Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.683.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) www.wush####.com:80
- TCP(HTTP/1.1) m.wush####.com:80
- TCP(HTTP/1.1) 1####.76.224.67:80
- TCP(HTTP/1.1) st####.mobih####.com:80
- TCP(HTTP/1.1) 1####.185.149.167:80
- TCP(HTTP/1.1) cdn.img.h####.####.com:80
- TCP(HTTP/1.1) cdn.game####.org:80
- TCP(HTTP/1.1) st####.dc####.net.cn:80
- TCP(TLS/1.0) k####.onetwo####.top:443
Запросы DNS:
- api.wush####.com
- cdn.app.h####.top
- cdn.game####.org
- cdn.img.h####.top
- k####.onetwo####.top
- m.wush####.com
- st####.dc####.net.cn
- st####.mobih####.com
- www.wush####.com
Запросы HTTP GET:
- 1####.185.149.167/swenjian/ac
- cdn.game####.org/strategy/base
- cdn.game####.org/strategy/dev_root2
- cdn.game####.org/strategy/larger4.3
- cdn.game####.org/strategy/loss_4.3
- cdn.game####.org/strategy/sul18
- cdn.img.h####.####.com/upload/201805/7/app/20180507213207228.apk
- cdn.img.h####.####.com/upload/201805/7/img/20180507213156978.jpg
- m.wush####.com/Article?tabName=####
- m.wush####.com/static/app/zixuewushu/update.html?1525751####
- st####.dc####.net.cn/resource/icon?appid=####&width=####&__am=####&imei=...
- st####.mobih####.com/resource/icon?appid=####&width=####&__am=####&imei=...
- www.wush####.com/Article?articleId=####&getCatalog=####
- www.wush####.com/Comment?pageIndex=####&pageSize=####&sonPageSize=####&c...
- www.wush####.com/static/app/zixuewushu/update.html?1525751####
- www.wush####.com/static/img/no_headimg.jpg
- www.wush####.com/static/up/2015/0630/f5e3a25b-c1e4-4518-af38-b9fd447df5c...
- www.wush####.com/static/up/2015/0927/28c62b1f-b0f1-422d-a51d-bdeb4b27421...
- www.wush####.com/static/up/2017/0403/e61bcca1-156b-4f38-aa1a-02ecfb2197e...
- www.wush####.com/static/up/2017/0407/cb069a06-04c0-4823-ac17-e9dc7b73c4c...
- www.wush####.com/static/up/2017/0414/1c7c1770-2fec-433c-8b75-aec37ad8000...
- www.wush####.com/static/up/2017/0419/76df5d89-a924-4f1f-b3fc-5a413e7a9db...
- www.wush####.com/static/up/2017/0420/50494815-51f0-440b-8f3a-19efb424c38...
- www.wush####.com/static/up/2017/0508/65e2e0e1-5ae1-4ef5-bbad-f4757d90eef...
- www.wush####.com/static/up/2017/0511/4ecc5c20-df0e-46b7-9a0f-feac06e60d0...
- www.wush####.com/static/up/2017/0513/af1a95bf-6838-4d06-aebc-1607a3ccb8e...
- www.wush####.com/static/up/2017/0806/97e5ff17-1dfc-4fe2-8cff-7dcca69f846...
- www.wush####.com/static/up/2017/0831/7f7eebe9-f239-47b5-adec-8b4b5e6f621...
- www.wush####.com/static/up/2017/0907/34193ebd-be27-4dda-af21-c5196cf5e3b...
- www.wush####.com/static/up/2017/0908/7c32d834-8050-4914-81f7-2eef0f21aa1...
- www.wush####.com/static/up/2017/0909/0e363954-673b-4ed0-9e18-533ae26212a...
- www.wush####.com/static/up/2017/0909/6963c912-a073-4c12-b66d-99aaf5290f6...
- www.wush####.com/static/up/2017/0909/c1a3d9f3-33b5-4274-8bad-4c19d2edf0f...
- www.wush####.com/static/up/2017/0909/cbc35a0f-2530-4ff3-be04-4d70224b1da...
- www.wush####.com/static/up/2017/0909/f6bd0add-818e-4982-a728-554235b8f1a...
- www.wush####.com/static/up/2017/0910/6e29a640-1f4b-4924-bc55-9bbaa637e98...
- www.wush####.com/static/up/2017/0910/c1b45c4d-bb2d-4f9f-a980-6a77f1b941d...
