Android.Spy.2159

Техническая информация

Вредоносные функции:

Отправляет СМС-сообщения:

106901332942: rg|372|AhB3j.S11wiZPLfC4voMlAPLf5l4OMLO8Og5z74T384x3lpnEC8abYxgsd2.pAnAm0Qtopy1eAsgrc5np9TDqkGys45mrjT37HxXi46JIVE!

Загружает на исполнение код следующих детектируемых угроз:

Android.Spy.373.origin

Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).

Сетевая активность:

Подключается к:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) f####.gst####.com:80
TCP(HTTP/1.1) csk.cns####.com:9003
TCP(HTTP/1.1) f####.google####.com:80
TCP(HTTP/1.1) 1####.55.161.68:29092
TCP(HTTP/1.1) ti####.c####.l####.####.com:80

Запросы DNS:

csk.cns####.com
csk.mc####.com
f####.google####.com
f####.gst####.com
h####.funu####.com

Запросы HTTP GET:

f####.google####.com/css?family=####&subset=####
f####.gst####.com/s/francoisone/v11/_Xmr-H4zszafZw3A-KPSZut9wQiUmfW_Aw.ttf
f####.gst####.com/s/londrinasolid/v6/flUhRq6sw40kQEJxWNgkLuudGfNeKBYet5H...
ti####.c####.l####.####.com/
ti####.c####.l####.####.com/assets/audio/achievement.mp3
ti####.c####.l####.####.com/assets/audio/bgm1.mp3
ti####.c####.l####.####.com/assets/audio/bgm2.mp3
ti####.c####.l####.####.com/assets/audio/bgm_lose.mp3
ti####.c####.l####.####.com/assets/audio/burning.mp3
ti####.c####.l####.####.com/assets/audio/cannon.mp3
ti####.c####.l####.####.com/assets/audio/click.mp3
ti####.c####.l####.####.com/assets/audio/coin.mp3
ti####.c####.l####.####.com/assets/audio/coin_drops.mp3
ti####.c####.l####.####.com/assets/audio/countdown.mp3
ti####.c####.l####.####.com/assets/audio/crash.mp3
ti####.c####.l####.####.com/assets/audio/danger.mp3
ti####.c####.l####.####.com/assets/audio/defense.mp3
ti####.c####.l####.####.com/assets/audio/descend.mp3
ti####.c####.l####.####.com/assets/audio/desis.mp3
ti####.c####.l####.####.com/assets/audio/dragon.mp3
ti####.c####.l####.####.com/assets/audio/explode1.mp3
ti####.c####.l####.####.com/assets/audio/explode2.mp3
ti####.c####.l####.####.com/assets/audio/explode_big.mp3
ti####.c####.l####.####.com/assets/audio/failed.mp3
ti####.c####.l####.####.com/assets/audio/flame.mp3
ti####.c####.l####.####.com/assets/audio/harpoon.mp3
ti####.c####.l####.####.com/assets/audio/octopus.mp3
ti####.c####.l####.####.com/assets/audio/special_1.mp3
ti####.c####.l####.####.com/assets/audio/stab.mp3
ti####.c####.l####.####.com/assets/audio/star.mp3
ti####.c####.l####.####.com/assets/audio/success.mp3
ti####.c####.l####.####.com/assets/audio/sword.mp3
ti####.c####.l####.####.com/assets/audio/water1.mp3
ti####.c####.l####.####.com/assets/audio/xxl_explode.mp3
ti####.c####.l####.####.com/assets/audio/xxl_open.mp3
ti####.c####.l####.####.com/assets/img/achievement.json
ti####.c####.l####.####.com/assets/img/achievement.png
ti####.c####.l####.####.com/assets/img/anim_flag.json
ti####.c####.l####.####.com/assets/img/anim_flag.png
ti####.c####.l####.####.com/assets/img/back_1.png
ti####.c####.l####.####.com/assets/img/bg_1_0.png
ti####.c####.l####.####.com/assets/img/bg_1_1.png
ti####.c####.l####.####.com/assets/img/bg_1_2.png
ti####.c####.l####.####.com/assets/img/bg_1_3.png
ti####.c####.l####.####.com/assets/img/bg_1_4.png
ti####.c####.l####.####.com/assets/img/bg_1_5.png
ti####.c####.l####.####.com/assets/img/bg_1_6.png
ti####.c####.l####.####.com/assets/img/bg_loading.png
ti####.c####.l####.####.com/assets/img/bg_trans.png
ti####.c####.l####.####.com/assets/img/cover.json
ti####.c####.l####.####.com/assets/img/cover.png
ti####.c####.l####.####.com/assets/img/global.json
ti####.c####.l####.####.com/assets/img/global.png
ti####.c####.l####.####.com/assets/img/loading_bar.png
ti####.c####.l####.####.com/assets/img/ship.json
ti####.c####.l####.####.com/assets/img/ship.png
ti####.c####.l####.####.com/config.js
ti####.c####.l####.####.com/css/orientation_landscape.png
ti####.c####.l####.####.com/css/stylesheet.css
ti####.c####.l####.####.com/lang.js
ti####.c####.l####.####.com/publisher.js
ti####.c####.l####.####.com/shared/booster/api.js
