Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.NativeAd.2.origin
Загружает из Интернета следующие детектируемые угрозы:
- Adware.NativeAd.2.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) log.digg####.com:80
- TCP(HTTP/1.1) c####.what####.com:80
- TCP(HTTP/1.1) a####.mobinat####.com:80
- TCP(HTTP/1.1) gl####.ymtrac####.com:80
- TCP(HTTP/1.1) t####.ray####.com:80
- TCP(HTTP/1.1) ads.mobinat####.com:80
- TCP(HTTP/1.1) atracki####.appf####.com:80
- TCP(HTTP/1.1) trac####.suma####.com:80
- TCP(HTTP/1.1) duc####.b####.com:80
- TCP(HTTP/1.1) api.mo####.sdk.####.com:80
- TCP(HTTP/1.1) dl.kr####.com:80
- TCP(HTTP/1.1) aliyun-####.al####.com:80
- TCP(HTTP/1.1) img.ugc.golde####.com:80
- TCP(HTTP/1.1) t####.cpa.iqop####.com:80
- TCP(HTTP/1.1) s####.t####.co:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) api.ma####.golde####.com:80
- TCP(HTTP/1.1) a####.m.ta####.com:80
- TCP(HTTP/1.1) c####.gowa####.com:80
- TCP(HTTP/1.1) img.masal####.golde####.com:80
- TCP(TLS/1.0) ssl.gst####.com:443
- TCP(TLS/1.0) 2####.58.212.206:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) ssl.google-####.com:443
- TCP(TLS/1.0) api.face####.com:443
- TCP(TLS/1.0) app.appsf####.com:443
- TCP(TLS/1.0) www.go####.nl:443
- TCP acs4pu####.m.ta####.com:443
- TCP accscdn####.m.ta####.com:80
Запросы DNS:
- a####.m.ta####.com
- a####.mobinat####.com
- a####.u####.com
- accscdn####.m.ta####.com
- acs4pu####.m.ta####.com
- ads.mobinat####.com
- ag####.m.ta####.com
- api.ma####.golde####.com
- api.mo####.sdk.####.com
- app.appsf####.com
- atracki####.appf####.com
- c####.gowa####.com
- c####.what####.com
- dl.kr####.com
- duc####.b####.com
- g####.accoun####.com
- g####.face####.com
- gl####.ymtrac####.com
- img.masal####.golde####.com
- img.ugc.golde####.com
- log.digg####.com
- mpush####.al####.com
- rts.mo####.sdk.####.com
- s####.t####.co
- ssl.google-####.com
- ssl.gst####.com
- t####.cpa.iqop####.com
- t####.ray####.com
- trac####.suma####.com
- v.ugc.golde####.com
- www.go####.com
- www.go####.nl
- www.gst####.com
Запросы HTTP GET:
- a####.mobinat####.com/adbc?atype=####&hasGP=####&hasInsPer=####&stype=##...
- a####.mobinat####.com/adbsc?hasGP=####&sv=####&udid=####&os=####&osv=###...
- a####.mobinat####.com/adbux?v=####&tp=####&os=####&bdr=####&pk=####&id=#...
- a####.mobinat####.com/dzzb?sid=####&init=####&aid=####&sv=####&udid=####...
- a####.mobinat####.com/dzzb?sid=####&pkg=####&adid=####&aid=####&jt=####&...
- a####.mobinat####.com/dzzb?sid=####&pkg=####&adid=####&aid=####&type=###...
- ads.mobinat####.com/search.php?sid=####&aid=####&udid=####&gaid=####&os=...
- api.ma####.golde####.com/v30/app/upgrade/autocheck?mos=####&mver=####&ne...
- api.ma####.golde####.com/v30/article/autorefresh?cid=####&from=####&ad=#...
- api.ma####.golde####.com/v30/channel/conf/get?mos=####&mver=####&net=###...
- api.ma####.golde####.com/v30/config/global?mos=####&mver=####&net=####&a...
- api.ma####.golde####.com/v30/log/video/play/recommend/list?cid=####&tid=...
- api.ma####.golde####.com/v30/lolu/article/autorefresh?cid=####&mos=####&...
- api.ma####.golde####.com/v30/userconfig/update?applang=####&quickread=##...
- api.mo####.sdk.####.com/adunion/slot/getDlAd?h=####&w=####&model=####&ve...
- api.mo####.sdk.####.com/adunion/slot/getSrcPrio?h=####&w=####&model=####...
- atracki####.appf####.com/transaction/post_click?offer_id=####&aff_id=###...
- c####.gowa####.com/click?transaction_id=wadogo_goeuro_120808_1023640b114...
