Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Backdoor.420.origin
Предлагает установить сторонние приложения.
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) t####.sl####.com.####.com:80
- TCP(HTTP/1.1) astra####.be####.qq.com:8080
- TCP(HTTP/1.1) 3####.tc.qq.com:80
- TCP(HTTP/1.1) aeven####.be####.qq.com:8080
- TCP(HTTP/1.1) and####.api.it####.cn:80
- TCP(HTTP/1.1) fb.it####.cn:80
- TCP(HTTP/1.1) sn####.qq.com:80
- TCP(HTTP/1.1) oth.str.mdt.####.com:8080
- TCP(HTTP/1.1) serv####.it####.hk:80
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) n1.app.it####.cn:80
- TCP(HTTP/1.1) img.it####.hk:80
- TCP 2####.205.142.158:14000
Запросы DNS:
- a####.u####.com
- aeven####.be####.qq.com
- and####.api.it####.cn
- astra####.be####.qq.com
- fb.it####.cn
- i####.dd.qq.com
- img.it####.hk
- n1.app.it####.cn
- oth.str.mdt.####.com
- pp.m####.com
- serv####.it####.hk
- sn####.qq.com
- t####.sl####.com
Запросы HTTP GET:
- and####.api.it####.cn/best/all?limit=####&offset=####&client_version_cod...
- and####.api.it####.cn/best/app?limit=####&offset=####&client_version_cod...
- and####.api.it####.cn/detail?id=####&client_version_code=####
- and####.api.it####.cn/rank/app?limit=####&offset=####&client_version_cod...
- and####.api.it####.cn/relates/com.tencent.mm?offset=####&limit=####&clie...
- and####.api.it####.cn/search/rand
- and####.api.it####.cn/topics/adlist
- and####.api.it####.cn/update_time
- fb.it####.cn/index.php?m=####&a=####&appid=####
- img.it####.hk/apk/icon/17/64/com.fkdlz.apk.itools.sky-59b7442e6289e.png
- img.it####.hk/apk/icon/27/44/com.zltl.apk.itools.sky-59c472b2d664e.png
- img.it####.hk/apk/icon/31/60/com.UCMobile-578494ab8926b.jpg
- img.it####.hk/apk/icon/32/7/com.MengYou.StormHeros.itools.sky-59cc59a2a8...
- img.it####.hk/apk/icon/43/80/com.yxgc.fsgj.itools.sky-59b9e867ec59f.png
- img.it####.hk/apk/icon/43/92/com.xmsy.itools.sky-59cdaec7a7b44.png
- img.it####.hk/apk/icon/60/23/<Package>-58b7ebcee6d36.png
- img.it####.hk/apk/icon/60/3/com.tjhy.bloodwulin.sky-59cc57c2ce842.png
- img.it####.hk/apk/icon/67/70/com.baidu.BaiduMap-56efa6474d4d9.jpg
- img.it####.hk/apk/icon/68/10/com.vanggame.jpqy.itools.sky-59b1f4dbeabd3....