ti####.c####.l####.####.com/shared/booster/v3.3.4/css/booster-api.css
ti####.c####.l####.####.com/shared/booster/v3.3.4/images/BoosterMedia320...
ti####.c####.l####.####.com/shared/booster/v3.3.4/images/rotate.png
ti####.c####.l####.####.com/shared/booster/v3.3.4/js/booster-api.js
ti####.c####.l####.####.com/shared/booster/v3.3.4/lang/en-us.csv
ti####.c####.l####.####.com/src/components/basestate.js
ti####.c####.l####.####.com/src/components/bg.js
ti####.c####.l####.####.com/src/components/map1.js
ti####.c####.l####.####.com/src/components/map2.js
ti####.c####.l####.####.com/src/components/map3.js
ti####.c####.l####.####.com/src/components/map4.js
ti####.c####.l####.####.com/src/components/pause.js
ti####.c####.l####.####.com/src/components/result.js
ti####.c####.l####.####.com/src/core/asset.js
ti####.c####.l####.####.com/src/core/branding.js
ti####.c####.l####.####.com/src/core/clink.js
ti####.c####.l####.####.com/src/core/csound.js
ti####.c####.l####.####.com/src/core/cspine.js
ti####.c####.l####.####.com/src/core/cstorage.js
ti####.c####.l####.####.com/src/core/ctimelog.js
ti####.c####.l####.####.com/src/core/dataku.js
ti####.c####.l####.####.com/src/core/init.js
ti####.c####.l####.####.com/src/core/lz-string.min.js
ti####.c####.l####.####.com/src/core/phaser.min.js
ti####.c####.l####.####.com/src/core/platform.js
ti####.c####.l####.####.com/src/core/scm.js
ti####.c####.l####.####.com/src/core/utils.js
ti####.c####.l####.####.com/src/data/data.js
ti####.c####.l####.####.com/src/data/dataenemy.js
ti####.c####.l####.####.com/src/data/datastage.js
ti####.c####.l####.####.com/src/data/sounddata.js
ti####.c####.l####.####.com/src/entity/basefunction.js
ti####.c####.l####.####.com/src/entity/boss1.js
ti####.c####.l####.####.com/src/entity/boss2.js
ti####.c####.l####.####.com/src/entity/boss3.js
ti####.c####.l####.####.com/src/entity/boss4.js
ti####.c####.l####.####.com/src/entity/effectspecial0.js
ti####.c####.l####.####.com/src/entity/enemy1.js
ti####.c####.l####.####.com/src/entity/enemy10.js
ti####.c####.l####.####.com/src/entity/enemy11.js
ti####.c####.l####.####.com/src/entity/enemy12.js
ti####.c####.l####.####.com/src/entity/enemy2.js
ti####.c####.l####.####.com/src/entity/enemy3.js
ti####.c####.l####.####.com/src/entity/enemy4.js
ti####.c####.l####.####.com/src/entity/enemy5.js
ti####.c####.l####.####.com/src/entity/enemy6.js
ti####.c####.l####.####.com/src/entity/enemy7.js
ti####.c####.l####.####.com/src/entity/enemy8.js
ti####.c####.l####.####.com/src/entity/enemy9.js
ti####.c####.l####.####.com/src/entity/enemybomb.js
ti####.c####.l####.####.com/src/entity/enemyflame.js
ti####.c####.l####.####.com/src/entity/enemygrenade.js
ti####.c####.l####.####.com/src/entity/enemyharpoon.js
ti####.c####.l####.####.com/src/entity/enemyice.js
ti####.c####.l####.####.com/src/entity/enemymolotov.js
ti####.c####.l####.####.com/src/entity/enemysembur.js
ti####.c####.l####.####.com/src/entity/flame.js
ti####.c####.l####.####.com/src/entity/grenade.js
ti####.c####.l####.####.com/src/entity/harpoon.js
ti####.c####.l####.####.com/src/entity/hydra1.js
ti####.c####.l####.####.com/src/entity/hydra2.js
ti####.c####.l####.####.com/src/entity/hydra3.js
ti####.c####.l####.####.com/src/entity/hydrahead.js
ti####.c####.l####.####.com/src/entity/ice.js
ti####.c####.l####.####.com/src/entity/mine.js
ti####.c####.l####.####.com/src/entity/ship.js
ti####.c####.l####.####.com/src/entity/special0.js
ti####.c####.l####.####.com/src/entity/special1.js
ti####.c####.l####.####.com/src/entity/treasure.js
ti####.c####.l####.####.com/src/game/cachievement.js
ti####.c####.l####.####.com/src/game/ccover.js
ti####.c####.l####.####.com/src/game/cgame.js
ti####.c####.l####.####.com/src/game/cmainmenu.js
ti####.c####.l####.####.com/src/game/cpreloader.js
ti####.c####.l####.####.com/src/game/cstage.js
ti####.c####.l####.####.com/src/game/cupgrade.js
ti####.c####.l####.####.com/src/game/main.js
ti####.c####.l####.####.com/webfont.js

