Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.692.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) albumne####.zw####.com:80
- TCP(HTTP/1.1) albu####.zw####.com:80
- TCP(HTTP/1.1) cf.gdata####.net:80
- TCP(HTTP/1.1) a####.sdkce####.com:80
- TCP(TLS/1.0) api.face####.com:443
Запросы DNS:
- a####.sdkce####.com
- albu####.zw####.com
- albumne####.zw####.com
- cf.gdata####.net
- d####.zw####.com
- g####.face####.com
- image####.online####.net
- rd.gdata####.net
Запросы HTTP GET:
- albu####.zw####.com/image/2018/01/acda989f185baa79acd45a5eed522152/ace13...
- albu####.zw####.com/image/2018/02/122909e7a9ca6e35cbcd5a93787f4382/5a937...
- albu####.zw####.com/image/2018/02/2533f84fb860d2d9a8ec5a7e6a030da1/2538d...
- albu####.zw####.com/image/2018/02/333880090539a8c419ba5a9392af4fa2/5a939...
- albu####.zw####.com/image/2018/02/465116a7c415e42043515a9377771d04/5a937...
- albu####.zw####.com/image/2018/02/4a455d0dad33895c76265a9393a3c269/5a939...
- albu####.zw####.com/image/2018/02/60a0087d22e33d1bb8b95a9392d78789/5a939...
- albu####.zw####.com/image/2018/02/6b16b6ce8a28720644315a93790fc37e/5a937...
- albu####.zw####.com/image/2018/02/79d090d60f38f8f741505a9393da5c0c/5a939...
- albu####.zw####.com/image/2018/02/801cae836236ceb9c5765a7e6a45be64/8022d...
- albu####.zw####.com/image/2018/02/916028264cd8f46b8fe35a93931c9c83/5a939...
- albu####.zw####.com/image/2018/02/9168c8453d8ed3b49a665a75880c86fb/916e2...
- albu####.zw####.com/image/2018/02/a69490237854d3d848535a9392233827/5a939...
- albu####.zw####.com/image/2018/02/af54575f4d14f5bd8c185a78272cd931/af593...
- albu####.zw####.com/image/2018/02/b5a4017cc52164c58b1a5a9393d1a547/5a939...
- albu####.zw####.com/image/2018/02/c6751d7718aab7deed1c5a9393588c17/5a939...
- albu####.zw####.com/image/2018/02/c801188fa9758db422ac5a7e6aa55a47/c806a...
- albu####.zw####.com/image/2018/02/dbdb3dcee06b80b6b3cb5a9393c7ead3/5a939...
- albu####.zw####.com/image/2018/02/e20ed867574af6b4814d5a9394a4779f/5a939...
- albu####.zw####.com/image/2018/03/148a4aa97f4ba58cc5d65a97f9cebb29/14906...
- albu####.zw####.com/image/2018/03/51c30f04a0b3b06ed30e5a97f823e0f5/56080...
- albu####.zw####.com/image/2018/03/5ed389bfae765197ff0e5a97f8fcfe1b/5fbad...
- albu####.zw####.com/image/2018/03/7a699e515e01620018875a97f8ecf3cc/7b003...
- albu####.zw####.com/image/2018/03/e74a971cf5e542e1f7035a97f8bf574e/e7945...
- albu####.zw####.com/index.php/Home/Index/getApi?appid=####&version=####&...
- albu####.zw####.com/line/upload/2017/headpicture/1.png
- albu####.zw####.com/line/upload/2017/headpicture/3.png
- albu####.zw####.com/line/upload/2017/headpicture/4.png
- albu####.zw####.com/line/upload/2017/headpicture/5.png
- albu####.zw####.com/line/upload/2017/headpicture/6.png
- albu####.zw####.com/upload/2017/11/3d1fd4ac15142c1ed31c5a0bfd3c81ba/3d25...
- albu####.zw####.com/upload/2017/11/48c86bb4ca79710094ea5a0bfb6554ef/48ce...
- albu####.zw####.com/upload/2017/11/578443cdf5e4719ddfbc5a0bfa86fb11/5789...
- albu####.zw####.com/upload/2017/11/64f4ddd17e3b95d285db5a0bfd7b2055/64fa...
- albu####.zw####.com/upload/2017/11/db9bd257c395b218bc995a0bfba4b1b5/dba1...
- albumne####.zw####.com/v1/album/getAnAlbum/list/1494
- albumne####.zw####.com/v1/album/getAnAlbum/list/631
- albumne####.zw####.com/v1/album/getAnAlbum/list/636
- albumne####.zw####.com/v1/album/getAnAlbum/list/709
- albumne####.zw####.com/v1/album/getAnAlbum/list/724
- albumne####.zw####.com/v1/album/list?banner=####
- albumne####.zw####.com/v1/comment/1494/list
- albumne####.zw####.com/v1/comment/631/list
- albumne####.zw####.com/v1/comment/636/list
- albumne####.zw####.com/v1/comment/709/list
- albumne####.zw####.com/v1/comment/724/list
- albumne####.zw####.com/v1/user/devnum?deviceNumber=####&channelNumber=##...
- albumne####.zw####.com/v1/vip/isVip
- albumne####.zw####.com/v2/album/list?categoryNames=####&limit=####
- albumne####.zw####.com/v2/album/list?limit=####
Запросы HTTP POST:
- a####.sdkce####.com/
- cf.gdata####.net/config/update
- cf.gdata####.net/dc/sync_adr
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/0f5a46b147ebf8b0ce423e7b8f55239f0a7....0.tmp
- <Package Folder>/cache/####/1ac9f76de2db94486091613303ddb22faaf....0.tmp
- <Package Folder>/cache/####/1ed8ac44a2ee408d55dabb520398cfc108f....0.tmp
- <Package Folder>/cache/####/1f7e2c6ba8271d3a6ae3e564350a01ee36b....0.tmp
- <Package Folder>/cache/####/2be205c045f0f9d559eed53775862e6c7ca....0.tmp
- <Package Folder>/cache/####/3188b7611d0f5722c1422fcf619055d8c55....0.tmp
- <Package Folder>/cache/####/3d55ec98f4268f3fab5ee3d87f4473ee164....0.tmp
- <Package Folder>/cache/####/3e4b56f1f143e91b400732f243f2089a54d....0.tmp
- <Package Folder>/cache/####/43c800613f01f1e0d41af6abecb45c30ade....0.tmp
- <Package Folder>/cache/####/51309e78a808154cadf92f39757462c479a....0.tmp
- <Package Folder>/cache/####/5ddb3a2944a3ff8f4fd7fd2b2f42a848ffd....0.tmp
- <Package Folder>/cache/####/610158e8efc845820bf8dfc55cd479b38a1....0.tmp
- <Package Folder>/cache/####/6473e524609483423d54d8ef4943b0542dc....0.tmp
- <Package Folder>/cache/####/6c37f101ac918682a853f2681ce6e1c38e6....0.tmp
- <Package Folder>/cache/####/711fe28c3b4fc2d94ac7ba6452d6d89ff6d....0.tmp
- <Package Folder>/cache/####/7c6a1b468c89e9eff81570e1b7bf1cd1c8d....0.tmp
- <Package Folder>/cache/####/86a09f02de444be22e7b428359a94591b6d....0.tmp
- <Package Folder>/cache/####/8e9fa74c980ad3485693b950e43091b7479....0.tmp
- <Package Folder>/cache/####/931b535ff360e70699a720f0fe086175d36....0.tmp
- <Package Folder>/cache/####/9480d3b6855b160cd6e5e9bae2f6faa72a9....0.tmp
- <Package Folder>/cache/####/9555e3606321670b97deed4a6cb924d91da....0.tmp
- <Package Folder>/cache/####/97925868e8f5977717d735333e5296d1d30....0.tmp
- <Package Folder>/cache/####/9da9b17f160410d17db9a1ea7b40e8a97ae....0.tmp
- <Package Folder>/cache/####/9f989ad03114a1a46b803b32223ea4c52d3....0.tmp
- <Package Folder>/cache/####/a139e36380ecae1adfbb10ec9fbc0f089a2....0.tmp
- <Package Folder>/cache/####/acea31dd29215b1ea43a7d388c70a330290....0.tmp
- <Package Folder>/cache/####/b00fe89cca14fcc585b5abe2e17a8a34619....0.tmp
- <Package Folder>/cache/####/b2c1793487cd13f79ad6c4175e6fc462928....0.tmp
- <Package Folder>/cache/####/b339c9251593068c28147a8eb8ecee2e76f....0.tmp
- <Package Folder>/cache/####/b5b19e8a06eaa05fa2c55db6bd8ae1119b2....0.tmp
- <Package Folder>/cache/####/b69f9268fac492ff8583d2e3517937204dc....0.tmp
- <Package Folder>/cache/####/b6de03c5022d8f30452ea82cb2998043fb8....0.tmp
- <Package Folder>/cache/####/b77a9796ec273d849d7830111337f5c3b2f....0.tmp
- <Package Folder>/cache/####/b8f50f80f2e477d48554ff062d61195eb8c....0.tmp
- <Package Folder>/cache/####/b902fa954ba107827b58903b0af92fd2673....0.tmp
- <Package Folder>/cache/####/be5d8d4243c47c589c42ac0f4d4c7f32f12....0.tmp
- <Package Folder>/cache/####/c72f624a5d61a6b926c18eabeab0e6d50ef....0.tmp
- <Package Folder>/cache/####/c884dbf09e501b927e6327c150b8257635f....0.tmp
- <Package Folder>/cache/####/c8a46604a394876f0ece762fdf68d4d72e6....0.tmp
- <Package Folder>/cache/####/d03b80180c4ae8880c4b7a4fb63ccd1bc32....0.tmp
- <Package Folder>/cache/####/d620ae344949f9e2357290b032c7f0dfd45....0.tmp
- <Package Folder>/cache/####/e12276d17be98708ad0c8b0eedc39852dbb....0.tmp
- <Package Folder>/cache/####/f91ca146cc143dca8d1605ff5cc8e9f9c63....0.tmp
- <Package Folder>/cache/####/fd3fb80d27ab0973995872def26bffbea4b....0.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/code_cache/####/MultiDex.lock
- <Package Folder>/code_cache/####/tmp-<Package>-1.apk.classes1761293372.zip
- <Package Folder>/databases/dataeye_database_B3524738BEC8FC87383...52E.db
- <Package Folder>/databases/dataeye_database_B3524738BEC8FC87383...ournal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/AppEventsLogger.persistedevents
- <Package Folder>/files/DataEye_Android.jar
- <Package Folder>/files/glcore.jar
- <Package Folder>/files/glso.jar
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/FBAdPrefs.xml
- <Package Folder>/shared_prefs/SDKIDFA.xml
- <Package Folder>/shared_prefs/all_info_data.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.appEventPreferences.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.attributionTracking.xml
- <Package Folder>/shared_prefs/database.xml
- <Package Folder>/shared_prefs/dc.B3524738BEC8FC87383795709AC095...es.xml
- <Package Folder>/shared_prefs/dc.B3524738BEC8FC87383795709AC095...ml.bak
- <Package Folder>/shared_prefs/multidex.version.xml
- <SD-Card>/.SystemService/####/2D7F07BB6125DEB407E92A22DC4AC550
- <SD-Card>/.SystemService/####/uid
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh
- ls -l /sbin/su
- ls -l /system/bin/su
- ls -l /system/sbin/su
- ls -l /system/xbin/su
- ls -l /vendor/bin/su
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- DES-CBC-PKCS5Padding
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
