Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.258
- Android.Triada.266.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) c.m.1####.com:80
- TCP(HTTP/1.1) w3outyh####.wsclou####.com:80
- TCP(HTTP/1.1) ptmgtd0####.wsclou####.com:80
Запросы DNS:
- b####.52####.com
- c.m.1####.com
- cms-bu####.n####.127.net
- din####.n####.127.net
- kso.sd####.com
Запросы HTTP GET:
- w3outyh####.wsclou####.com/vyq3RLiWlDH3VrsrKm5NvS1KNoETSOj8fPioHr9wfQzQy...
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/0665648e2c4964d537eb1626af0daa89612....0.tmp
- <Package Folder>/cache/####/0981ed959be60833a1158d7387f030d3ef7....0.tmp
- <Package Folder>/cache/####/0c9405d8fb192cbe115219720e839e48dbb....0.tmp
- <Package Folder>/cache/####/0f39794d9b27c66b38b59fbea10981bd0e1....0.tmp
- <Package Folder>/cache/####/111b1fe4df72e433c4cd488a68fe713d5d9....0.tmp
- <Package Folder>/cache/####/13a468e172330546026bab36169ca31fe9a....0.tmp
- <Package Folder>/cache/####/14ea3b43c0200602a3d9d8db6b3ac0b68f1....0.tmp
- <Package Folder>/cache/####/15b1a990970dd423a3c24f40240c56e2c4e....0.tmp
- <Package Folder>/cache/####/194c667fd7749bcf768b3812df78bcaa0e9....0.tmp
- <Package Folder>/cache/####/1a6b45d296ffc8d5c5186c589c9528cd291....0.tmp
- <Package Folder>/cache/####/1e0e13aa77c807bb946489050edef09331a....0.tmp
- <Package Folder>/cache/####/212065cf32bea70fba7bc9dbf04ea409e16....0.tmp
- <Package Folder>/cache/####/2208993e21a2bea17d4461a660336080fd6....0.tmp
- <Package Folder>/cache/####/23d33564df009b86ff221246d585a1d378c....0.tmp
- <Package Folder>/cache/####/286c0a1b8efe7454238b3712cf59cf65dad....0.tmp
- <Package Folder>/cache/####/312ad527e2c6bb9a5c2df7776ed999b6e6d....0.tmp
- <Package Folder>/cache/####/3feb6be4e51a0de8d1a6a0283e4e86c94e3....0.tmp
- <Package Folder>/cache/####/41f7f815c358f727f48d1be1fda1569bc43....0.tmp
- <Package Folder>/cache/####/4338fb3364e7e7f8e5aa287fb57f6bc1d4d....0.tmp
- <Package Folder>/cache/####/44ab70486aa8d680430a50d4d19245c2aa3....0.tmp
- <Package Folder>/cache/####/45e6d85754637f4c3b4d83bacb9c50e5b1d....0.tmp
- <Package Folder>/cache/####/4942ad26b52581c422a419b73967de42bde....0.tmp
- <Package Folder>/cache/####/4b3fc06ec2f4f73554b342e65fdc4e77050....0.tmp
- <Package Folder>/cache/####/4c90eb05f266b367e5637c044425388932e....0.tmp
- <Package Folder>/cache/####/4d0bf8521f05ad902bc27937f429b5131c7....0.tmp
- <Package Folder>/cache/####/5508aed06902ee4adae8b89a8a737649451....0.tmp
- <Package Folder>/cache/####/55362130831cd72ef49250837ee8f985ab9....0.tmp
- <Package Folder>/cache/####/6006aa85b9881bd8b33401c94f87fdb1043....0.tmp
- <Package Folder>/cache/####/624d671981e2f0b37ac631cebb6f8b0653c....0.tmp
- <Package Folder>/cache/####/88f0937e743fd17f07b67707b83678ad602....0.tmp
- <Package Folder>/cache/####/8d1ec7ec83242f6c5aa221cfb7cbb05f829....0.tmp
- <Package Folder>/cache/####/8f00c96a67144c85f806bc2767c325507f0....0.tmp
- <Package Folder>/cache/####/904f2b5fa7f57fef1482eaf82ac4b339eb2....0.tmp
- <Package Folder>/cache/####/97990c4c7a07ebead47d47bf812ef97a60a....0.tmp
- <Package Folder>/cache/####/a09c9b51a60c231acdf5087d2a903e1e500....0.tmp
- <Package Folder>/cache/####/a49656ca5522f5b4d521191ac0939353ac0....0.tmp
- <Package Folder>/cache/####/a63ec8f0da9271d47cda913ff64fdace87a....0.tmp
- <Package Folder>/cache/####/ab0625800e3e34dcd1ee111d9c8e129738f....0.tmp
- <Package Folder>/cache/####/abcca4fde470af9b2019d72f3892df0f454....0.tmp
- <Package Folder>/cache/####/b736ce9aa8296601d1fccc2dfb1009a6cdb....0.tmp
- <Package Folder>/cache/####/b85045ddb945ab6d0fcbc95c4de9accca31....0.tmp
- <Package Folder>/cache/####/bae33abbb0a687d6945b9da152ae508d212....0.tmp
- <Package Folder>/cache/####/be3e77d84e09e6e920dc8bb79ef24e6babf....0.tmp
- <Package Folder>/cache/####/c41d835aaa8cdc56e0942b7a2697b5a167d....0.tmp
- <Package Folder>/cache/####/c5ab76d9b0a447050c1f50c83bb63b8bf6a....0.tmp
- <Package Folder>/cache/####/c9e44c5da204e022550fe7afd829baf291c....0.tmp
- <Package Folder>/cache/####/cb0204d46d3419b812e5e1a4a555086adc2....0.tmp
- <Package Folder>/cache/####/dbde2b6a4a29410b0018173de64beb01697....0.tmp
- <Package Folder>/cache/####/de2f83349f92f0110525eb09b70c3841061....0.tmp
- <Package Folder>/cache/####/df2009e3db5dc5563784b5ea9ac03bc9aad....0.tmp
- <Package Folder>/cache/####/ef0f604e3d98b686976d4f632a0adc91459....0.tmp
- <Package Folder>/cache/####/efc4040e840f8e0a3b716da535d13e9c3da....0.tmp
- <Package Folder>/cache/####/f5a4ca4b2dbcc8b15cee9f4384690ca3dd8....0.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/databases/####/cc.db
- <Package Folder>/databases/####/cc.db-journal
- <Package Folder>/files/rlcu
- <Package Folder>/files/rlcu.jar
- <Package Folder>/files/ru
- <Package Folder>/files/ru.apk
- <Package Folder>/files/rwwm.png
- <Package Folder>/shared_prefs/config.xml
- <Package Folder>/shared_prefs/config.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/xapcinfo.xml
Другие:
Запускает следующие shell-скрипты:
- conbb od2gf04pd9
- cufsdosck ac554db364f
- cufsmgr eb47495f7bb
- service call appops 0 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 1 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 11 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 12 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 13 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 14 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 15 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 16 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 17 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 18 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 19 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 2 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 3 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 4 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 5 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 6 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 7 i32 15 i32 10044 s16 <Package> i32 0
- sh
Использует следующие алгоритмы для расшифровки данных:
- AES-ECB-PKCS5Padding
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Отрисовывает собственные окна поверх других приложений.
Осуществляет доступ к информации об отправленых/принятых смс.