- www.wush####.com/static/up/2017/1002/e07107ba-8724-49e6-b6f4-da0ca11eb6c...
- www.wush####.com/static/up/2017/1007/00b06fba-c518-49e3-9f25-1766688bc14...
- www.wush####.com/static/up/2017/1014/e7e1259b-22ef-4e32-a874-1b5c1f18856...
- www.wush####.com/static/up/2017/1020/6ac9fdba-cda8-488d-be67-955d7acdcaf...
- www.wush####.com/static/up/2017/1020/dd861544-656a-4d1b-ad23-1f3e2561848...
- www.wush####.com/static/up/2017/1108/474a17b5-a097-41fa-be46-63467d60483...
- www.wush####.com/static/up/2017/1111/a644ce27-b2cf-400f-ac3d-5b3037c9478...
- www.wush####.com/static/up/2017/1119/56c8870a-d118-433a-8350-7eebcfa28d4...
- www.wush####.com/static/up/2017/1119/7fb15618-2f6a-401c-ac67-60fe5404621...
- www.wush####.com/static/up/2017/1119/ac97e6f0-42d9-45e1-bd62-98ca263e541...
- www.wush####.com/static/up/2017/1124/82ab607a-7026-4665-93d4-564d012c199...
- www.wush####.com/static/up/2017/1229/a65c3841-edd7-4b3c-80db-c9ac4d58204...
- www.wush####.com/static/up/2018/0110/4a20e1ac-8bd4-442a-aea8-d4eea84a2ea...
- www.wush####.com/static/up/2018/0110/510c1c63-d96a-4830-aa6f-d029c5458a2...
- www.wush####.com/static/up/2018/0110/8a0dee77-2efc-4b35-9ce2-34c71d9c310...
- www.wush####.com/static/up/2018/0110/8b01b133-6190-45d6-938d-0e89bc0895d...
- www.wush####.com/static/up/2018/0110/8b8d993b-5d0d-4e83-b26b-438e095f7a6...
- www.wush####.com/static/up/2018/0110/96973126-8323-48f7-b938-569f5f00291...
- www.wush####.com/static/up/2018/0110/b503fc2b-9775-429a-8050-b45ef6b2c5b...
- www.wush####.com/static/up/2018/0111/e2b42546-9244-464d-9f97-a0c8b0c0c2e...
- www.wush####.com/static/up/2018/0114/215e394d-0d53-4c1d-83a4-09d1b818a7a...
- www.wush####.com/static/up/2018/0114/2d215aa3-ceaa-4429-9396-2a0a3a716f0...
- www.wush####.com/static/up/2018/0114/4267e0bd-e734-4d80-a149-ac4934c6766...
- www.wush####.com/static/up/2018/0221/fa19060f-3f09-4c55-9496-2ba0166446f...
- www.wush####.com/static/up/2018/0226/7c7f20b9-a7d1-4c47-9392-4f87fd951ba...
- www.wush####.com/static/up/2018/0226/d3371c68-2a4d-4cd1-9c5b-23cea248f54...
- www.wush####.com/static/up/2018/0302/5980b1a7-3cb6-46d8-b08a-2adfed8f229...
- www.wush####.com/static/up/2018/0302/c8782390-3f9f-41f1-8e5a-0d9827ba2db...
- www.wush####.com/static/up/2018/0306/2a0b2fa7-d8c2-45a5-81b7-d1768a06758...
- www.wush####.com/static/up/2018/0306/616cc297-d8b8-4928-abd7-f859df4e3c5...
- www.wush####.com/static/up/2018/0306/ac1b5e6a-c8b8-4f30-abf4-5e2856f9723...
- www.wush####.com/static/up/2018/0306/e8de4186-2921-4230-a119-8b10c7e2032...
- www.wush####.com/static/up/2018/0322/a928602a-2933-4e7b-b6ca-21c145c9466...
- www.wush####.com/static/up/2018/0322/ae932a81-08d1-44fd-a7b2-755f2026eb4...
- www.wush####.com/static/up/2018/0322/b06c2b49-b700-424d-8385-c99c42319de...
- www.wush####.com/static/up/2018/0322/c0739313-9a8b-4f63-bd3a-30ccf1c5c20...
- www.wush####.com/static/up/2018/0322/cfc3b4b2-2753-466e-9a3c-963eab11eaf...