- c####.what####.com/aff_track?offer_id=####&affiliate_id=####&gaid=####&d...
- dl.kr####.com/p_nativeads_dx.jar
- duc####.b####.com/click/affClick?aff_id=####&offer_id=####&aff_sub=####&...
- gl####.ymtrac####.com/trace?offer_id=####&app_id=####&type=####&aff_sub6...
- img.masal####.golde####.com/avatar/b5403cd5a89a5fa73418c5303634cfbe-110....
- img.masal####.golde####.com/avatar/laughingtime.webp
- img.masal####.golde####.com/avatar/laughtergang.webp
- img.ugc.golde####.com/wemedia/cover/7558fa10f52511e797a63db8d7cdbfbe/64c...
- img.ugc.golde####.com/wemedia/cover/a8a0d5b0f52411e797a63db8d7cdbfbe/e43...
- img.ugc.golde####.com/wemedia/cover/fc50fa90f52511e797a63db8d7cdbfbe/a2f...
- img.ugc.golde####.com/yimage/006eed4c3201400591a26f33a9f20440/e3d73110ad...
- img.ugc.golde####.com/yimage/283186734c5e42f4872a6ee663687bfc/889f4010a4...
- img.ugc.golde####.com/yvideo/006eed4c3201400591a26f33a9f20440/006eed4c32...
- log.digg####.com/dzzb?sid=####&init=####&aid=####&sv=####&udid=####&os=#...
- log.digg####.com/dzzb?sid=####&pkg=####&adid=####&aid=####&jt=####&type=...
- log.digg####.com/dzzb?sid=####&pkg=####&adid=####&aid=####&type=####&sv=...
- t####.cpa.iqop####.com/click?pid=####&offer_id=####&sub1=####&sub2=####
- t####.ray####.com/agentapi/click?cid=####&aid=####&token=d####&info=####...
- trac####.suma####.com/aff_c?aff_id=####&offer_id=####&aff_sub4=####&aff_...
- trac####.suma####.com/aff_r?offer_id=144730&aff_id=6496&url=http://click...
Запросы HTTP POST:
- a####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&platfor...
- a####.u####.com/app_logs
- aliyun-####.al####.com/config
- api.ma####.golde####.com/v30/ad/config?mos=####&mver=####&net=####&appna...
- api.ma####.golde####.com/v30/ad/fetch/launch?mos=####&mver=####&net=####...
- api.ma####.golde####.com/v30/device/setinfo?mos=####&mver=####&net=####&...
- api.ma####.golde####.com/v30/user/areg?mos=####&mver=####&net=####&appna...
- api.mo####.sdk.####.com/orts/rp?h=####&w=####&model=####&vendor=####&sdk...
- api.mo####.sdk.####.com/orts/rpb?h=####&w=####&model=####&vendor=####&sd...
- s####.t####.co/log?mos=####&mver=####&net=####&appname=####&dcid=####&te...
Изменения в файловой системе:
Создает следующие файлы:
- /data/anr/traces.txt
- <Package Folder>/cache/####/41143e4b589ab861385c18e6f2b22ba35e5....0.tmp
- <Package Folder>/cache/####/5d54847ba3b3686c586d4b133262d533a94....0.tmp
- <Package Folder>/cache/####/8ecc79f9385ad591c2b5a0d955fdd33f6c4....0.tmp
- <Package Folder>/cache/####/93c8001162fe77d39ca96b8ed1ea456e0ff....0.tmp
- <Package Folder>/cache/####/b936de950b609e3ba325f60a6832ae13932....0.tmp
- <Package Folder>/cache/####/b9446b43460eed684f13a46d2b8d5bd65e0....0.tmp
- <Package Folder>/cache/####/cf1fec77eabe5b417ce5403cef8bfba08d4....0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f16e0bde1f666cec3cfb1ad522b94447505....0.tmp
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/cache/2fdb8d219d5f93f591770e71889d3bdf.0.tmp
- <Package Folder>/cache/2fdb8d219d5f93f591770e71889d3bdf.1.tmp
- <Package Folder>/cache/348cb6b87cfd0cc4f1fc385dc046ea3b.0.tmp
- <Package Folder>/cache/348cb6b87cfd0cc4f1fc385dc046ea3b.1.tmp
- <Package Folder>/cache/84e52469d891884f0acb83a7852a8a66.0.tmp
- <Package Folder>/cache/84e52469d891884f0acb83a7852a8a66.1.tmp
- <Package Folder>/cache/8d51b79c47bc81a911aca8d6206cdf25.0.tmp
- <Package Folder>/cache/8d51b79c47bc81a911aca8d6206cdf25.1.tmp
- <Package Folder>/cache/c4e6ad0b32c1f57284fb8465099bc090.0.tmp
- <Package Folder>/cache/c4e6ad0b32c1f57284fb8465099bc090.1.tmp (deleted)
- <Package Folder>/cache/f52f29212a0a1a09d14c339d0e6c5ff4.0.tmp
- <Package Folder>/cache/f52f29212a0a1a09d14c339d0e6c5ff4.1.tmp
- <Package Folder>/cache/fc6f50de8e992c2530ee3bbc926e0999.0.tmp
