Android.Triada.723

Техническая информация

Вредоносные функции:

Загружает на исполнение код следующих детектируемых угроз:

Android.Triada.248.origin
Android.Triada.309
Android.Triada.373.origin

Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).

Сетевая активность:

Подключается к:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) a####.u####.com:80
TCP(HTTP/1.1) l.ace####.com:80
TCP(HTTP/1.1) cl.mo####.u####.com:80
TCP(HTTP/1.1) img.ace####.com:80
TCP(HTTP/1.1) cf.gdata####.net:80
TCP(HTTP/1.1) loc.map.b####.com:80
TCP(HTTP/1.1) 1####.196.40.71:9600
TCP(HTTP/1.1) 1####.196.40.71:9500

Запросы DNS:

a####.u####.com
cf.gdata####.net
cl.mo####.u####.com
img.ace####.com
l.ace####.com
loc.map.b####.com
rd.gdata####.net

Запросы HTTP GET:

img.ace####.com/ando-res/ads/23/15/274631f7-b216-46c6-8c49-e64bfc112438/...
img.ace####.com/ando-res/ads/24/20/fc717698-8e69-41f5-8ae8-0ed7888c6d37/...
img.ace####.com/ando-res/ads/30/14/f15541de-b7bd-4ff9-97fb-9e6cc9e4e044/...
img.ace####.com/ando-res/ads/31/19/0031a27f-36c1-4947-87d6-ef825ea8a691/...
l.ace####.com/ando/v3/mn?k=####&d=####&m=####

Запросы HTTP POST:

a####.u####.com/app_logs
cf.gdata####.net/config/update
cf.gdata####.net/dc/sync_adr
cl.mo####.u####.com/show.aspx?Key=####
l.ace####.com/ando/v2/ap?app_id=####&r=####
l.ace####.com/ando/v2/lv?app_id=####&r=####
l.ace####.com/ando/v2/qa?app_id=####&r=####
loc.map.b####.com/sdk.php

Изменения в файловой системе:

Создает следующие файлы:

/data/anr/traces.txt
<Package Folder>/.jiagu/libjiagu.so
<Package Folder>/code-5883294/iJsi7U6xTzQj2NuY
<Package Folder>/databases/cc.db
<Package Folder>/databases/cc.db-journal
<Package Folder>/databases/dataeye_database_8627E8C43709E88F1A9...0F2.db
<Package Folder>/databases/dataeye_database_8627E8C43709E88F1A9...ournal
<Package Folder>/databases/ua.db
<Package Folder>/databases/ua.db-journal
<Package Folder>/databases/vi_db_pay-journal
<Package Folder>/databases/webview.db-journal
<Package Folder>/databases/zbWBNbN58tt0d7KHK4cMZkcPd696o-Ur_U4h...SQMA==
<Package Folder>/databases/zbWBNbN58tt0d7KHK4cMZkcPd696o-Ur_U4h...ournal
<Package Folder>/databases/zbWBNbN58tt0d7KHK4cMZkcPd696o-Ur_XaW...ournal
<Package Folder>/databases/zbWBNbN58tt0d7KHK4cMZkcPd696o-Ur_aqj...ournal
<Package Folder>/databases/zbWBNbN58tt0d7KHK4cMZkcPd696o-Ur_aqj...uI9p2G
<Package Folder>/databases/zbWBNbN58tt0d7KHK4cMZkcPd696o-Ur_rbs...-f6JE=
<Package Folder>/databases/zbWBNbN58tt0d7KHK4cMZkcPd696o-Ur_rbs...ournal
<Package Folder>/databases/zbWBNbN58tt0d7KHK4cMZkcPd696o-Ur_zyf...E2bg==
<Package Folder>/databases/zbWBNbN58tt0d7KHK4cMZkcPd696o-Ur_zyf...ournal
<Package Folder>/files/####/-xSQiC-F8YhVtQ03Jbm8xFoMXP8=.new
<Package Folder>/files/####/.jg.ic
<Package Folder>/files/####/0.png
<Package Folder>/files/####/1.png
<Package Folder>/files/####/11b9d124-3166-4ff5-8208-8bd9cbc2efac.pic.temp
<Package Folder>/files/####/1589b65f-5f49-4d77-b84b-1facfce5a279.pic.temp
<Package Folder>/files/####/2.png
<Package Folder>/files/####/2d0593fc-5676-49d5-b664-9b2585da16f9.pic
<Package Folder>/files/####/3RvsNF0AzE6VXMhhRXivVvnhZYWpsV66.new
<Package Folder>/files/####/5.png
<Package Folder>/files/####/68218183-be25-4e1a-9655-dca0c4f2498e.pic
<Package Folder>/files/####/6HLPYisrQZGEjt8Wq65Y6RiQTxC8DTdC.new
<Package Folder>/files/####/6a34866d-f3f0-417c-820d-b9d2100db3ba.pic.temp
<Package Folder>/files/####/73bd9160-278a-4978-98da-ef86912f7a2a.pic.temp
<Package Folder>/files/####/9LmQxYFGpRbGuwaw05eI1ZciaER-eFVwgqMN0A==.new
<Package Folder>/files/####/9z3iDnU6iLKrl8VWe5Hk-A==
<Package Folder>/files/####/B9DC8CD0Rv5qrEBHIPo8czMWGHjePkxZVKR...w=.new
<Package Folder>/files/####/EtWivwZs-Sv-5alWE3dBjw==.new
<Package Folder>/files/####/FGV44pUhlOLGIMQNGDL4jBln392BdvTSJvW_5g==.new
<Package Folder>/files/####/FT2VmOoidYe0k3ol.zip
<Package Folder>/files/####/Fa3XYbmorumg0OJ4HckK8QpH6y_YzK6a.new
<Package Folder>/files/####/GC1eTjkRP_sL7lXdTW_WDSZE3mk=.new
<Package Folder>/files/####/I7TgMMuXEU_SvD_xWeYtuXshwyI=
<Package Folder>/files/####/JTjjtQNLAUDXBe4b5v_6ow==.new
<Package Folder>/files/####/OJklYqx3n2BvNQD6.new
<Package Folder>/files/####/P0oc1qVrEVPUnGUItoozgz772u0egsiVWmFYsA==.new
<Package Folder>/files/####/QeeYRC8nxbwomYXV3fJV63T9hLA9qjgT.new
<Package Folder>/files/####/RB0Z-Y8SaTy6vPjE2LiOFQSHF9a8uS07.new
<Package Folder>/files/####/Stencil.png
<Package Folder>/files/####/SzmR6QOmWfvrmMRyKbgG1AXiYUdI4e9ADCl...E=.new
<Package Folder>/files/####/Tt3PgFi8NZdO-84b-RBbMddbfl8TECqN.new
<Package Folder>/files/####/UYV6ZsIqfMdsePNliYvTR-FXSdueAgyX.new
<Package Folder>/files/####/UeIFg8lRS3h-9HDi
<Package Folder>/files/####/aEFYtjZisNYE8rKuhFw5OmLHSuEs07fpmUi...4=.new
<Package Folder>/files/####/a_1.tmx
<Package Folder>/files/####/acc_1.png
<Package Folder>/files/####/acc_8.png
<Package Folder>/files/####/acc_d.png
<Package Folder>/files/####/acc_g2.png
<Package Folder>/files/####/acc_g3.png
<Package Folder>/files/####/acc_g4.png
<Package Folder>/files/####/acc_g5.png
<Package Folder>/files/####/acc_g6.png
<Package Folder>/files/####/acc_g7.png
<Package Folder>/files/####/acc_g8.png
<Package Folder>/files/####/acc_g9.png
<Package Folder>/files/####/acc_gta.png
<Package Folder>/files/####/acc_kj.png
<Package Folder>/files/####/acc_kj1.png
<Package Folder>/files/####/acc_kj2.png
<Package Folder>/files/####/acc_kk.png