- www.wush####.com/static/up/2018/0322/f6c48a63-1f2a-4791-a359-837b3a54480...
- www.wush####.com/static/up/2018/0507/049fc5db-2fe6-4e47-b639-640c276b701...
- www.wush####.com/static/up/2018/0507/3099174d-99e2-4eea-a249-562a1d7283d...
- www.wush####.com/static/up/2018/0507/82ed7f10-8a44-4b82-8bb3-b70c406e236...
- www.wush####.com/static/up/2018/0507/8fd2e091-7517-4abf-b944-befa9b3b7ec...
- www.wush####.com/static/up/2018/0507/b1356476-0461-499c-9654-5cf7724a309...
- www.wush####.com/static/up/2018/0507/b2462509-5039-4243-9402-e513410f43f...
- www.wush####.com/static/up/2018/0507/bb601c4a-7ae5-43d6-b188-14b7f2fb39b...
- www.wush####.com/static/up/2018/0507/bd69b6da-4402-4aff-a9c1-3f7e9e4fdc6...
- www.wush####.com/static/up/2018/0507/d9759b65-f183-4e57-92b1-10901427af0...
- www.wush####.com/static/up/2018/0508/17e114ef-c93b-4289-9399-9bdbc91f34b...
- www.wush####.com/static/up/2018/0508/25385515-8161-4f14-b864-b1f05fe71e3...
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imei.txt
- /data/data/####/15cf09bb-06b6-429f-a414-cf90c36feb74
- /data/data/####/1740c449fc10be62df60ba0f18696c9f
- /data/data/####/23f6e7cc-0667-4078-b623-900f3c812286
- /data/data/####/32edd79a240b5f1e461d069caab1ec3e
- /data/data/####/675f13be-10dd-4db1-85db-3394901545cf
- /data/data/####/9871404e-5dde-4df9-944f-b63fa464d607
- /data/data/####/H5ED6FF72.xml
- /data/data/####/LgkActivity.xml
- /data/data/####/Matrix
- /data/data/####/RqService.jar
- /data/data/####/RqService.xml
- /data/data/####/SUBOXLOG_
- /data/data/####/alldown.xml
- /data/data/####/b0141e478b25af7c40a8cca8de6c4708
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/d615d997-18d9-4448-a8f2-57a00c07b18e
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dd2fb2d2-94c1-4f45-91d4-59520772130b.jar
- /data/data/####/ddexe
- /data/data/####/debuggerd
- /data/data/####/device.db
- /data/data/####/ebn.xml
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/fe8bb702-6f86-4f03-b3e3-1c70d63df04a
- /data/data/####/fileWork
- /data/data/####/index
- /data/data/####/install-recovery.sh
- /data/data/####/mobclick_agent_cached_com.asgffhjkdsgsdf.asdsaf90
- /data/data/####/pdr.xml
- /data/data/####/pidof
- /data/data/####/pqwn.db-journal
- /data/data/####/root3
- /data/data/####/su
- /data/data/####/supolicy
- /data/data/####/toolbox
- /data/data/####/umeng_general_config.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/wsroot.sh
- /data/media/####/.imei.txt
- /data/media/####/1080_1882.png
- /data/media/####/240_282.png
- /data/media/####/2c7a1bf6bd3fd
- /data/media/####/320_442.png
- /data/media/####/404.png
- /data/media/####/480_762.png
- /data/media/####/4aed3e080d8c076d75cc0110562983e7.apk
- /data/media/####/720_1242.png
- /data/media/####/address-module.js
- /data/media/####/ap314.tmp
- /data/media/####/ap314.tmp (deleted)
- /data/media/####/article-class-config.js
- /data/media/####/baguazhang.jpg
- /data/media/####/bajiquan.jpg
- /data/media/####/bangfa.jpg
- /data/media/####/baxiroushu.png
- /data/media/####/bianfa.png
- /data/media/####/changquan.jpg
- /data/media/####/chaquan.png
- /data/media/####/chuojiao.png
- /data/media/####/collect_del.png
- /data/media/####/collect_edit.png
- /data/media/####/comment-module.js
- /data/media/####/common.css
- /data/media/####/common.js
- /data/media/####/crash_1525751579925_2018-05-08-03-52-59.log
- /data/media/####/daoshu.png
- /data/media/####/ditangquan.png
- /data/media/####/eluosisangbo.png
- /data/media/####/emei.png
- /data/media/####/fangshenziwei.jpg
- /data/media/####/fanziquan.png
- /data/media/####/feilvbinduangun.png
- /data/media/####/fufa.jpg
- /data/media/####/gunshu.png
- /data/media/####/hanguotaiquandao.png
- /data/media/####/hdp1.jpg
- /data/media/####/hdp2.jpg
- /data/media/####/hdp3.jpg
- /data/media/####/hdp4.jpg
- /data/media/####/iconbg.png
- /data/media/####/iconfont.css
- /data/media/####/iconfont.eot
- /data/media/####/iconfont.svg
- /data/media/####/iconfont.ttf
- /data/media/####/iconfont.woff
- /data/media/####/im314.tmp
- /data/media/####/info-catalog-and-read.css
- /data/media/####/info-catalog-and-read.js
- /data/media/####/info-catalog.html
- /data/media/####/info-list.html
- /data/media/####/info-list.js
- /data/media/####/info-read.html
- /data/media/####/info-search.css
- /data/media/####/info-search.html
- /data/media/####/info-search.js
- /data/media/####/jianshu.png
- /data/media/####/jiequandao.png
- /data/media/####/jquery-1.9.1.min.js
- /data/media/####/jquery.lazyload.min.js
- /data/media/####/lazyload.png
- /data/media/####/list_icon.png
- /data/media/####/loading.gif
- /data/media/####/logo.png
- /data/media/####/logout.jpg
- /data/media/####/manifest.json
- /data/media/####/meiguokaroukenquan.png
- /data/media/####/mui.min.css
- /data/media/####/mui.min.js
- /data/media/####/mui.ttf
- /data/media/####/nanquan.png
- /data/media/####/piguaquan.png
- /data/media/####/qiangshu.png
- /data/media/####/qigong.png
- /data/media/####/qinna.jpg
- /data/media/####/qitagongfu.png
- /data/media/####/qitaqixie.jpg
- /data/media/####/quanji.png
- /data/media/####/ribenheqidao.png
- /data/media/####/ribenjiandao.png
- /data/media/####/ribenkongshoudao.png
- /data/media/####/ribenrenshu.png
- /data/media/####/ribenroudao.png
- /data/media/####/sanda.png
- /data/media/####/sanhuangpaochui.png
- /data/media/####/shaolin.png
- /data/media/####/shuaijiao.jpg
- /data/media/####/system-about.html
- /data/media/####/tab-main.html
- /data/media/####/tab-main.js
- /data/media/####/tab-subpage-baike.html
- /data/media/####/tab-subpage-baike.js
- /data/media/####/tab-subpage-gongfa.html
- /data/media/####/tab-subpage-gongfa.js
- /data/media/####/tab-subpage-home.html
- /data/media/####/tab-subpage-home.js
- /data/media/####/tab-subpage-topic.css
- /data/media/####/tab-subpage-topic.html
- /data/media/####/tab-subpage-topic.js
- /data/media/####/taijiquan.png
- /data/media/####/taiquan.png
- /data/media/####/tongbeiquan.png
- /data/media/####/topic-add.html
- /data/media/####/topic-add.js
- /data/media/####/topic-info.css
- /data/media/####/topic-info.html
- /data/media/####/topic-info.js
- /data/media/####/update.js
- /data/media/####/user-center.html
- /data/media/####/user-center.js
- /data/media/####/user-collect.html
- /data/media/####/user-collect.js
- /data/media/####/user-edit-account.html
- /data/media/####/user-edit-account.js
- /data/media/####/user-edit-head.html
- /data/media/####/user-edit-head.js
- /data/media/####/user-edit-pwd.html
- /data/media/####/user-edit-pwd.js
- /data/media/####/user-login.html
- /data/media/####/user-login.js
- /data/media/####/wudang.png
- /data/media/####/xiangxingquan.jpg
- /data/media/####/xingyiquan.png
- /data/media/####/xinyiquan.png
- /data/media/####/yiquandachengquan.png
- /data/media/####/yongchunquan.png
Другие:
Запускает следующие shell-скрипты:
- chmod 777 /storage/emulated/0/instal/4aed3e080d8c076d75cc0110562983e7.apk
- chmod 777 Matrix ddexe debuggerd device.db fileWork install-recovery.sh pidof root3 su supolicy toolbox wsroot.sh
- chmod 777 Matrix ddexe debuggerd fileWork install-recovery.sh pidof su supolicy toolbox wsroot.sh
- sh
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
