200af7f7ce9e6b69cf3430c05aa65ea179b1a25.0.tmp
- <SD-Card>/Android/####/8803a4cb6d176a13359cdda04134b759bcdf5b6998f82048d851886a1d661f62.0.tmp
- <SD-Card>/Android/####/880d58db3820d42e3baf36b0f905a298641394c49c6fe492fd559097a4922b8d.0.tmp
- <SD-Card>/Android/####/8bb3f571ac634989a13fee1eecae76c4d767c3d174365720ed32ccefd63d3db4.0.tmp
- <SD-Card>/Android/####/94b64d14ce264f12a0f938e576a4f0fe14e1888ea04545b97ae61a30c9eead52.0.tmp
- <SD-Card>/Android/####/97a251539e045806b1826cc2a511e284.apk
- <SD-Card>/Android/####/9a6c47f76cbafddff5351e3d1370ca1c1b3c83c27dfb2b7048046aa17e95df1d.0.tmp
- <SD-Card>/Android/####/V2.7.6.txt
- <SD-Card>/Android/####/b.tmp
- <SD-Card>/Android/####/b47cecd25ee7d0996201b2079bcb195b06f75cff77e6350930eb4b425b2d126f.0.tmp
- <SD-Card>/Android/####/b5171ca070b896c75c16cfcc9e5742d269f090579bd5966e09d103978cf88e89.0.tmp
- <SD-Card>/Android/####/bcfc8f9c62fe090ba12834454e1e4b95bd3fb0dec5238b5fbdf94354e316a6b6.0.tmp
- <SD-Card>/Android/####/c6bdd42fb0d7180ade52c974ee72aeb138d75aec23756ad45d2e85358e4235ac.0.tmp
- <SD-Card>/Android/####/ca3c7c3b272cc4a01d7b37fc1111af0e86decb6389e6d401782c51079d93fa57.0.tmp
- <SD-Card>/Android/####/cbc44a91f72aae8a2e774e2cf07923960f173d45ea30164f714a8066cc6f9d78.0.tmp
- <SD-Card>/Android/####/cbd757d2ea0fb126011046c8eab41e94783ed4d433077e2c45a41917afa213f0.0.tmp
- <SD-Card>/Android/####/d6cd4fe929dfcc4dc9b2e35f3efb2d65204fd5c6b989a00ccba8bcbba4a91b21.0.tmp
- <SD-Card>/Android/####/daadd72a759b2c978671c209eb25ac469de34c67325447b441ecc49ac3a286b6.0.tmp
- <SD-Card>/Android/####/daf1ad9160ef071ccfdf1acf7c7d39571ef70eb4225b2032c5e555464b3a4999.0.tmp
- <SD-Card>/Android/####/e4a2ebe9e13e0da23a5d63b120e94bc84f367020307ad480c182c4b1f815a400.0.tmp
- <SD-Card>/Android/####/f61d32edc35792b0593cc38195de472a4536b9eea5917f6d4c408cb98bc94ffc.0.tmp
- <SD-Card>/Android/####/f9b0106c0e59767fa3be7e801b68e1a64220be74b5276b031700358b5ed7f924.0.tmp
- <SD-Card>/Android/####/fc14f9cea3a78
- <SD-Card>/Android/####/fda0ac26aaeaa3bc02052aba3311ca82e50ca3cd3561abc781abc0eb8eddb21c.0.tmp
- <SD-Card>/Android/####/ff4756763e0a2bcd3c8710e3cfb3a070371b838b6ee089fd79c90b1fc11fce7b.0.tmp
- <SD-Card>/Android/####/ffb89840500a32b1db6f08572e218f388361417c6251e42198231d2542c7b1a9.0.tmp
- <SD-Card>/Android/####/journal
- <SD-Card>/Android/####/journal.tmp
- <SD-Card>/Android/####/log.lock
- <SD-Card>/Android/####/log1.txt
- <SD-Card>/Tencent/####/com.tencent.mobileqq_connectSdk.17.08.04.12.log
- <SD-Card>/backups/####/.cuid
- <SD-Card>/backups/####/.cuid2
- <SD-Card>/baidu/####/conlts.dat
- <SD-Card>/baidu/####/ller.dat
- <SD-Card>/baidu/####/ls.db
- <SD-Card>/baidu/####/ls.db-journal
- <SD-Card>/baidu/####/yoh.dat
- <SD-Card>/baidu/####/yol.dat
- <SD-Card>/baidu/####/yom.dat
- <SD-Card>/hanju/####/0be8db864fb50a63217578aa0dc41b91.js_temp
- <SD-Card>/hanju/####/504bfea1f7f2f5f7cfdaf085c0c6ac21.js_temp
- <SD-Card>/hanju/####/666e5d5c241067f94c3486ed77537a0a.js_temp
- <SD-Card>/hanju/####/bridge_a_v28
- <SD-Card>/hanju/####/c842503a8125b0bbe0c7ef8641e5931d.js
- <SD-Card>/hanju/####/search_a_v30_temp
- <SD-Card>/hanju/.nomedia
- <SD-Card>/test.0
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh -c getprop
- /system/bin/sh -c type su
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/97a251539e045806b1826cc2a511e284.apk
- getprop
- mount
Загружает динамические библиотеки:
- Bugly
- ijkffmpeg
- ijkplayer
- ijksdl
- locSDK6a
- ndkbitmap
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
- DES
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