<Package Folder>/files/####/acc_olympic.png
<Package Folder>/files/####/acc_sz.png
<Package Folder>/files/####/assert_dfsagrg0000.png
<Package Folder>/files/####/assert_faewwe0000.png
<Package Folder>/files/####/assert_gabdff0000.png
<Package Folder>/files/####/assert_shucong.png
<Package Folder>/files/####/avCilWilwV6shEFnV0lIXdgDLMA=.new
<Package Folder>/files/####/b307f94b-ba7c-4147-94ce-aba89786062a.pic.temp
<Package Folder>/files/####/background_branch0000.png
<Package Folder>/files/####/bear_selected_0000.png
<Package Folder>/files/####/bgm.mp3
<Package Folder>/files/####/bird_back_effect.plist
<Package Folder>/files/####/bird_back_effect.png
<Package Folder>/files/####/bird_back_effect.tps
<Package Folder>/files/####/bj.png
<Package Folder>/files/####/block.png
<Package Folder>/files/####/bonus.plist
<Package Folder>/files/####/bonus.png
<Package Folder>/files/####/bonus.tps
<Package Folder>/files/####/bonus_effects.plist
<Package Folder>/files/####/bonus_effects.png
<Package Folder>/files/####/bonus_effects_light.png
<Package Folder>/files/####/bonus_effects_line.png
<Package Folder>/files/####/bonus_texture.png
<Package Folder>/files/####/bonustime.mp3
<Package Folder>/files/####/branch_light_mask0000.png
<Package Folder>/files/####/break.mp3
<Package Folder>/files/####/bug_light.plist
<Package Folder>/files/####/bug_light.png
<Package Folder>/files/####/bug_light.tps
<Package Folder>/files/####/cat_selected_0000.png
<Package Folder>/files/####/chicken_selected_0000.png
<Package Folder>/files/####/click.mp3
<Package Folder>/files/####/createcolor.mp3
<Package Folder>/files/####/createstrip.mp3
<Package Folder>/files/####/createwrap.mp3
<Package Folder>/files/####/cz01.png
<Package Folder>/files/####/cz02.png
<Package Folder>/files/####/d0.png
<Package Folder>/files/####/d1.png
<Package Folder>/files/####/d2.png
<Package Folder>/files/####/d3.png
<Package Folder>/files/####/d7.png
<Package Folder>/files/####/darkstar_png0000.png
<Package Folder>/files/####/drop.mp3
<Package Folder>/files/####/ef2bfe2b-39a8-4e1a-b7b4-e200c5f19e85.pic.temp
<Package Folder>/files/####/eliminatecolor.mp3
<Package Folder>/files/####/eliminatestrip.mp3
<Package Folder>/files/####/eliminatewrap.mp3
<Package Folder>/files/####/exchangeIdentity.json
<Package Folder>/files/####/f_ntXWCm5jBWIil1fTyJnQ==
<Package Folder>/files/####/fail.csb
<Package Folder>/files/####/fox_selected_0000.png
<Package Folder>/files/####/frog_selected_0000.png
<Package Folder>/files/####/fz1.png
<Package Folder>/files/####/game_collect_small_star0000.png
<Package Folder>/files/####/game_scores.fnt
<Package Folder>/files/####/game_scores.png
<Package Folder>/files/####/gbvaa_f.zip
<Package Folder>/files/####/gq1.png
<Package Folder>/files/####/gq2.png
<Package Folder>/files/####/hEcAAbrNMlwCuI3B1VngA9xk5YA=.new
<Package Folder>/files/####/hao.csb
<Package Folder>/files/####/horse_selected_0000.png
<Package Folder>/files/####/i1sgs-7VwctaMEW9IuUbQItKbamC3jGC.new
<Package Folder>/files/####/jKP6XkPmVUTsu87KeK9QTP1lmMwUkhHg.new
<Package Folder>/files/####/label_dg.png
<Package Folder>/files/####/label_fs.png
<Package Folder>/files/####/label_fz1.png
<Package Folder>/files/####/lady_bug_icon0000.png
<Package Folder>/files/####/ladybug_glow_circle0000.png
<Package Folder>/files/####/level.csb
<Package Folder>/files/####/level_seq_n_energy_cd.fnt
<Package Folder>/files/####/level_seq_n_energy_cd.png
<Package Folder>/files/####/level_seq_upon_entering.fnt
<Package Folder>/files/####/level_seq_upon_entering.png
<Package Folder>/files/####/light.csb
<Package Folder>/files/####/light.png
<Package Folder>/files/####/line_effect_0000.png
<Package Folder>/files/####/login.csb
<Package Folder>/files/####/luck.csb
<Package Folder>/files/####/main.mp3
<Package Folder>/files/####/map_tile_corner.png