Запросы HTTP POST:

csk.cns####.com:9003/csk/c_s/g_f.json
csk.cns####.com:9003/csk/st_c/cn_i_sec.json
csk.cns####.com:9003/csk/st_c/cn_sk_Order.json
csk.cns####.com:9003/csk/st_c/cn_sk_login.json
csk.cns####.com:9003/csk/st_c/cn_sk_specialVersion.json
csk.cns####.com:9003/csk/st_c/cn_sk_tj.json
csk.cns####.com:9003/csk/st_c/getst_tegy.json

Изменения в файловой системе:

Создает следующие файлы:

/data/data/####/ApplicationCache.db-journal
/data/data/####/aa
/data/data/####/app_test.apk
/data/data/####/brushs.xml
/data/data/####/cds.xml
/data/data/####/data_0
/data/data/####/data_1
/data/data/####/data_2
/data/data/####/data_3
/data/data/####/f_000001
/data/data/####/f_000002
/data/data/####/f_000003
/data/data/####/f_000004
/data/data/####/f_000005
/data/data/####/f_000006
/data/data/####/f_000007
/data/data/####/f_000008
/data/data/####/fmoonStore.db
/data/data/####/fmoonStore.db-journal
/data/data/####/index
/data/data/####/jpitecdc.jar
/data/data/####/order_sp.xml
/data/data/####/webview.db-journal
/data/data/####/webviewCookiesChromium.db-journal

Другие:

Загружает динамические библиотеки:

fyak

Использует следующие алгоритмы для шифрования данных:

AES
AES-CBC-PKCS5Padding

Использует следующие алгоритмы для расшифровки данных:

AES
DES-CBC-PKCS5Padding
DESede

Осуществляет доступ к информации о геолокации.

Осуществляет доступ к информации о сети.

Осуществляет доступ к информации о телефоне (номер, imei и тд.).

Осуществляет доступ к информации об установленных приложениях.

Добавляет задания в системный планировщик.

Отрисовывает собственные окна поверх других приложений.

Осуществляет доступ к информации об отправленых/принятых смс.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней