Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) 47.92.1####.96:80
- TCP(HTTP/1.1) cdn.app.superma####.####.com:80
- TCP(HTTP/1.1) 1####.76.224.67:80
- TCP(HTTP/1.1) cdn.game####.org:80
- TCP(TLS/1.0) t####.appsf####.com:443
- TCP(TLS/1.0) cdn.app.superma####.####.com:443
- TCP(TLS/1.0) d####.fl####.com:443
- TCP(TLS/1.0) api.appsf####.com:443
- TCP(TLS/1.0) c####.superma####.top:443
Запросы DNS:
- api.appsf####.com
- c####.superma####.top
- cdn.app.h####.top
- cdn.app.superma####.top
- cdn.game####.org
- cdn.img.h####.top
- d####.fl####.com
- t####.appsf####.com
Запросы HTTP GET:
- cdn.app.superma####.####.com/upload/201802/6/app/20180206153530165.apk
- cdn.app.superma####.####.com/upload/201802/6/img/20180206153521627.png
- cdn.game####.org/strategy/UnknownDev
- cdn.game####.org/strategy/base
- cdn.game####.org/strategy/dev_root
- cdn.game####.org/strategy/dev_root2
- cdn.game####.org/strategy/larger4.3
- cdn.game####.org/strategy/loss_4.3
- cdn.game####.org/strategy/sul18
- cdn.game####.org/strategy/symlink-adbd
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_12234dcd-cb41-4cb5-9951-9e9759942bcb/Matrix
- <Package Folder>/app_12234dcd-cb41-4cb5-9951-9e9759942bcb/ddexe
- <Package Folder>/app_12234dcd-cb41-4cb5-9951-9e9759942bcb/debuggerd
- <Package Folder>/app_12234dcd-cb41-4cb5-9951-9e9759942bcb/fileWork
- <Package Folder>/app_12234dcd-cb41-4cb5-9951-9e9759942bcb/insta...ery.sh
- <Package Folder>/app_12234dcd-cb41-4cb5-9951-9e9759942bcb/pidof
- <Package Folder>/app_12234dcd-cb41-4cb5-9951-9e9759942bcb/su
- <Package Folder>/app_12234dcd-cb41-4cb5-9951-9e9759942bcb/supolicy
- <Package Folder>/app_12234dcd-cb41-4cb5-9951-9e9759942bcb/toolbox
- <Package Folder>/app_12234dcd-cb41-4cb5-9951-9e9759942bcb/wsroot.sh
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/Matrix
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/ddexe
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/debuggerd
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/device.db
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/fileWork
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/insta...ery.sh
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/pidof
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/root3
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/su
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/supolicy
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/toolbox
- <Package Folder>/app_4846240f-c634-48b2-8c6d-ee615a3e6ea0/wsroot.sh
- <Package Folder>/app_97e8dd48-3f49-4ef5-8f7c-3bbb567d3671/Matrix
- <Package Folder>/app_97e8dd48-3f49-4ef5-8f7c-3bbb567d3671/ddexe
- <Package Folder>/app_97e8dd48-3f49-4ef5-8f7c-3bbb567d3671/debuggerd
- <Package Folder>/app_97e8dd48-3f49-4ef5-8f7c-3bbb567d3671/fileWork
- <Package Folder>/app_97e8dd48-3f49-4ef5-8f7c-3bbb567d3671/insta...ery.sh
- <Package Folder>/app_97e8dd48-3f49-4ef5-8f7c-3bbb567d3671/pidof
- <Package Folder>/app_97e8dd48-3f49-4ef5-8f7c-3bbb567d3671/su
- <Package Folder>/app_97e8dd48-3f49-4ef5-8f7c-3bbb567d3671/supolicy
- <Package Folder>/app_97e8dd48-3f49-4ef5-8f7c-3bbb567d3671/toolbox
- <Package Folder>/app_97e8dd48-3f49-4ef5-8f7c-3bbb567d3671/wsroot.sh
- <Package Folder>/app_b95a2e78-1923-4a42-85fd-5736f3815d58/57d62...44.jar
- <Package Folder>/app_b95a2e78-1923-4a42-85fd-5736f3815d58/5ab55...bc1720
- <Package Folder>/app_c1d737be-0756-4f6a-a908-369c12a5e62b/Matrix
- <Package Folder>/app_c1d737be-0756-4f6a-a908-369c12a5e62b/ddexe
- <Package Folder>/app_c1d737be-0756-4f6a-a908-369c12a5e62b/debuggerd
- <Package Folder>/app_c1d737be-0756-4f6a-a908-369c12a5e62b/fileWork
- <Package Folder>/app_c1d737be-0756-4f6a-a908-369c12a5e62b/insta...ery.sh
- <Package Folder>/app_c1d737be-0756-4f6a-a908-369c12a5e62b/pidof
- <Package Folder>/app_c1d737be-0756-4f6a-a908-369c12a5e62b/su
- <Package Folder>/app_c1d737be-0756-4f6a-a908-369c12a5e62b/supolicy
- <Package Folder>/app_c1d737be-0756-4f6a-a908-369c12a5e62b/toolbox
- <Package Folder>/app_c1d737be-0756-4f6a-a908-369c12a5e62b/wsroot.sh
- <Package Folder>/app_d2380a89-ea9c-487f-998d-ab63ea165205/Matrix
- <Package Folder>/app_d2380a89-ea9c-487f-998d-ab63ea165205/ddexe
- <Package Folder>/app_d2380a89-ea9c-487f-998d-ab63ea165205/debuggerd
- <Package Folder>/app_d2380a89-ea9c-487f-998d-ab63ea165205/fileWork
- <Package Folder>/app_d2380a89-ea9c-487f-998d-ab63ea165205/insta...ery.sh
- <Package Folder>/app_d2380a89-ea9c-487f-998d-ab63ea165205/pidof
- <Package Folder>/app_d2380a89-ea9c-487f-998d-ab63ea165205/su
- <Package Folder>/app_d2380a89-ea9c-487f-998d-ab63ea165205/supolicy
- <Package Folder>/app_d2380a89-ea9c-487f-998d-ab63ea165205/toolbox
- <Package Folder>/app_d2380a89-ea9c-487f-998d-ab63ea165205/wsroot.sh
- <Package Folder>/app_e11ca158-2775-4f19-b6fc-ce570a366a51/Matrix
- <Package Folder>/app_e11ca158-2775-4f19-b6fc-ce570a366a51/ddexe
- <Package Folder>/app_e11ca158-2775-4f19-b6fc-ce570a366a51/debuggerd
- <Package Folder>/app_e11ca158-2775-4f19-b6fc-ce570a366a51/fileWork
- <Package Folder>/app_e11ca158-2775-4f19-b6fc-ce570a366a51/insta...ery.sh
- <Package Folder>/app_e11ca158-2775-4f19-b6fc-ce570a366a51/pidof
- <Package Folder>/app_e11ca158-2775-4f19-b6fc-ce570a366a51/su
- <Package Folder>/app_e11ca158-2775-4f19-b6fc-ce570a366a51/supolicy
- <Package Folder>/app_e11ca158-2775-4f19-b6fc-ce570a366a51/toolbox
- <Package Folder>/app_e11ca158-2775-4f19-b6fc-ce570a366a51/wsroot.sh
- <Package Folder>/app_subox/1740c449fc10be62df60ba0f18696c9f
- <Package Folder>/app_subox/32edd79a240b5f1e461d069caab1ec3e
- <Package Folder>/app_subox/8b6f263391259b7a8e5f58ee71852ca8
- <Package Folder>/app_subox/b0141e478b25af7c40a8cca8de6c4708
- <Package Folder>/app_subox/b18a021d11a3004d25017230b681476b
- <Package Folder>/app_subox/c61913b615fb6224701377a119081f36
- <Package Folder>/app_subox_download/12b53c32-68a3-44c0-8dfe-ee9db06d5368
- <Package Folder>/app_subox_download/55659775-cc4d-4569-adac-1f52125aa98b
- <Package Folder>/app_subox_download/61550816-c3fa-48c4-b801-5923e3dd398b
- <Package Folder>/app_subox_download/89755007-2b32-4bcc-ab07-70f685466d6a
- <Package Folder>/app_subox_download/c5cb9d40-a43e-41b7-8f52-278fccd10e25
- <Package Folder>/app_subox_download/ce11559d-0619-4ad2-8302-10f370e6314b
- <Package Folder>/app_subox_download/e2042aa7-3b50-45ff-a79e-559bbce3ef9e
- <Package Folder>/app_subox_download/f6af70a8-3076-4139-95ee-c51c98c5cb0b
- <Package Folder>/cache/V2.9.1.txt
- <Package Folder>/cache/ads-1702544704.jar
- <Package Folder>/databases/t_u.db-journal
- <Package Folder>/files/.FlurrySenderIndex.info.AnalyticsData_37...NP_171
- <Package Folder>/files/.FlurrySenderIndex.info.AnalyticsMain
- <Package Folder>/files/.flurryagent.-73f8edb5
- <Package Folder>/files/.flurrydatasenderblock.65f641ca-563b-48a...eb2c57
- <Package Folder>/files/.flurrydatasenderblock.941886a1-697d-410...8f7ab6
- <Package Folder>/files/AF_INSTALLATION
- <Package Folder>/files/SUBOXLOG_
- <Package Folder>/files/ff.jar
- <Package Folder>/files/oz.jar
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/appsflyer-data.xml
- <Package Folder>/shared_prefs/copy_files.xml
- <Package Folder>/shared_prefs/count.xml
- <Package Folder>/shared_prefs/kr.xml
- <Package Folder>/shared_prefs/vbz.xml
- <SD-Card>/Android/####/01proc_davinci.jpg
- <SD-Card>/Android/####/01proc_nashville.jpg
