Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.684.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) albu####.zw####.com:80
- TCP(HTTP/1.1) albumne####.zw####.com:80
- TCP(HTTP/1.1) cf.gdata####.net:80
- TCP(TLS/1.0) api.face####.com:443
Запросы DNS:
- a####.sdkce####.com
- albu####.zw####.com
- albumne####.zw####.com
- cf.gdata####.net
- d####.zw####.com
- g####.face####.com
- rd.gdata####.net
Запросы HTTP GET:
- albu####.zw####.com/image/2018/02/16f12fb81fddf7e315315a7ef78b21cd/5a7ef...
- albu####.zw####.com/image/2018/02/180b593c5727dce904195a7ef66e533c/5a7ef...
- albu####.zw####.com/image/2018/02/1b908d11dac72944bd495a7ef5325248/5a7ef...
- albu####.zw####.com/image/2018/02/2182651aa1d5e692de715a7ef5831c2b/5a7ef...
- albu####.zw####.com/image/2018/02/2e9326c30ea3107efefe5a7ef556700f/5a7ef...
- albu####.zw####.com/image/2018/02/3621d224aeb444522fab5a7ef56b88cb/5a7ef...
- albu####.zw####.com/image/2018/02/36aaada18b1d89b3df255a7ef551dfb1/5a7ef...
- albu####.zw####.com/image/2018/02/3ee3b4e66b796688c0c15a7ef7e281f7/5a7ef...
- albu####.zw####.com/image/2018/02/400975931ee5c1defa495a7ef7680e13/5a7ef...
- albu####.zw####.com/image/2018/02/42a4f8abff943379dbf05a7ef5d8ff20/5a7ef...
- albu####.zw####.com/image/2018/02/44e9b8409e5970b2f65a5a7ef5fd6565/5a7ef...
- albu####.zw####.com/image/2018/02/46086b7cb87f6bc48d3d5a7ef52e53f8/5a7ef...
- albu####.zw####.com/image/2018/02/4b39e04d57241955a4b95a7ef51d45bd/5a7ef...
- albu####.zw####.com/image/2018/02/510713d003102425b8235a7ef5abeb13/5a7ef...
- albu####.zw####.com/image/2018/02/515048ca59a84edcca1f5a7ef576bc75/5a7ef...
- albu####.zw####.com/image/2018/02/61127750080c6e73844a5a7ef47b4b37/5a7ef...
- albu####.zw####.com/image/2018/02/69c00e9f0f69c0696ff45a7ef774fbe0/5a7ef...
- albu####.zw####.com/image/2018/02/6bd8300cfcaf522d4c345a7ef53e9bfa/5a7ef...
- albu####.zw####.com/image/2018/02/72c347f284685c58fe715a7ef5da2740/5a7ef...
- albu####.zw####.com/image/2018/02/7d03b0e3421e35076e5b5a7ef5024e9e/5a7ef...
- albu####.zw####.com/image/2018/02/81dc47d1a84afa2fa22d5a7ef54b6889/5a7ef...
- albu####.zw####.com/image/2018/02/82d2127feb0d1ff47ce35a7ef53879f4/5a7ef...
- albu####.zw####.com/image/2018/02/894e23caac4c3395c1805a7ef582b76d/5a7ef...
- albu####.zw####.com/image/2018/02/8e049224a3953171d0165a7ef4f202ca/5a7ef...
- albu####.zw####.com/image/2018/02/9e910e2095c698488d5a5a7ef514b99e/5a7ef...
- albu####.zw####.com/image/2018/02/a23c5c8928c555b137195a7ef5e8c0da/5a7ef...
- albu####.zw####.com/image/2018/02/cd5a7cf47f0bd3f26a365a7ef6325bc1/5a7ef...
- albu####.zw####.com/image/2018/02/ce783e32a22ea44f6b245a7ef5c7ae09/5a7ef...
- albu####.zw####.com/image/2018/02/d575b038fc3afd74bef85a7ef647beae/5a7ef...
- albu####.zw####.com/image/2018/02/defd26c618806a7d23de5a7ef6b183c8/5a7ef...
- albu####.zw####.com/image/2018/02/e1b736ff2231b51905255a7ef6d2fdb0/5a7ef...
- albu####.zw####.com/image/2018/02/e35bcc3b20fc48ee3bf05a7ef64b20c1/5a7ef...