- <Package Folder>/cache/fc6f50de8e992c2530ee3bbc926e0999.1.tmp
- <Package Folder>/cache/journal.tmp
- <Package Folder>/code_cache/####/MultiDex.lock
- <Package Folder>/code_cache/####/tmp-<Package>-1.apk.classes1160804228.zip
- <Package Folder>/databases/accs.db-journal
- <Package Folder>/databases/android_random_db27696385
- <Package Folder>/databases/android_random_db27696385-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/du_ad_cache.db-journal
- <Package Folder>/databases/du_ad_parse.db-journal
- <Package Folder>/databases/du_ad_ts.db-journal
- <Package Folder>/databases/google_analytics_v4.db-journal
- <Package Folder>/databases/google_app_measurement_local.db
- <Package Folder>/databases/google_app_measurement_local.db-journal
- <Package Folder>/databases/message_accs_db
- <Package Folder>/databases/message_accs_db-journal
- <Package Folder>/databases/random_sdkdb_data-journal
- <Package Folder>/databases/rozbuzz-db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal
- <Package Folder>/eudemon
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/.imprint
- <Package Folder>/files/AppEventsLogger.persistedevents
- <Package Folder>/files/DaemonServer
- <Package Folder>/files/agoo.pid
- <Package Folder>/files/b.jar
- <Package Folder>/files/b.jar.tm
- <Package Folder>/files/b.tmp.jar
- <Package Folder>/files/exid.dat
- <Package Folder>/files/gaClientId
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/ACCS_BIND24756619.xml
- <Package Folder>/shared_prefs/ACCS_SDK.xml
- <Package Folder>/shared_prefs/ACCS_SDK_CHANNEL.xml
- <Package Folder>/shared_prefs/AGOO_BIND.xml
- <Package Folder>/shared_prefs/Agoo_AppStore.xml
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/NATIVE123456_FILE.xml
- <Package Folder>/shared_prefs/NATIVE123456_FILE.xml.bak
- <Package Folder>/shared_prefs/SharedPrefsStrList.xml
- <Package Folder>/shared_prefs/_toolbox_prefs.xml
- <Package Folder>/shared_prefs/_toolbox_prefs.xml (deleted)
- <Package Folder>/shared_prefs/_toolbox_prefs.xml.bak (deleted)
- <Package Folder>/shared_prefs/com.facebook.accountkit.sdk.appEv...es.xml
- <Package Folder>/shared_prefs/com.facebook.internal.preferences...GS.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.appEventPreferences.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.attributionTracking.xml
- <Package Folder>/shared_prefs/com.google.android.gms.analytics.prefs.xml
- <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measuremen...leted)
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml
- <Package Folder>/shared_prefs/dailynews.xml
- <Package Folder>/shared_prefs/dailynews.xml (deleted)
- <Package Folder>/shared_prefs/market_preferences.xml
- <Package Folder>/shared_prefs/mobnativeads_preferences.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/track_preferences.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/video_pref_def.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/0.0.1510835531198.v3.exo
- <SD-Card>/Android/####/1ea940688dfa430cafc024ac3d9a375a
- <SD-Card>/Android/####/30735cf37e3a470cb5aab7724147798e
- <SD-Card>/Android/####/5759fcf76985405d88565af93cee37de
- <SD-Card>/Android/####/a8696625b65b497fb034c36c8d697b34
- <SD-Card>/Android/####/b1d6e60cc9ee4231bb076c0f25922c05
- <SD-Card>/Android/####/cached_content_index.exi
- <SD-Card>/Android/####/ee4bfa0420f84da3a80fd664ed579a70
- <SD-Card>/Android/####/inapp_20171116.log
Другие:
Запускает следующие shell-скрипты:
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"24756619","utdid":"Wg2FN3T0DfkDAGdzx1GbXxU6","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
- chmod 500 <Package Folder>/files/DaemonServer
- sh
Загружает динамические библиотеки:
- tnet-3.1
- ut_c_api
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