- <SD-Card>/Android/####/04proc_sepia.jpg
- <SD-Card>/Android/####/05proc_old.jpg
- <SD-Card>/Android/####/05proc_picasso2.jpg
- <SD-Card>/Android/####/07canvas_student.jpg
- <SD-Card>/Android/####/25.png
- <SD-Card>/Android/####/283944181e4a5
- <SD-Card>/Android/####/48.png
- <SD-Card>/Android/####/49.png
- <SD-Card>/Android/####/50.png
- <SD-Card>/Android/####/51.png
- <SD-Card>/Android/####/52.png
- <SD-Card>/Android/####/53.png
- <SD-Card>/Android/####/54.png
- <SD-Card>/Android/####/55.png
- <SD-Card>/Android/####/56.png
- <SD-Card>/Android/####/57.png
- <SD-Card>/Android/####/58.png
- <SD-Card>/Android/####/59.png
- <SD-Card>/Android/####/60.png
- <SD-Card>/Android/####/61.png
- <SD-Card>/Android/####/62.png
- <SD-Card>/Android/####/64.png
- <SD-Card>/Android/####/67.png
- <SD-Card>/Android/####/70.png
- <SD-Card>/Android/####/71.png
- <SD-Card>/Android/####/73.png
- <SD-Card>/Android/####/74.png
- <SD-Card>/Android/####/75.png
- <SD-Card>/Android/####/76.png
- <SD-Card>/Android/####/77.png
- <SD-Card>/Android/####/78.png
- <SD-Card>/Android/####/80.png
- <SD-Card>/Android/####/BebasNeue.otf
- <SD-Card>/Android/####/b.tmp
- <SD-Card>/Android/####/black-frame.png
- <SD-Card>/Android/####/blue_grain_leak.png
- <SD-Card>/Android/####/brick.jpg
- <SD-Card>/Android/####/bw_vin.png
- <SD-Card>/Android/####/cool_grain.png
- <SD-Card>/Android/####/coolcool_grain.png
- <SD-Card>/Android/####/film-effects.png
- <SD-Card>/Android/####/frame1.png
- <SD-Card>/Android/####/grain.jpg
- <SD-Card>/Android/####/intro_black_caps.ttf
- <SD-Card>/Android/####/lightleak1.png
- <SD-Card>/Android/####/little_vin.png
- <SD-Card>/Android/####/old_texture.png
- <SD-Card>/Android/####/old_texture3.png
- <SD-Card>/Android/####/pat0.png
- <SD-Card>/Android/####/pat1.png
- <SD-Card>/Android/####/pat2.png
- <SD-Card>/Android/####/pat3.jpg
- <SD-Card>/Android/####/pat3.png
- <SD-Card>/Android/####/pat4.png
- <SD-Card>/Android/####/pencil0.jpg
- <SD-Card>/Android/####/pencil10.jpg
- <SD-Card>/Android/####/pencil130.jpg
- <SD-Card>/Android/####/pencil155.jpg
- <SD-Card>/Android/####/pencil203.jpg
- <SD-Card>/Android/####/pencil210.jpg
- <SD-Card>/Android/####/pencil256.jpg
- <SD-Card>/Android/####/pencil95.jpg
- <SD-Card>/Android/####/pencil_old.jpg
- <SD-Card>/Android/####/polaroidFrame.png
- <SD-Card>/Android/####/preset.json
- <SD-Card>/Android/####/preset_cartoonpack.json
- <SD-Card>/Android/####/preset_comicpack.json
- <SD-Card>/Android/####/preset_filters.json
- <SD-Card>/Android/####/preset_framepack.json
- <SD-Card>/Android/####/preset_glassespack.json
- <SD-Card>/Android/####/preset_hairstylespack.json
- <SD-Card>/Android/####/preset_hipsterspack.json
- <SD-Card>/Android/####/preset_linepack.json
- <SD-Card>/Android/####/preset_lovepack.json
- <SD-Card>/Android/####/preset_mirror.json
- <SD-Card>/Android/####/preset_shapepack.json
- <SD-Card>/Android/####/preset_shapes.json
- <SD-Card>/Android/####/preset_tools.json
- <SD-Card>/Android/####/red_vin.png
- <SD-Card>/Android/####/texture3.png
- <SD-Card>/Android/####/thhmi.png
- <SD-Card>/Android/####/vin.png
- <SD-Card>/Android/####/vin2.png
Другие:
Запускает следующие shell-скрипты:
- chmod 777 Matrix ddexe debuggerd device.db fileWork install-recovery.sh pidof root3 su supolicy toolbox wsroot.sh
- chmod 777 Matrix ddexe debuggerd fileWork install-recovery.sh pidof su supolicy toolbox wsroot.sh
- sh
Загружает динамические библиотеки:
- opencv_info
- opencv_java3
- processing
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- DES
Осуществляет доступ к интерфейсу камеры.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