- albu####.zw####.com/image/2018/02/e7c93598e63efb1079475a7ef631a0a7/5a7ef...
- albu####.zw####.com/image/2018/02/f01e0b6f99506f1a9b835a7ef5486dc3/5a7ef...
- albu####.zw####.com/index.php/Home/Index/getApi?appid=####&version=####&...
- albu####.zw####.com/line/upload/2017/headpicture/1.png
- albu####.zw####.com/line/upload/2017/headpicture/2.png
- albu####.zw####.com/line/upload/2017/headpicture/3.png
- albu####.zw####.com/line/upload/2017/headpicture/4.png
- albu####.zw####.com/line/upload/2017/headpicture/5.png
- albu####.zw####.com/line/upload/2017/headpicture/6.png
- albumne####.zw####.com/v1/album/getAnAlbum/list/1199
- albumne####.zw####.com/v1/album/getAnAlbum/list/1202
- albumne####.zw####.com/v1/album/getAnAlbum/list/1292
- albumne####.zw####.com/v1/album/getAnAlbum/list/912
- albumne####.zw####.com/v1/album/getAnAlbum/list/982
- albumne####.zw####.com/v1/album/list?banner=####
- albumne####.zw####.com/v1/comment/1199/list
- albumne####.zw####.com/v1/comment/1202/list
- albumne####.zw####.com/v1/comment/1292/list
- albumne####.zw####.com/v1/comment/912/list
- albumne####.zw####.com/v1/comment/982/list
- albumne####.zw####.com/v1/user/devnum?deviceNumber=####&channelNumber=##...
- albumne####.zw####.com/v1/vip/isVip
- albumne####.zw####.com/v2/album/list?categoryNames=####&limit=####
- albumne####.zw####.com/v2/album/list?limit=####
Запросы HTTP POST:
- cf.gdata####.net/config/update
- cf.gdata####.net/dc/sync_adr
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/025427b2ae4ec05690e268f0bf72c1b9b7b....0.tmp
- <Package Folder>/cache/####/1231fc46df5bfa32e63178ce50a9e15422b....0.tmp
- <Package Folder>/cache/####/1d3ae08b55f7245b0574bcf878ef0e11341....0.tmp
- <Package Folder>/cache/####/1eb5e3af4265852891b572ea666c3b29567....0.tmp
- <Package Folder>/cache/####/1eb8696b62afa0879f37a63a840ad537e6a....0.tmp
- <Package Folder>/cache/####/1f7e2c6ba8271d3a6ae3e564350a01ee36b....0.tmp
- <Package Folder>/cache/####/21c0525dd53fb114aa92bdeb5f9f288214b....0.tmp
- <Package Folder>/cache/####/2ba866d25e54c5bc25df8b9f1001bed0452....0.tmp
- <Package Folder>/cache/####/2dc4cfcd3df6e59c1ad6932319282904a42....0.tmp
- <Package Folder>/cache/####/3362cc7b711eab53cd20210028e7c28ced1....0.tmp
- <Package Folder>/cache/####/381548e7caa74ff2b591363c156d42cd4b7....0.tmp
- <Package Folder>/cache/####/3cd9a8759f559057b665aab20c144f208db....0.tmp
- <Package Folder>/cache/####/43c800613f01f1e0d41af6abecb45c30ade....0.tmp
- <Package Folder>/cache/####/4737a1d40719cdeb4e86b7a8f4ed8dd8dbc....0.tmp
- <Package Folder>/cache/####/4c21bdef4d7cedeace214120c16607891b5....0.tmp
- <Package Folder>/cache/####/55f308dbdf149e1fa5c89f2e1eefa4d10fb....0.tmp
- <Package Folder>/cache/####/5ddb3a2944a3ff8f4fd7fd2b2f42a848ffd....0.tmp
- <Package Folder>/cache/####/62d9e2703c909d0b39ee512aa5d9f3631d0....0.tmp
- <Package Folder>/cache/####/67c3c57a99124844c33a8ddd8ca46f8571c....0.tmp
- <Package Folder>/cache/####/6b9194e039b21ba3085024e8281b734f8d1....0.tmp
- <Package Folder>/cache/####/711fe28c3b4fc2d94ac7ba6452d6d89ff6d....0.tmp
- <Package Folder>/cache/####/7b2e25fd136b4eee2cb8f840eb3ed3bfebc....0.tmp
- <Package Folder>/cache/####/7c6a1b468c89e9eff81570e1b7bf1cd1c8d....0.tmp
- <Package Folder>/cache/####/7d2bd1c759e1efa0c34e2a81fb69dbcd937....0.tmp
- <Package Folder>/cache/####/832cedc0fdeaa7c3331a1ca972f598dfb31....0.tmp
- <Package Folder>/cache/####/84da81b430786be50e4292eab672b343671....0.tmp
- <Package Folder>/cache/####/8619a7479b2e7ced7381a0e873bc2102203....0.tmp
- <Package Folder>/cache/####/936765dd1e4887db71ec5f11658d0ffe2cc....0.tmp
- <Package Folder>/cache/####/9555e3606321670b97deed4a6cb924d91da....0.tmp
- <Package Folder>/cache/####/97925868e8f5977717d735333e5296d1d30....0.tmp
- <Package Folder>/cache/####/a5c7c195f09ecd7f9f3ccf2159e827ec40d....0.tmp
- <Package Folder>/cache/####/acea31dd29215b1ea43a7d388c70a330290....0.tmp
- <Package Folder>/cache/####/b1d02bbaa55de4efde2b68d03b70d43a363....0.tmp
- <Package Folder>/cache/####/b70d0164115433f31df60cbc9b87cecf195....0.tmp
- <Package Folder>/cache/####/ba668eff0bb51055668969c6d0f8d945058....0.tmp
- <Package Folder>/cache/####/c397be807c3a349962fb1e55bc1002a3fba....0.tmp
- <Package Folder>/cache/####/c3bdce22b2ea499426c4583e8a9ee459e45....0.tmp
- <Package Folder>/cache/####/c8a46604a394876f0ece762fdf68d4d72e6....0.tmp
- <Package Folder>/cache/####/cbacee942a2bc691dcf5d155b6e4b80f7ee....0.tmp
- <Package Folder>/cache/####/d0b8ca78e3ea0a49c4b182eb8f4e7063c1a....0.tmp
- <Package Folder>/cache/####/e5f2eee329bd45fcbe8cbd64f2e17c4e59c....0.tmp
- <Package Folder>/cache/####/e8c323cd1ac60dd34bbf2ee2a56ab6c5aa9....0.tmp
- <Package Folder>/cache/####/f0b0974d157e3fd0e58d905668b7cc05ea1....0.tmp
- <Package Folder>/cache/####/f2c56368b52185524075ad1edcf118a6790....0.tmp
- <Package Folder>/cache/####/f36fc2046fb4e2e6eb2dd597ffa14ea4252....0.tmp
- <Package Folder>/cache/####/fc1ab5a373440d8582408734fc054986454....0.tmp
- <Package Folder>/cache/####/fd3fb80d27ab0973995872def26bffbea4b....0.tmp
- <Package Folder>/cache/####/fd52c9847fd3721688b39f459cd81253e48....0.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/code_cache/####/MultiDex.lock
- <Package Folder>/databases/dataeye_database_B3524738BEC8FC87383...52E.db
- <Package Folder>/databases/dataeye_database_B3524738BEC8FC87383...ournal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/AppEventsLogger.persistedevents
- <Package Folder>/files/DataEye_Android.jar
- <Package Folder>/files/glcore.jar
- <Package Folder>/files/glso.jar
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/FBAdPrefs.xml
- <Package Folder>/shared_prefs/SDKIDFA.xml
- <Package Folder>/shared_prefs/all_info_data.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.appEventPreferences.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.attributionTracking.xml
- <Package Folder>/shared_prefs/database.xml
- <Package Folder>/shared_prefs/database.xml.bak
- <Package Folder>/shared_prefs/dc.B3524738BEC8FC87383795709AC095...es.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <SD-Card>/.SystemService/####/2D7F07BB6125DEB407E92A22DC4AC550
- <SD-Card>/.SystemService/####/uid
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh
- ls -l /sbin/su
- ls -l /system/bin/su
- ls -l /system/sbin/su
- ls -l /system/xbin/su
- ls -l /vendor/bin/su
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- DES-CBC-PKCS5Padding
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