<Package Folder>/files/####/map_tile_edge_long.png
<Package Folder>/files/####/match4.mp3
<Package Folder>/files/####/match5.mp3
<Package Folder>/files/####/match6.mp3
<Package Folder>/files/####/match7.mp3
<Package Folder>/files/####/match8.mp3
<Package Folder>/files/####/mb.png
<Package Folder>/files/####/mb0.png
<Package Folder>/files/####/mko.plist
<Package Folder>/files/####/mko.png
<Package Folder>/files/####/mko.tps
<Package Folder>/files/####/mko_1.png
<Package Folder>/files/####/mko_10.png
<Package Folder>/files/####/mko_11111.png
<Package Folder>/files/####/mko_2.png
<Package Folder>/files/####/mko_3.png
<Package Folder>/files/####/mko_4.png
<Package Folder>/files/####/mko_501.png
<Package Folder>/files/####/mko_502.png
<Package Folder>/files/####/mko_503.png
<Package Folder>/files/####/mko_504.png
<Package Folder>/files/####/mko_601.png
<Package Folder>/files/####/mko_602.png
<Package Folder>/files/####/mko_603.png
<Package Folder>/files/####/mko_604.png
<Package Folder>/files/####/mko_605.png
<Package Folder>/files/####/mko_7.png
<Package Folder>/files/####/mko_8.png
<Package Folder>/files/####/mko_81.png
<Package Folder>/files/####/mko_9.png
<Package Folder>/files/####/mko_cha.png
<Package Folder>/files/####/moveortimecounterbg.png
<Package Folder>/files/####/nIlRd3T8fsVpfOliQ1xg-Ldr4cM5RB9qekW...k=.new
<Package Folder>/files/####/normal_explode.plist
<Package Folder>/files/####/normal_explode.png
<Package Folder>/files/####/normal_explode.tps
<Package Folder>/files/####/out.csb
<Package Folder>/files/####/ov_g5.png
<Package Folder>/files/####/ov_intermediate.png
<Package Folder>/files/####/ov_kj.png
<Package Folder>/files/####/ov_kj1.png
<Package Folder>/files/####/ov_trunk.png
<Package Folder>/files/####/ov_trunkRoot.png
<Package Folder>/files/####/ov_trunkRootBackCloud.png
<Package Folder>/files/####/ov_yun.png
<Package Folder>/files/####/pause_1.png
<Package Folder>/files/####/pause_2.png
<Package Folder>/files/####/pause_3.png
<Package Folder>/files/####/pause_4.png
<Package Folder>/files/####/pause_6.png
<Package Folder>/files/####/pause_7.png
<Package Folder>/files/####/pause_chong.png
<Package Folder>/files/####/prop.csb
<Package Folder>/files/####/prop_amount.fnt
<Package Folder>/files/####/prop_amount.png
<Package Folder>/files/####/prop_changeColorBoard.png
<Package Folder>/files/####/prop_list_add0000.png
<Package Folder>/files/####/props_background0000.png
<Package Folder>/files/####/props_branchs_leaf10000.png
<Package Folder>/files/####/props_branchs_leaf30000.png
<Package Folder>/files/####/props_item_bg_normal10000.png
<Package Folder>/files/####/props_item_bg_normal20000.png
<Package Folder>/files/####/props_label_bg0000.png
<Package Folder>/files/####/q1Qr35lI3XT4ElcZvb4hhg==.new
<Package Folder>/files/####/revive.csb
<Package Folder>/files/####/revive.mp3
<Package Folder>/files/####/rising_score.fnt
<Package Folder>/files/####/rising_score.png
<Package Folder>/files/####/runner_info.prop.new
<Package Folder>/files/####/scene_icon_lable.fnt
<Package Folder>/files/####/scene_icon_lable.png
<Package Folder>/files/####/score_blue.fnt
<Package Folder>/files/####/score_blue.png
<Package Folder>/files/####/score_brown.fnt
<Package Folder>/files/####/score_brown.png
<Package Folder>/files/####/score_green.fnt
<Package Folder>/files/####/score_green.png
<Package Folder>/files/####/score_purple.fnt
<Package Folder>/files/####/score_purple.png
<Package Folder>/files/####/score_red.fnt
<Package Folder>/files/####/score_red.png
<Package Folder>/files/####/score_yellow.fnt
<Package Folder>/files/####/score_yellow.png
<Package Folder>/files/####/sfdg_D.png
<Package Folder>/files/####/shep_zuiduo.png
<Package Folder>/files/####/special_mode.plist
<Package Folder>/files/####/special_mode.png
<Package Folder>/files/####/special_mode.tps
<Package Folder>/files/####/star.mp3
<Package Folder>/files/####/star_normal_gm0000.png
<Package Folder>/files/####/star_twink_gm0000.png
<Package Folder>/files/####/star_white_gm0000.png
<Package Folder>/files/####/startScene_d.png
<Package Folder>/files/####/startScene_d01.png
<Package Folder>/files/####/startScene_fm1.png
<Package Folder>/files/####/startScene_jz.png
<Package Folder>/files/####/startScene_jz1.png
<Package Folder>/files/####/startScene_ksyx.png
<Package Folder>/files/####/startScene_x.png
<Package Folder>/files/####/startScene_z.png
<Package Folder>/files/####/steps_cd.fnt
<Package Folder>/files/####/steps_cd.png
<Package Folder>/files/####/success.csb
<Package Folder>/files/####/taskStar.png
<Package Folder>/files/####/temp_bg_label0000.png
<Package Folder>/files/####/txt9_RixwoWzT4EpCR8M4g8BUqA=.new
<Package Folder>/files/####/ui_commons_ui_transparent_rect_copy0000.png
<Package Folder>/files/####/uzV-Isc7XUmocWp2T1-bDvsKKmo=.new
<Package Folder>/files/####/vgsfb4t7m30000.png
<Package Folder>/files/####/xx.png
<Package Folder>/files/####/yellow_gm_sl0000.png
<Package Folder>/files/####/zb_023470.png
<Package Folder>/files/####/zb_023478.png
<Package Folder>/files/####/zb_033470.png
<Package Folder>/files/####/zb_BtnFreeGet.png
<Package Folder>/files/####/zb_Btnrevive.png
<Package Folder>/files/####/zb_btnBack.png
<Package Folder>/files/####/zb_btnBuy.png
<Package Folder>/files/####/zb_btn_cancel.png
<Package Folder>/files/####/zb_btn_normal.png
<Package Folder>/files/####/zb_btnnext.png
<Package Folder>/files/####/zb_er1.png
<Package Folder>/files/####/zb_er2.png
<Package Folder>/files/####/zb_hao.png
<Package Folder>/files/####/zb_loginIn.png
<Package Folder>/files/####/zb_lost1.png
<Package Folder>/files/####/zb_lost2.png
<Package Folder>/files/####/zb_lost3.png
<Package Folder>/files/####/zb_lost4.png
<Package Folder>/files/####/zb_luck.png
<Package Folder>/files/####/zb_out.png
<Package Folder>/files/####/zb_prop.png
<Package Folder>/files/####/zb_revive.png
<Package Folder>/files/####/zb_sdf2.png
<Package Folder>/files/####/zb_success1.png
<Package Folder>/files/####/zb_success2.png
<Package Folder>/files/####/zb_time.png
<Package Folder>/files/####/zb_wcs1.png
<Package Folder>/files/####/zb_xxx.png
<Package Folder>/files/####/zb_xxx1.png
<Package Folder>/files/.imprint
<Package Folder>/files/com.s.ypay.apk
<Package Folder>/files/exid.dat
<Package Folder>/files/level.xml
<Package Folder>/files/mko.xml
<Package Folder>/files/rdata_comiuxvfwez.new
<Package Folder>/files/temp.zip
<Package Folder>/files/umeng_it.cache
<Package Folder>/shared_prefs/Alvin2.xml
<Package Folder>/shared_prefs/ContextData.xml
<Package Folder>/shared_prefs/SP_REPLACE_CLASSLOADER_CLASS_NAME.xml
<Package Folder>/shared_prefs/dc.8627E8C43709E88F1A91592EE71700...es.xml
<Package Folder>/shared_prefs/dc.8627E8C43709E88F1A91592EE71700...ml.bak
<Package Folder>/shared_prefs/qihoo_jiagu_crash_report.xml
<Package Folder>/shared_prefs/umeng_general_config.xml
<Package Folder>/shared_prefs/unknown.xml
<SD-Card>/.DataStorage/ContextData.xml
<SD-Card>/.SystemService/####/uid
<SD-Card>/.UTSystemConfig/####/Alvin2.xml
<SD-Card>/.armsd/####/21e16184-f854-4dc5-a5dd-d696aa832eda.res
<SD-Card>/.armsd/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=
<SD-Card>/.armsd/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
<SD-Card>/.armsd/####/7822a0dd-06d9-4c28-8c17-0121bea2860c.res
<SD-Card>/.armsd/####/844c7b9d-af5f-45f1-a620-4224d7585d37.res
<SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
<SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
<SD-Card>/.armsd/####/MP8MtaBuguN9jnuSwtN1kQ==
<SD-Card>/.armsd/####/ceef9fb8-54c6-4f44-a289-e7551d48870b.res
<SD-Card>/.armsd/####/r_pkDgN4OhnkSa0D
<SD-Card>/.env/.uunique.new
<SD-Card>/.system_temp/.cfg