- img.it####.hk/apk/icon/74/4/com.hireal.mengtasanguo.sky-59cb0221df089.png
Запросы HTTP POST:
- and####.api.it####.cn/update
- n1.app.it####.cn/?r=####
- serv####.it####.hk/Status.php
- sn####.qq.com/mstat/report//?index=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/DENGTA_META.xml
- /data/data/####/beacon_db-journal
- /data/data/####/classes2.dex.MD5
- /data/data/####/classes3.dex.MD5
- /data/data/####/classes4.dex.MD5
- /data/data/####/classes5.dex.MD5
- /data/data/####/classes6.dex.MD5
- /data/data/####/com.tencent.mobileqq_2319
- /data/data/####/libDecodeSo.so
- /data/data/####/proc_reporter.xml
- /data/data/####/qzone_plugin.apk.tmp
- /data/data/####/so_sp.xml
- /data/data/####/suicide_count
- /data/data/####/temp_classes2.dat
- /data/data/####/temp_classes3.dat
- /data/data/####/temp_classes4.dat
- /data/data/####/temp_classes5.dat
- /data/data/####/temp_classes6.dat
- /data/data/####/update_plugin_version.xml
- <Package Folder>/cache/####/1_OxrufmQOZqK-YgqZBa-bysFpM.769451028.tmp
- <Package Folder>/cache/####/3EiRYeAyvcl_Q33ER9NUg0WteNo.278324404.tmp
- <Package Folder>/cache/####/3EmNFTFlNYpx9LvpZSisMtYsDww.2031557092.tmp
- <Package Folder>/cache/####/3uJRZXr_JHLColOliM79NiwFVXM.1144380141.tmp
- <Package Folder>/cache/####/4WK3N7wkZ49mRPal6UgCR5v9xlE.-1648218891.tmp
- <Package Folder>/cache/####/5JAu4nq35DKWnfLQEROoNopEMIw.2132490198.tmp
- <Package Folder>/cache/####/5TXAFFmAJmo-MDhdaKPPC8GRZvU.1028008998.tmp
- <Package Folder>/cache/####/5ispwpBDdOjXLx-QegjMdbFCGHY.-83829934.tmp
- <Package Folder>/cache/####/9QrV_lkoJXdmujdn-ffFFMtjXP4.276000178.tmp
- <Package Folder>/cache/####/ALuW78x5awjvODKV7b-Mv88SZw0.-1333042841.tmp
- <Package Folder>/cache/####/ApTR1h_YpVpIqEM87RWdyDNBrjc.-981365526.tmp
- <Package Folder>/cache/####/CFnBhOPmc42nzYew50FJGWKs8mk.1344050664.tmp
- <Package Folder>/cache/####/Ck9PLjh7yQ5BeWY_l5w4rvhhrqU.-74830677.tmp
- <Package Folder>/cache/####/CuewwwvW0TMT7cK8mPyqx5Og9Fc.1320641246.tmp
- <Package Folder>/cache/####/FTwEbteDPwK0Ye7LyrSZXhv7Gjc.271486290.tmp
- <Package Folder>/cache/####/HwutBVgwJG4R3WCuINiqjrQzBDQ.-151012087.tmp
- <Package Folder>/cache/####/J0kAR2iOfkDVnZqoIZAM2Dkjh28.934715795.tmp
- <Package Folder>/cache/####/K0JRCDyv3YV7oWSjI9GiUK7wGSY.1816187858.tmp
- <Package Folder>/cache/####/K3kP2qA3YHyPyUORPcOKO7qR5qc.-1629889608.tmp
- <Package Folder>/cache/####/K4jRDaNyJ1wlwopX5sbLvt0-ozs.113262368.tmp
- <Package Folder>/cache/####/MfS8DVbC39nk5gkanwt-MXJKRI8.1912720678.tmp
- <Package Folder>/cache/####/OeTk4MycvcNSvz_AyGOgqJjRp60.237918142.tmp
- <Package Folder>/cache/####/QAg1l7ejS8ymvW5TR4pUbWaNERk.1300711691.tmp
- <Package Folder>/cache/####/Ryg05aqEW5tyrRHMFDCYw9o9fMQ.2013144937.tmp
- <Package Folder>/cache/####/SY9F3FLRcTRo1H89RzYXmPhEl_U.-2010107077.tmp
- <Package Folder>/cache/####/T0qveVUFvrx_owzU7JfnTXudjbk.-416248934.tmp
- <Package Folder>/cache/####/TNYbaLrsHmxDZ3UJ6k9BBMo12hs.-373989392.tmp
- <Package Folder>/cache/####/TSMclf7fejgPiHFFPJnb6fZfsWU.1866095744.tmp
