Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) 52.52.2####.56:80
- TCP(HTTP/1.1) go.hotw####.top:80
- TCP(HTTP/1.1) cdn.app.kac####.####.com:80
- TCP(HTTP/1.1) appb####.com:80
- TCP(HTTP/1.1) 1####.76.224.67:80
- TCP(HTTP/1.1) cdn.game####.org:80
- TCP(TLS/1.0) ssl.google-####.com:443
Запросы DNS:
- appb####.com
- cdn.app.h####.top
- cdn.app.kac####.cn
- cdn.game####.org
- cdn.img.h####.top
- go.hotw####.top
- ssl.google-####.com
Запросы HTTP GET:
- appb####.com/apps.xml
- appb####.com/promimg/birthdayphotoframewishes.png
- appb####.com/promimg/callername125.png
- appb####.com/promimg/coffeemug125.png
- appb####.com/promimg/flashoncallnew.png
- appb####.com/promimg/locationtracker.png
- appb####.com/promimg/menweddingphotosuit125.png
- appb####.com/promimg/photoframesv125.png
- appb####.com/promimg/photogridmixer125.png
- appb####.com/promimg/republic125.png
- appb####.com/promimg/usefultools.png
- appb####.com/promimg/waterfallv125.png
- appb####.com/promimg/womemtraditionaldresses.png
- appb####.com/promimg/womenweddingphotosuit125.png
- cdn.app.kac####.####.com/sfile/201711/16/all/cp_V2.8.1.txt
- cdn.app.kac####.####.com/upload/201709/7/img/20170907164855684.png
- cdn.app.kac####.####.com/upload/201712/14/img/20171214144834510.png
- cdn.app.kac####.####.com/upload/201712/21/img/20171221154814016.png
- cdn.app.kac####.####.com/upload/201801/19/app/20180119102712136.apk
- cdn.app.kac####.####.com/upload/201801/19/app/20180119160130816.apk
- cdn.app.kac####.####.com/upload/201801/19/img/20180119165105747.png
- cdn.app.kac####.####.com/upload/201801/5/app/20180105112742327.apk
- cdn.app.kac####.####.com/upload/201801/8/app/20180108173648199.apk
- cdn.game####.org/strategy/UnknownDev
- cdn.game####.org/strategy/base
- cdn.game####.org/strategy/dev_root
- cdn.game####.org/strategy/dev_root2
- cdn.game####.org/strategy/larger4.3
- cdn.game####.org/strategy/loss_4.3
- cdn.game####.org/strategy/sul18
- cdn.game####.org/strategy/symlink-adbd
Запросы HTTP POST:
- go.hotw####.top/hadat/invyb/ejrf
- go.hotw####.top/hadat/jowi/lq
- go.hotw####.top/hadat/jre/fdh
- go.hotw####.top/hadat/jrn/xcgci
- go.hotw####.top/hadat/k/iysj
- go.hotw####.top/hadat/kd/buoj
- go.hotw####.top/hadat/kdua/oisvb
- go.hotw####.top/hadat/nsj/tdlo
- go.hotw####.top/hadat/qc/leyt
- go.hotw####.top/hadat/sljms/u
- go.hotw####.top/hadat/sqjbe/ofyx
- go.hotw####.top/hadat/yxqr/qv
- go.hotw####.top/jzbdt/bgm/krq
- go.hotw####.top/jzbdt/yg/hpt
- go.hotw####.top/jzbdt/yoiz/koump/qjk
- go.hotw####.top/sdf/uco
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_0d566db9-2340-4a5c-9182-0cd8644ba920/Matrix
- <Package Folder>/app_0d566db9-2340-4a5c-9182-0cd8644ba920/ddexe
- <Package Folder>/app_0d566db9-2340-4a5c-9182-0cd8644ba920/debuggerd
- <Package Folder>/app_0d566db9-2340-4a5c-9182-0cd8644ba920/fileWork
- <Package Folder>/app_0d566db9-2340-4a5c-9182-0cd8644ba920/insta...ery.sh
- <Package Folder>/app_0d566db9-2340-4a5c-9182-0cd8644ba920/pidof
- <Package Folder>/app_0d566db9-2340-4a5c-9182-0cd8644ba920/su
- <Package Folder>/app_0d566db9-2340-4a5c-9182-0cd8644ba920/supolicy
- <Package Folder>/app_0d566db9-2340-4a5c-9182-0cd8644ba920/toolbox
- <Package Folder>/app_0d566db9-2340-4a5c-9182-0cd8644ba920/wsroot.sh
- <Package Folder>/app_6c7c4d54-e246-4bc5-b0e3-5ae822f80089/checker.jar
- <Package Folder>/app_a5f0e7ce-56a9-4082-9f91-d5a86f238345/Matrix
- <Package Folder>/app_a5f0e7ce-56a9-4082-9f91-d5a86f238345/ddexe
- <Package Folder>/app_a5f0e7ce-56a9-4082-9f91-d5a86f238345/debuggerd
- <Package Folder>/app_a5f0e7ce-56a9-4082-9f91-d5a86f238345/fileWork
- <Package Folder>/app_a5f0e7ce-56a9-4082-9f91-d5a86f238345/insta...ery.sh
- <Package Folder>/app_a5f0e7ce-56a9-4082-9f91-d5a86f238345/pidof
- <Package Folder>/app_a5f0e7ce-56a9-4082-9f91-d5a86f238345/su
- <Package Folder>/app_a5f0e7ce-56a9-4082-9f91-d5a86f238345/supolicy
- <Package Folder>/app_a5f0e7ce-56a9-4082-9f91-d5a86f238345/toolbox
- <Package Folder>/app_a5f0e7ce-56a9-4082-9f91-d5a86f238345/wsroot.sh
- <Package Folder>/app_c7c4f9ea-002a-4ef1-bbe9-e238989d946a/Matrix
- <Package Folder>/app_c7c4f9ea-002a-4ef1-bbe9-e238989d946a/ddexe
- <Package Folder>/app_c7c4f9ea-002a-4ef1-bbe9-e238989d946a/debuggerd
- <Package Folder>/app_c7c4f9ea-002a-4ef1-bbe9-e238989d946a/fileWork
- <Package Folder>/app_c7c4f9ea-002a-4ef1-bbe9-e238989d946a/insta...ery.sh
- <Package Folder>/app_c7c4f9ea-002a-4ef1-bbe9-e238989d946a/pidof
- <Package Folder>/app_c7c4f9ea-002a-4ef1-bbe9-e238989d946a/su
- <Package Folder>/app_c7c4f9ea-002a-4ef1-bbe9-e238989d946a/supolicy
- <Package Folder>/app_c7c4f9ea-002a-4ef1-bbe9-e238989d946a/toolbox
- <Package Folder>/app_c7c4f9ea-002a-4ef1-bbe9-e238989d946a/wsroot.sh
- <Package Folder>/app_d0dcd150-cf46-4d49-bf62-52944d4e7c81/Matrix
- <Package Folder>/app_d0dcd150-cf46-4d49-bf62-52944d4e7c81/ddexe
- <Package Folder>/app_d0dcd150-cf46-4d49-bf62-52944d4e7c81/debuggerd
- <Package Folder>/app_d0dcd150-cf46-4d49-bf62-52944d4e7c81/fileWork
- <Package Folder>/app_d0dcd150-cf46-4d49-bf62-52944d4e7c81/insta...ery.sh
- <Package Folder>/app_d0dcd150-cf46-4d49-bf62-52944d4e7c81/pidof
- <Package Folder>/app_d0dcd150-cf46-4d49-bf62-52944d4e7c81/su
- <Package Folder>/app_d0dcd150-cf46-4d49-bf62-52944d4e7c81/supolicy
- <Package Folder>/app_d0dcd150-cf46-4d49-bf62-52944d4e7c81/toolbox
- <Package Folder>/app_d0dcd150-cf46-4d49-bf62-52944d4e7c81/wsroot.sh
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/Matrix
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/ddexe
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/debuggerd
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/device.db
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/fileWork
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/insta...ery.sh
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/pidof
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/root3
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/su
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/supolicy
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/toolbox
- <Package Folder>/app_d26fb3b6-347f-4e99-bdf8-3f3323fba48f/wsroot.sh
- <Package Folder>/app_d5b2b2f7-066b-41a4-a7b2-09367ac5a7cc/Matrix
- <Package Folder>/app_d5b2b2f7-066b-41a4-a7b2-09367ac5a7cc/ddexe
- <Package Folder>/app_d5b2b2f7-066b-41a4-a7b2-09367ac5a7cc/debuggerd
- <Package Folder>/app_d5b2b2f7-066b-41a4-a7b2-09367ac5a7cc/fileWork
- <Package Folder>/app_d5b2b2f7-066b-41a4-a7b2-09367ac5a7cc/insta...ery.sh