Другие:

Запускает следующие shell-скрипты:

/system/bin/sh
<Package Folder>/code-5883294/iJsi7U6xTzQj2NuY -p <Package> -c com.iuxv.fwez.afvkaq.pv.pv.qf.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
cat /sys/block/mmcblk0/device/cid
chmod 755 <Package Folder>/.jiagu/libjiagu.so
ls -l /sbin/su
ls -l /system/bin/su
ls -l /system/sbin/su
ls -l /system/xbin/su
ls -l /vendor/bin/su
sh <Package Folder>/code-5883294/iJsi7U6xTzQj2NuY -p <Package> -c com.iuxv.fwez.afvkaq.pv.pv.qf.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung

Загружает динамические библиотеки:

cocos2dcpp
libjiagu

Использует следующие алгоритмы для шифрования данных:

AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding
DES-ECB-NoPadding

Использует следующие алгоритмы для расшифровки данных:

AES-CBC-PKCS7Padding
DES-ECB-NoPadding

Использует специальную библиотеку для скрытия исполняемого байткода.

Осуществляет доступ к информации о геолокации.

Осуществляет доступ к информации о сети.

Осуществляет доступ к информации о телефоне (номер, imei и тд.).

Осуществляет доступ к информации об установленных приложениях.

Осуществляет доступ к информации о запущенных приложениях.

Добавляет задания в системный планировщик.

Отрисовывает собственные окна поверх других приложений.

Осуществляет доступ к информации об отправленых/принятых смс.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней