Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.570.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) star####.edges####.net:80
- TCP(HTTP/1.1) infoeve####.startap####.com:80
- TCP(HTTP/1.1) getbest####.com:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(HTTP/1.1) i####.st####.startap####.com:80
- TCP(HTTP/1.1) choosey####.com:80
- TCP(HTTP/1.1) dsa.startap####.edg####.net:80
- TCP(TLS/1.0) ssl.gst####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) adser####.go####.com:443
- TCP(TLS/1.0) c####.jq####.com:443
- TCP(TLS/1.0) 2####.58.212.142:443
- TCP(TLS/1.0) mc.ya####.ru:443
- TCP(TLS/1.0) www.go####.nl:443
- TCP(TLS/1.0) cl####.mob####.net:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) i####.st####.startap####.com:443
- TCP(TLS/1.0) t1.mob####.net:443
- TCP(TLS/1.0) va.ec.startap####.com:443
Запросы DNS:
- adser####.go####.com
- c####.jq####.com
- c####.startap####.com
- choosey####.com
- cl####.mob####.net
- dts.startap####.com
- f####.gst####.com
- getbest####.com
- i####.st####.startap####.com
- i####.startap####.com
- im####.startap####.com
- imp.startap####.com
- infoe####.startap####.com
- mc.ya####.ru
- req.startap####.com
- ssl.gst####.com
- t1.mob####.net
- www.freeapp####.com
- www.go####.com
- www.go####.nl
- www.google-####.com
- www.gst####.com
- www.startap####.com
Запросы HTTP GET:
- choosey####.com/dating/rus/en/prtk/v2/2/?c=####&uclick=####
- choosey####.com/dating/rus/en/prtk/v2/2/check.png
- choosey####.com/dating/rus/en/prtk/v2/2/css/style-0.css
- choosey####.com/dating/rus/en/prtk/v2/2/css/style-1.css
- choosey####.com/dating/rus/en/prtk/v2/2/css/style-2.css
- choosey####.com/dating/rus/en/prtk/v2/2/img/img-3.jpg
- choosey####.com/dating/rus/en/prtk/v2/2/img/img-4.jpg
- choosey####.com/dating/rus/en/prtk/v2/2/img/img-5.jpg
- choosey####.com/dating/rus/en/prtk/v2/2/img/img-6.jpg
- choosey####.com/dating/rus/en/prtk/v2/2/loading.gif
- choosey####.com/dating/rus/en/prtk/v2/2/warning.png
- choosey####.com/dating/rus/en/prtk/v2/3/?c=####&uclick=####
- choosey####.com/dating/rus/en/prtk/v2/3/css/style-0.css
- choosey####.com/dating/rus/en/prtk/v2/3/css/style-1.css
- choosey####.com/dating/rus/en/prtk/v2/3/img/img-0.jpg
- choosey####.com/dating/rus/en/prtk/v2/3/js/script-0.js
- choosey####.com/dating/rus/en/prtk/v2/3/js/script-1.js
- choosey####.com/favicon.ico
- dsa.startap####.edg####.net/tracking/adClick?d=IAAAAAAgAAA6X1tPSEVHXlZYU...
- dsa.startap####.edg####.net/tracking/adImpression?d=####
- dsa.startap####.edg####.net/tracking/adImpression?d=IAAAA####
- dsa.startap####.edg####.net/tracking/adImpression?d=IAAAA####&position=#...
- getbest####.com/click.php?key=####&appid=####&creativeid=####&campid=###...
- getbest####.com/click.php?lp=####&catch-bot=####
- i####.st####.startap####.com/InApp/resources/info_ex_l.png
- i####.st####.startap####.com/InApp/resources/info_ex_s.png
- i####.st####.startap####.com/InApp/resources/info_l.png
- i####.st####.startap####.com/InApp/resources/info_s.png
- i####.st####.startap####.com/image/fetch/f_auto,q_80,w_230,h_230/http://...
- i####.st####.startap####.com/static/images/close-btn-infra.png
- i####.st####.startap####.com/styles/compressed/animate.min.20180925-0859...
- i####.st####.startap####.com/styles/compressed/fullpage_float_window_bli...
- infoeve####.startap####.com/tracking/infoEvent?productId=207949003&os=an...
- star####.edges####.net/1.4/getadsmetadata?productId=####&os=####&sdkVers...
- star####.edges####.net/1.4/gethtmlad?productId=####&os=####&sdkVersion=#...
- star####.edges####.net/1.4/trackdownload?productId=####&os=####&sdkVersi...
- star####.edges####.net/?app=####&sourceid=####
- star####.edges####.net/favicon.ico
- star####.edges####.net/static/images/top-apps/ribon.png
- star####.edges####.net/styles/top-apps/styles.css
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=10&utmn=2111160256&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=10&utmn=506922855&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=11&utmn=1853602256&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=11&utmn=279132997&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=12&utmn=1874864550&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=12&utmn=371008942&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=13&utmn=1614127351&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=13&utmn=2100802700&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=14&utmn=1812875525&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=14&utmn=1917592589&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=15&utmn=1492367796&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=15&utmn=240349951&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=16&utmn=1904069908&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=16&utmn=226724020&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=17&utmn=1617234726&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=17&utmn=1617859947&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=18&utmn=1640191470&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=18&utmn=1711067913&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=19&utmn=62979421&utmhn=ww...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=19&utmn=765949717&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=2&utmn=501385865&utmhn=ww...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=2&utmn=654009288&utmhn=ww...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=20&utmn=2318278&utmhn=www...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=20&utmn=537405711&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=21&utmn=278063378&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=21&utmn=953768630&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=22&utmn=1439996511&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=22&utmn=1903904491&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=23&utmn=1158293980&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=23&utmn=469577751&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=24&utmn=212931679&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=25&utmn=985845656&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=26&utmn=1635696711&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=27&utmn=62093600&utmhn=ww...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=28&utmn=1312441570&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=29&utmn=726217601&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=3&utmn=1896339865&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=3&utmn=195376236&utmhn=ww...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=30&utmn=1858605769&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=31&utmn=2006141926&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=32&utmn=1786548664&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=33&utmn=1569380242&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=34&utmn=587971698&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=35&utmn=2025073713&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=36&utmn=1217823054&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=37&utmn=2060914194&utmhn=...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=38&utmn=212556642&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=39&utmn=797176034&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=4&utmn=15999090&utmhn=www...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=4&utmn=2127494625&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=5&utmn=1184137656&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=5&utmn=517540628&utmhn=ww...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=6&utmn=1175597761&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=6&utmn=1521418775&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=7&utmn=176317855&utmhn=ww...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=7&utmn=841990216&utmhn=ww...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=8&utmn=1387904140&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=8&utmn=699186740&utmhn=ww...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=9&utmn=1024487656&utmhn=w...
- www.google-####.com/__utm.gif?utmwv=5.7.2&utms=9&utmn=1552980403&utmhn=w...
- www.google-####.com/ga.js
- www.google-####.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1556993387&utmhn...
- www.google-####.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1854557245&utmhn...
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.jg.ic
- /data/data/####/000.xml
- /data/data/####/154698.jar
- /data/data/####/1565317145
- /data/data/####/1777384550
- /data/data/####/23.xml
- /data/data/####/23356507059351895.xml
- /data/data/####/24356507059351895.xml
- /data/data/####/25356507059351895.xml
- /data/data/####/290887.jar
- /data/data/####/SHARED_FIREPHONESCREEN.xml
- /data/data/####/StartappMetadata
- /data/data/####/YMMsg.db-journal
- /data/data/####/_1410597251
- /data/data/####/com.startapp.android.publish.CookiePrefsFile.xml
- /data/data/####/com.startapp.android.publish.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/index
- /data/data/####/libjiagu-1227099733.so
- /data/data/####/qihoo_jiagu_crash_report.xml
- /data/data/####/shared_prefs_sdk_ad_prefs
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu-1227099733.so
Загружает динамические библиотеки:
- 0oijhy7nvcderty
- gdx
- libjiagu-1227099733
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
