Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.258
- Android.Triada.266.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) c.m.1####.com:80
- TCP(HTTP/1.1) ptmgtd0####.wsclou####.com:80
Запросы DNS:
- b####.52####.com
- c.m.1####.com
- cms-bu####.n####.127.net
- ksr.sd####.com
- mt####.go####.com
Запросы HTTP GET:
- ptmgtd0####.wsclou####.com/005b64e3748d42c08aca2eb0f704fdd42017092208270...
- ptmgtd0####.wsclou####.com/0451257a71d843859f2babf0947262a32017092207514...
- ptmgtd0####.wsclou####.com/0cf7eccec8f04bbd8c9f23115bfc86f82017092209250...
- ptmgtd0####.wsclou####.com/0fc02aedbe9d4217bd02e4c05793cbcd2017092208293...
- ptmgtd0####.wsclou####.com/0fe7adfb56184bcaa92f86e7e5129cfc2017091915435...
- ptmgtd0####.wsclou####.com/104bac0d396d4c468d5f72d6ab64c4d82017092213290...
- ptmgtd0####.wsclou####.com/181927e9bae1493397adc6b79d812cb82017092209033...
- ptmgtd0####.wsclou####.com/1a8420e9bfba40fb9721eb076da3f1012016122322263...
- ptmgtd0####.wsclou####.com/1e27965cd01041cd89e1c00c8efb9e732017092210214...
- ptmgtd0####.wsclou####.com/23d5b71d8ec644e4aa6f2387716329cf2017092210351...
- ptmgtd0####.wsclou####.com/2819266ef18945719330930b76c316682017091908104...
- ptmgtd0####.wsclou####.com/2f84f8d23fef4638ab0760f5c756dd332017092211043...
- ptmgtd0####.wsclou####.com/355f8fc66480463da305f65145b601a32017092213300...
- ptmgtd0####.wsclou####.com/358f8fdc08924b039540d007e07856e42017092212571...
- ptmgtd0####.wsclou####.com/38aa93500abb46b98cef7535ac18147c2017092211193...
- ptmgtd0####.wsclou####.com/3c840414fe044fe2ae8dad88c3a45d6f2017092207512...
- ptmgtd0####.wsclou####.com/3dfd1faf09834848abbf7a4c8a824b3b2016080411423...
- ptmgtd0####.wsclou####.com/4132fd4907774d4fa88a8e860e09bbc72017092210024...
- ptmgtd0####.wsclou####.com/4ee90f7286b1485ea43867b9621d51ab2017092207592...
- ptmgtd0####.wsclou####.com/590f8ebbe3a742a1b0746e41a549df9e2017092115191...
- ptmgtd0####.wsclou####.com/5ff6342bb6364c189f894748a0769bda2017092211164...
- ptmgtd0####.wsclou####.com/60b47345bc8743bb8c9d5b8a2ebd592d2017092209114...
- ptmgtd0####.wsclou####.com/61d9330b4073435cbdb0b3b1109ed5f02017092213382...
- ptmgtd0####.wsclou####.com/651ac73c0f81409e8bb55757c2f5f7ff2017092212525...
- ptmgtd0####.wsclou####.com/6db39ae3e4804c2992345e3fe057782a2017092212301...
- ptmgtd0####.wsclou####.com/755f590247ee4c4d9b0f4016b0657bc32017092015520...
- ptmgtd0####.wsclou####.com/7838485ac7cb4e4b81a35f514c0db6b72017092213034...
- ptmgtd0####.wsclou####.com/7d221e9ba6fb414f8555233d4bdc19f62017092207333...
- ptmgtd0####.wsclou####.com/870f056d44604b51b8d068283627ff672017092208382...
- ptmgtd0####.wsclou####.com/8f2974f1cf0c433c8febfa494869e8032017092008130...
- ptmgtd0####.wsclou####.com/97e1432867064ce290b530adc68f4f0e2017091918003...
- ptmgtd0####.wsclou####.com/98499d3c9035408f8d7f9e134d83ed5a2017092207395...
- ptmgtd0####.wsclou####.com/ab3b730b1f554827bb3a52709c50a8a82017092212154...
- ptmgtd0####.wsclou####.com/ab4cd07dc6464371a807bcb78d042fd72017092111522...
- ptmgtd0####.wsclou####.com/b891a099754a45c2ab007dd4c330b8032017092211253...
- ptmgtd0####.wsclou####.com/bbdc04d87ed74aa5b707522b676f5fe62017092212584...
- ptmgtd0####.wsclou####.com/bcc8ce5daa7346bfb5b798d5f30f814e2017092210571...
- ptmgtd0####.wsclou####.com/bfd58eb7f1644fb2954ba80c3cac3b272017092211592...
- ptmgtd0####.wsclou####.com/c2f027ded0174ea28250cfa2fb91b8b22017092210174...
- ptmgtd0####.wsclou####.com/c886c076c3bf46c0930b493cfb0be2102017092208594...
- ptmgtd0####.wsclou####.com/dd8abfb2d33e4eca8fddaf6bc54a6cba2017092019152...
- ptmgtd0####.wsclou####.com/df19816da04f4af8a5a7ef8b36af180f2016070518425...
- ptmgtd0####.wsclou####.com/e183d04034f94abc87dd75457fc8a0db2017092211313...
- ptmgtd0####.wsclou####.com/e45e0b769d1a4c09b7513478f8d57f252017092207211...
- ptmgtd0####.wsclou####.com/ef94479758a54cd1ac7a483b1d0cd57a2016070519243...
- ptmgtd0####.wsclou####.com/f4ae8770f24843faa5e9582b3afee7ea2017092211025...
- ptmgtd0####.wsclou####.com/f4bc28eb1261448aafa00ed67d43d7002017092213333...
- ptmgtd0####.wsclou####.com/f5f6e334919b4836a07ec9c4cb8742792017092210140...
- ptmgtd0####.wsclou####.com/f8369ec213db4c5fa6589db4634729402017092021234...
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/0152332e9bbc6f345323a9c9118e397173d....0.tmp
- <Package Folder>/cache/####/0981ed959be60833a1158d7387f030d3ef7....0.tmp
- <Package Folder>/cache/####/0c9405d8fb192cbe115219720e839e48dbb....0.tmp
- <Package Folder>/cache/####/139accff0b26661b65490e6883a2fb2b778....0.tmp
- <Package Folder>/cache/####/13a468e172330546026bab36169ca31fe9a....0.tmp
- <Package Folder>/cache/####/14ea3b43c0200602a3d9d8db6b3ac0b68f1....0.tmp
- <Package Folder>/cache/####/15b1a990970dd423a3c24f40240c56e2c4e....0.tmp
- <Package Folder>/cache/####/194c667fd7749bcf768b3812df78bcaa0e9....0.tmp
- <Package Folder>/cache/####/1a5a40540d404a19488c6c0b6aa4c0beeb3....0.tmp
- <Package Folder>/cache/####/1afa0bd2f5ea6480cb65d1349847368a66e....0.tmp
- <Package Folder>/cache/####/1e63af2724f1b3834ff51c46f6d95c9090b....0.tmp
- <Package Folder>/cache/####/212065cf32bea70fba7bc9dbf04ea409e16....0.tmp
- <Package Folder>/cache/####/2208993e21a2bea17d4461a660336080fd6....0.tmp
- <Package Folder>/cache/####/23d33564df009b86ff221246d585a1d378c....0.tmp
- <Package Folder>/cache/####/246d8fafd26674eb9ed1bba5da140045349....0.tmp
- <Package Folder>/cache/####/268a9ac381c042397b723e898240a9d0ed1....0.tmp
- <Package Folder>/cache/####/27003bc181c9150d735c19a6ff8a5663ffb....0.tmp
- <Package Folder>/cache/####/33786347141591ca891e5aea591bfab6e76....0.tmp
- <Package Folder>/cache/####/3feb6be4e51a0de8d1a6a0283e4e86c94e3....0.tmp
- <Package Folder>/cache/####/41c3bee5d813e531f909bf85173223ca275....0.tmp
- <Package Folder>/cache/####/44ab70486aa8d680430a50d4d19245c2aa3....0.tmp
- <Package Folder>/cache/####/4942ad26b52581c422a419b73967de42bde....0.tmp
- <Package Folder>/cache/####/49cff61bcba9c5180776ee34eeb24cad48e....0.tmp
- <Package Folder>/cache/####/4c90eb05f266b367e5637c044425388932e....0.tmp
- <Package Folder>/cache/####/4d0bf8521f05ad902bc27937f429b5131c7....0.tmp
- <Package Folder>/cache/####/6006aa85b9881bd8b33401c94f87fdb1043....0.tmp
- <Package Folder>/cache/####/6f3176ddefc530976e53bfd1e1b406d6b16....0.tmp
- <Package Folder>/cache/####/71965bbfd017d8fa0114e6e47ff84f2074a....0.tmp
- <Package Folder>/cache/####/729bbcf954e985b0719642e6a43345c6810....0.tmp
- <Package Folder>/cache/####/7420ff45fd6f775d19bd63a152a2f13651d...f77b.0
- <Package Folder>/cache/####/7eb3c3dbfa5b10204a32025a8ffcfb96836....0.tmp
- <Package Folder>/cache/####/88f0937e743fd17f07b67707b83678ad602....0.tmp
- <Package Folder>/cache/####/8d1ec7ec83242f6c5aa221cfb7cbb05f829....0.tmp
- <Package Folder>/cache/####/904f2b5fa7f57fef1482eaf82ac4b339eb2....0.tmp
- <Package Folder>/cache/####/97990c4c7a07ebead47d47bf812ef97a60a....0.tmp
- <Package Folder>/cache/####/a2767ad158150c3be1a99a0d9299d4c151f....0.tmp
- <Package Folder>/cache/####/a49656ca5522f5b4d521191ac0939353ac0....0.tmp
- <Package Folder>/cache/####/a593a2f01dc6216501212da28fac3711b7e....0.tmp
- <Package Folder>/cache/####/a63ec8f0da9271d47cda913ff64fdace87a....0.tmp
- <Package Folder>/cache/####/aaa373e992c74bc7cc25a55b1ee87655fc1....0.tmp
- <Package Folder>/cache/####/ab0625800e3e34dcd1ee111d9c8e129738f....0.tmp
- <Package Folder>/cache/####/abcca4fde470af9b2019d72f3892df0f454....0.tmp
- <Package Folder>/cache/####/b736ce9aa8296601d1fccc2dfb1009a6cdb....0.tmp
- <Package Folder>/cache/####/c5ab76d9b0a447050c1f50c83bb63b8bf6a....0.tmp
- <Package Folder>/cache/####/dbde2b6a4a29410b0018173de64beb01697....0.tmp
- <Package Folder>/cache/####/df2009e3db5dc5563784b5ea9ac03bc9aad....0.tmp
- <Package Folder>/cache/####/e199650a2f88c26db1b9e17470ecd98cf81....0.tmp
- <Package Folder>/cache/####/e8d2c4c24f837fd46a7a7e2d9ecd42e6019....0.tmp
- <Package Folder>/cache/####/ef0f604e3d98b686976d4f632a0adc91459....0.tmp
- <Package Folder>/cache/####/f12b1cecc388e8a854d4ffe355e16059d12....0.tmp
- <Package Folder>/cache/####/f50d12825ebb9a07662a0fd6db66c4b6e06....0.tmp
- <Package Folder>/cache/####/f8aabbf801acacd570ce297a8d2229ce71e....0.tmp
- <Package Folder>/cache/####/fcb11c74e6868a09f188e841204c9c41853....0.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/databases/####/cc.db
- <Package Folder>/databases/####/cc.db-journal
- <Package Folder>/files/esrn.png
- <Package Folder>/files/ojpb
- <Package Folder>/files/ojpb.jar
- <Package Folder>/files/ru
- <Package Folder>/files/ru.apk
- <Package Folder>/shared_prefs/config.xml
- <Package Folder>/shared_prefs/config.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/xapcinfo.xml
Другие:
Запускает следующие shell-скрипты:
- conbb od2gf04pd9
- cufsdosck ac554db364f
- cufsmgr eb47495f7bb
- service call appops 0 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 1 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 10 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 11 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 12 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 13 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 14 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 15 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 16 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 17 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 18 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 19 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 2 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 3 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 4 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 5 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 6 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 7 i32 15 i32 10044 s16 <Package> i32 0
- service call appops 8 i32 15 i32 10044 s16 <Package> i32 0
- sh
Использует следующие алгоритмы для расшифровки данных:
- AES-ECB-PKCS5Padding
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Отрисовывает собственные окна поверх других приложений.
Осуществляет доступ к информации об отправленых/принятых смс.