- <Package Folder>/cache/####/TVFGKDzO3uAsN4OH9d21KKIcP0U.-624140960.tmp
- <Package Folder>/cache/####/TiRilp3g-0Rpex9u4bkdGxoEVCk.-1601087276.tmp
- <Package Folder>/cache/####/YIakKYaepkj7wPledgjoR2oCbjk.-1935163357.tmp
- <Package Folder>/cache/####/Zsp-UdlK7kg7bJGVII7ejtuT0Ro.-2104081612.tmp
- <Package Folder>/cache/####/_F2_IkshX2x2kIhcHdQdw_IxEXs.-751692744.tmp
- <Package Folder>/cache/####/axi-Wm-pU_Nii4IZZFfVLs8jyHs.-1747312977.tmp
- <Package Folder>/cache/####/dIm0lLf5IdGY4GsaJi1Qf5e0ZNY.386927710.tmp
- <Package Folder>/cache/####/dmZtRdoRQztEIQNSo_K6A2NlcQ0.18220669.tmp
- <Package Folder>/cache/####/eKwfJsoqSs-BIH4RTnZCd69be1k.179193484.tmp
- <Package Folder>/cache/####/ekCLZvq4U7MvqqLvIDMzhWfjUj0.-738207053.tmp
- <Package Folder>/cache/####/gt27ytTuk1yR-GZhbcpXRaFeUos.-474918790.tmp
- <Package Folder>/cache/####/hCzrVt8VYvaPZ3_d2IkWU9g3JyM.5264703.tmp
- <Package Folder>/cache/####/hpR4z9nr3j0tMVYhWakKP0Oeq1Q.1804884264.tmp
- <Package Folder>/cache/####/iL8d6a2tCrijPbuAQ1kfBIO0INE.-409398337.tmp
- <Package Folder>/cache/####/iSZOQf2eC8C9hTgfW2w0RGGVx7M.-1603532377.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/cache/####/kJ38WFjhPco3DLJpzoIpMKy0c98.-627446176.tmp
- <Package Folder>/cache/####/kmC6Lhq8nFq5iJW2mG1AOy6azjg.1771329512.tmp
- <Package Folder>/cache/####/lVlYN-KjB20oezuaexiaYqIaPpw.218522568.tmp
- <Package Folder>/cache/####/oo5-fbnsEv5CY-mmZKOznofWZpg.2050434741.tmp
- <Package Folder>/cache/####/pQ8aDSUI-Ld63wZ3FLx-SCpHN20.-1666922187.tmp
- <Package Folder>/cache/####/pYPg6ILoNgqukJJtLWJTxtOsMsQ.-1350132376.tmp
- <Package Folder>/cache/####/rIj0bkJ2bujlUfPC1jUsqcVTiQY.315482980.tmp
- <Package Folder>/cache/####/rhKhou3_MExsGg7pruIltjG0BFs.-1043631753.tmp
- <Package Folder>/cache/####/tehdN1OhsZduvuOem7E0l-UukOo.825425639.tmp
- <Package Folder>/cache/####/txE71Aow-81ldEfbSaqFwGjHuh4.-695900064.tmp
- <Package Folder>/cache/####/uF5m-1FZ3QfYGDzmdQVLpaAuxsc.-1571021577.tmp
- <Package Folder>/cache/####/uttXV6dUAbJDim4Dc5m3KjQfYUk.-337352634.tmp
- <Package Folder>/cache/####/wskxiF5UP6MXm6PniybYahheo5U.1378049408.tmp
- <Package Folder>/databases/android_games.db
- <Package Folder>/databases/android_games.db-journal
- <Package Folder>/databases/download.db-journal
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/.imprint
- <Package Folder>/files/mobclick_agent_cached_<Package>16
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/.uid.xml
- <Package Folder>/shared_prefs/config.xml
- <Package Folder>/shared_prefs/red_dot.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <SD-Card>/tencent/####/com.tencent.mobileqq.17.10.04.13.log
- <SD-Card>/thinksky/####/QQ.apk.tmp
- <SD-Card>/thinksky/.4d18d47b02d3dda6c2004cffa70dca6a.uid
- <SD-Card>/thinksky/.uid
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/sh -c getprop
- /system/bin/sh -c type su
- getprop
- getprop ro.miui.ui.version.code
Загружает динамические библиотеки:
- imagepipeline
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
