Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.84.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) cdn.43####.com.####.com:80
- TCP(HTTP/1.1) f1.img####.com.####.com:80
Запросы DNS:
- cdn.43####.com
- f1.img####.com
- m####.439####.net
- m.api.4####.cn
- s####.m.img####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
Запросы HTTP GET:
- f1.img####.com.####.com/ma~145_20170629143308_59549f24acb02.png
- f1.img####.com.####.com/ma~167_20171013161317_59e0759d7c6fe.png
- f1.img####.com.####.com/ma~167_20171013161330_59e075aa8ab15.png
- f1.img####.com.####.com/ma~167_20171013161340_59e075b44de99.png
- f1.img####.com.####.com/ma~167_20171013161348_59e075bcc4254.png
- f1.img####.com.####.com/ma~167_20171013161400_59e075c8deb5c.png
- f1.img####.com.####.com/ma~167_20171013161409_59e075d1c9311.png
- f1.img####.com.####.com/ma~167_20171013161419_59e075db860bf.png
- f1.img####.com.####.com/ma~167_20171013161429_59e075e52e975.png
- f1.img####.com.####.com/ma~167_20171013161438_59e075ee10ba5.png
- f1.img####.com.####.com/ma~167_20171013161452_59e075fc17fdf.png
- f1.img####.com.####.com/ma~193_20170713103055_5966db5fe5c46.png?t=####
- f1.img####.com.####.com/ma~27_20170706154005_595de955018bc.png
- f1.img####.com.####.com/ma~wap_s2_1512091858
- f1.img####.com.####.com/ma~wap_s2_1512097753
- f1.img####.com.####.com/sj~111208_logo_5a0903d342da5.jpg
- f1.img####.com.####.com/sj~113929_logo_59e0185d29e58.jpg
- f1.img####.com.####.com/sj~113958_logo_59e171a06c38d.jpg
- f1.img####.com.####.com/sj~114985_logo_5a0257a4691ba.jpg
- f1.img####.com.####.com/sj~115766_logo_5a1bb86ff1b4d.jpg
- f1.img####.com.####.com/sj~115799_logo_5a1d1045c3b0c.jpg
- f1.img####.com.####.com/sj~92170_logo_594f1d693f74e.jpg
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/cache/####/0237e218824cde5f53ac62d900067113d6e....0.tmp
- <Package Folder>/cache/####/0242365cbcb08e515a666db19c99693d31f....0.tmp
- <Package Folder>/cache/####/03ca6a7766122d99688d3281eb0177dd670....0.tmp
- <Package Folder>/cache/####/0797bf534d8b50261610e73b907a2b66ca2....0.tmp
- <Package Folder>/cache/####/172850274b04496052ea71e35673c65a7e0....0.tmp
- <Package Folder>/cache/####/244d2a4359a96f54a6553e817f52d623e1e....0.tmp
- <Package Folder>/cache/####/2afc44dae0e60af65d079b1c889326f1542....0.tmp
- <Package Folder>/cache/####/30a5a83cb9bc32ce9f5d2565afae8a6df3a....0.tmp
- <Package Folder>/cache/####/3223647273ea34e92dd0a820e0e0458303d....0.tmp
- <Package Folder>/cache/####/3526c255872a2250da2b6be30898f8640ff....0.tmp
- <Package Folder>/cache/####/3b7117aca085d8026c66a4cca311bba7fc3....0.tmp
- <Package Folder>/cache/####/48ba847a2b14693cb11d333ce62f4bb798d....0.tmp
- <Package Folder>/cache/####/5529aea77d30cb5528321ddbbd2dff87116....0.tmp
- <Package Folder>/cache/####/5b015a51cd01c3297ce07f055b58f7b344a....0.tmp
- <Package Folder>/cache/####/69ccf8bd5c8a80b8c27f9cc216aa30a726f....0.tmp
- <Package Folder>/cache/####/72e371395be60e2ff1aaf5d0bf9b7bc08ec....0.tmp
- <Package Folder>/cache/####/73b352cfcbd2ba21c47e58a21439d86d154....0.tmp
- <Package Folder>/cache/####/78aeb2b5dece3cb16ed4dfca3a79fed94bb....0.tmp
- <Package Folder>/cache/####/7bc20c513b34621ef79c57e54fd08ba5375....0.tmp
- <Package Folder>/cache/####/7e44033224efb2cc19891e5b200229f835f....0.tmp
- <Package Folder>/cache/####/89b62b30965a0bfa29ffe066e82d275c2e6....0.tmp
- <Package Folder>/cache/####/97aab7a04e8d7832ff0b6a202fe9f4ed38c....0.tmp