- <Package Folder>/app_d5b2b2f7-066b-41a4-a7b2-09367ac5a7cc/pidof
- <Package Folder>/app_d5b2b2f7-066b-41a4-a7b2-09367ac5a7cc/su
- <Package Folder>/app_d5b2b2f7-066b-41a4-a7b2-09367ac5a7cc/supolicy
- <Package Folder>/app_d5b2b2f7-066b-41a4-a7b2-09367ac5a7cc/toolbox
- <Package Folder>/app_d5b2b2f7-066b-41a4-a7b2-09367ac5a7cc/wsroot.sh
- <Package Folder>/app_plugin_download/98d477a8-60be-4226-b63d-9a0e9ef8c9d8
- <Package Folder>/app_plugin_download/db7faaf7-66ab-47bc-95e2-8172cb442c7e
- <Package Folder>/app_subox/1740c449fc10be62df60ba0f18696c9f
- <Package Folder>/app_subox/32edd79a240b5f1e461d069caab1ec3e
- <Package Folder>/app_subox/8b6f263391259b7a8e5f58ee71852ca8
- <Package Folder>/app_subox/b0141e478b25af7c40a8cca8de6c4708
- <Package Folder>/app_subox/b18a021d11a3004d25017230b681476b
- <Package Folder>/app_subox/c61913b615fb6224701377a119081f36
- <Package Folder>/app_subox_download/1e15b747-feb8-4909-a0df-060ffdbc955d
- <Package Folder>/app_subox_download/26a96f28-68e6-4161-b1ec-ffc1e0d8130c
- <Package Folder>/app_subox_download/3b76862b-e84b-43ed-a5c9-60b322836995
- <Package Folder>/app_subox_download/5cd904d6-467a-458f-a949-e25e6b2dfe0c
- <Package Folder>/app_subox_download/78fb1308-8cae-4ea2-b7ff-59aaecf2411c
- <Package Folder>/app_subox_download/bd4f7a57-3bd2-4b68-acc3-3f0d6d7182ad
- <Package Folder>/app_subox_download/ddc78061-8110-4b43-afcf-b5b34c0d5ac5
- <Package Folder>/app_subox_download/f06995f1-c467-4f35-8c66-24153d901705
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/index
- <Package Folder>/cache/ApplicationCache.db-journal
- <Package Folder>/cache/ads1567683029.jar
- <Package Folder>/databases/google_analytics_v4.db-journal
- <Package Folder>/databases/t_u.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/SUBOXLOG_
- <Package Folder>/files/gaClientId
- <Package Folder>/files/gn.jar
- <Package Folder>/files/zk.jar
- <Package Folder>/shared_prefs/dsi.xml
- <Package Folder>/shared_prefs/kr.xml
- <Package Folder>/shared_prefs/sfe.xml
- <Package Folder>/shared_prefs/subox.xml
- <Package Folder>/shared_prefs/wv.xml
- <SD-Card>/Android/####/0a54c1df9c193
- <SD-Card>/Android/####/227e91d4290b9d1b905031b1456b827c.apk
- <SD-Card>/Android/####/3f89b33258feee32a0996e355578d584.apk
- <SD-Card>/Android/####/6e9114df6e437
- <SD-Card>/Android/####/71b5007fb51ada4d8e2f9ee315f86a55.apk
- <SD-Card>/Android/####/7821153e5b964
- <SD-Card>/Android/####/898387f77c516
- <SD-Card>/Android/####/8c7ae99af29e65effe51b098b7c19917.apk
- <SD-Card>/Android/####/V2.8.1.txt
- <SD-Card>/Android/####/b.tmp
Другие:
Запускает следующие shell-скрипты:
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/227e91d4290b9d1b905031b1456b827c.apk
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/3f89b33258feee32a0996e355578d584.apk
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/71b5007fb51ada4d8e2f9ee315f86a55.apk
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/8c7ae99af29e65effe51b098b7c19917.apk
- chmod 777 Matrix ddexe debuggerd device.db fileWork install-recovery.sh pidof root3 su supolicy toolbox wsroot.sh
- chmod 777 Matrix ddexe debuggerd fileWork install-recovery.sh pidof su supolicy toolbox wsroot.sh
- sh
Загружает динамические библиотеки:
- _hh255
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