- <Package Folder>/cache/####/97d9dcca487e3fdad1ab5e2d3db890ded67....0.tmp
- <Package Folder>/cache/####/99d379bc8c9b78ef491bffbfc73840d39dd....0.tmp
- <Package Folder>/cache/####/a257b906652122c9e35605efd37369fb501....0.tmp
- <Package Folder>/cache/####/a97ba00a2930a62ca13510953fcb1388042....0.tmp
- <Package Folder>/cache/####/aa59d2ebd2cd6e2ef40a29ab0942842624c....0.tmp
- <Package Folder>/cache/####/ad65e153fa7fdb1226e818693727f003f73....0.tmp
- <Package Folder>/cache/####/b3b0cd85985fb10e9b6bfb5c041cdc17ce8....0.tmp
- <Package Folder>/cache/####/b81b302d87604549be8f129433ac1e8f5d8....0.tmp
- <Package Folder>/cache/####/cc0cf5fb1e185399f1205cbea2abfa51a20....0.tmp
- <Package Folder>/cache/####/d09e4cbeced5fc16b7c6078cc4e7e9f42fb....0.tmp
- <Package Folder>/cache/####/d5b3dc896765b77bfdb141d0d9442d70bbe....0.tmp
- <Package Folder>/cache/####/db031ec0b812be2e8b84ae8adbdf1571f92....0.tmp
- <Package Folder>/cache/####/dba7471e611139d30d9fd590567d6fabedb....0.tmp
- <Package Folder>/cache/####/ddcdad1cbadf2df10ecbf3dc54acdc4b3b9....0.tmp
- <Package Folder>/cache/####/e5d9cd36fe6bede03e3aba31eab1995ee95....0.tmp
- <Package Folder>/cache/####/e7cb966eadaff6430f49d1baa3db1e5b09a....0.tmp
- <Package Folder>/cache/####/e8aee3fffa86b787da562d457a763bce0c6....0.tmp
- <Package Folder>/cache/####/e9ec7f11a36b0df0501447eca068177352b....0.tmp
- <Package Folder>/cache/####/f062799ae7f4047113db529b8eef73acee4....0.tmp
- <Package Folder>/cache/####/f14a55e7f8e17d4130f3cdf6a4338510880....0.tmp
- <Package Folder>/cache/####/f8736dc6cf7635be85252c4806ed2dfc1e4....0.tmp
- <Package Folder>/cache/####/ffd15d4ace6126edf0493b2d6c2393c3ce9....0.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/code_cache/####/MultiDex.lock
- <Package Folder>/databases/####/cc.db
- <Package Folder>/databases/####/cc.db-journal
- <Package Folder>/databases/downloads.db-journal
- <Package Folder>/databases/framework.db-journal
- <Package Folder>/databases/gamecenter.db-journal
- <Package Folder>/databases/pushsdk.db-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/pref.app.covers.pt
- <Package Folder>/files/####/pref.headup.message.chat.unread.pt
- <Package Folder>/files/####/push.jar
- <Package Folder>/files/init.pid
- <Package Folder>/files/init_c1.pid
- <Package Folder>/files/m4399AppEmoji3.0.json
- <Package Folder>/files/m4399BBSEmoji3.0.json
- <Package Folder>/files/mobclick_agent_cached_<Package>1194
- <Package Folder>/files/plugin.meta
- <Package Folder>/files/push.pid
- <Package Folder>/files/push.zip
- <Package Folder>/files/run.pid
- <Package Folder>/files/statistics_agent_cached_<Package>
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak (deleted)
- <Package Folder>/shared_prefs/MyAnalytics_VERSION_INFO.xml
- <Package Folder>/shared_prefs/MyAnalytics_device_id.xml
- <Package Folder>/shared_prefs/MyAnalytics_general_config.xml
- <Package Folder>/shared_prefs/getui_sp.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/push_box_sdk_version.xml
- <Package Folder>/shared_prefs/skin_main_plugin_pref.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <SD-Card>/.disys
- <SD-Card>/.ssjjsy/####/<Package>.sdklogin
- <SD-Card>/.test.txt
- <SD-Card>/libs/<Package>.bin
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- dmesg
- getprop
- grep -i blueStacks
- ls /system/bin
- ls /system/lib
- sh
Загружает динамические библиотеки:
- getuiext2
- libjiagu
- m4399
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
