Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Ninebox.4.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) dc.l####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) st####.app.m.####.com:80
- TCP(HTTP/1.1) d####.g5.le####.com:80
- TCP(HTTP/1.1) p.nin####.cn:80
- TCP(HTTP/1.1) u####.v.tr####.net:80
- TCP(HTTP/1.1) i2.let####.com.####.com:80
- TCP(HTTP/1.1) d####.fl####.com:80
- TCP(HTTP/1.1) img.nin####.cn:80
- TCP(HTTP/1.1) 1####.171.140.85:80
- TCP(HTTP/1.1) s.nin####.cn:80
- TCP(TLS/1.0) 1####.217.17.142:443
- TCP(TLS/1.0) ssl.gst####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) www.gst####.com:443
Запросы DNS:
- a####.u####.com
- c.nin####.cn
- d####.fl####.com
- dc.l####.com
- dyn####.app.m.####.com
- dyn####.m####.app.####.com
- dyn####.pay.app.####.com
- i0.let####.com
- i1.let####.com
- i2.let####.com
- i3.let####.com
- img.nin####.cn
- mi.ny####.com
- msg.m.l####.com
- p.nin####.cn
- s.nin####.cn
- ssl.gst####.com
- st####.app.m.####.com
- st####.m####.app.####.com
- www.go####.com
- www.gst####.com
Запросы HTTP GET:
- d####.g5.le####.com/android/dynamic.php?mmsid=####&playid=####&tss=####&...
- d####.g5.le####.com/android/dynamic.php?mod=####&ctl=####&act=####&id=##...
- d####.g5.le####.com/android/dynamic.php?mod=####&ctl=####&act=####&osver...
- dc.l####.com/m/l?and####&4####&01041####&3####&<System####&<System####&0...
- dc.l####.com/m/p?w####&-####&2####&1000189####&-}pcode####&-####&1####&-...
- i2.let####.com.####.com/cms/201410/28/ed3c47d99d1a4e1194ed2370ff604315.jpg
- i2.let####.com.####.com/cms/201501/22/a90af79384224e14afaec4216ad25b7f.jpg
- i2.let####.com.####.com/cms/201501/22/d05457aac4fa4f549d2fc3c70dbcd2ff.jpg
- i2.let####.com.####.com/cms/201501/23/ec7e3211e9e64f0ab39697022f5ff32c.jpg
- i2.let####.com.####.com/lc01_iscms/201501/29/00/40/cb9867af2f8443178ab36...
- i2.let####.com.####.com/lc01_iscms/201507/20/02/13/69610ad3b2de469380a15...
- i2.let####.com.####.com/lc01_iscms/201507/27/00/22/ab4a512eae21475f9a1fc...
- i2.let####.com.####.com/lc01_isvrs/201503/01/21/24/c7f896b3-d57d-4b8b-b3...
- i2.let####.com.####.com/lc01_isvrs/201503/03/18/10/aab3f61d-b5fd-46ea-ae...
- i2.let####.com.####.com/lc01_isvrs/201503/08/21/16/80b2d6cd-81a6-48af-a6...
- i2.let####.com.####.com/lc01_isvrs/201503/09/00/00/aa5dcc72-4df0-4143-a6...
- i2.let####.com.####.com/lc01_isvrs/201503/13/09/06/38ed944e-a7a5-4fcd-90...
- i2.let####.com.####.com/lc01_isvrs/201504/13/09/33/e2c6b315-78ec-4334-bb...
- i2.let####.com.####.com/lc01_isvrs/201510/10/22/00/3b0748c4-ce0e-4315-b6...
- i2.let####.com.####.com/lc01_isvrs/201510/31/08/50/f05ca640-a9ce-4ff5-bc...
- i2.let####.com.####.com/lc01_isvrs/201511/14/23/02/0f1dc2a4-85ff-43fc-88...
- i2.let####.com.####.com/lc02_iscms/201505/22/11/48/383a4e8e86dd4ea093c83...
- i2.let####.com.####.com/lc02_iscms/201506/25/22/36/9d28b595f5064e978c7d8...
- i2.let####.com.####.com/lc02_isvrs/201503/03/18/13/de810c8d-118b-4271-b3...
- i2.let####.com.####.com/lc02_isvrs/201509/07/11/44/ed9399aa-6b68-447b-80...
- i2.let####.com.####.com/lc02_isvrs/201509/26/00/08/11ac6ae4-ed6b-412c-b1...
- i2.let####.com.####.com/lc02_isvrs/201509/26/00/56/b4397c11-9527-48dc-bc...
- i2.let####.com.####.com/lc02_isvrs/201509/27/02/43/830e287f-884c-4b8f-8c...
- i2.let####.com.####.com/lc02_isvrs/201510/24/23/18/56546bb8-5243-4464-b5...
- i2.let####.com.####.com/lc02_isvrs/201511/14/23/43/e0b80c5e-4a2d-4e11-99...
- i2.let####.com.####.com/lc02_isvrs/201512/07/09/09/e6c4a726-a1c5-403a-b4...
- i2.let####.com.####.com/lc02_isvrs/201512/15/15/27/20f7eaf0-ab95-4124-9a...
- i2.let####.com.####.com/lc03_iscms/201503/31/14/15/93d8042022114ab0a0e00...
- i2.let####.com.####.com/lc03_iscms/201505/08/17/48/ef39ed7f66ee4d0fb2707...
- i2.let####.com.####.com/lc03_iscms/201505/14/16/28/18e15c8192d34ef8a5473...
- i2.let####.com.####.com/lc03_iscms/201505/18/11/53/e0cf07121f81467d92da1...
- i2.let####.com.####.com/lc03_iscms/201505/22/11/49/6fccf50a79f74defb9d84...
- i2.let####.com.####.com/lc03_isvrs/201503/22/22/12/ad50b85e-d294-4fb6-ae...
- i2.let####.com.####.com/lc03_isvrs/201503/29/21/31/0c54cfaa-9c22-4a60-af...
- i2.let####.com.####.com/lc03_isvrs/201504/05/22/39/c7418e66-19f6-4eee-b4...
- i2.let####.com.####.com/lc03_isvrs/201504/20/00/12/074529d4-b153-45c9-ba...
- i2.let####.com.####.com/lc03_isvrs/201504/26/22/17/d8a39582-781a-42dd-ac...
- i2.let####.com.####.com/lc03_isvrs/201505/03/20/57/822e3ed7-bd75-4891-aa...
- i2.let####.com.####.com/lc03_isvrs/201505/07/08/47/45c48803-77c1-406f-ac...
- i2.let####.com.####.com/lc03_isvrs/201505/10/21/32/695aff7f-afb0-4e97-95...
- i2.let####.com.####.com/lc03_isvrs/201505/17/23/39/e3aaad46-1077-4527-a0...
- i2.let####.com.####.com/lc03_isvrs/201507/10/14/37/9fa8f309-e39a-4b2c-87...
- i2.let####.com.####.com/lc03_isvrs/201507/27/02/41/5683d325-66ac-4711-99...
- i2.let####.com.####.com/lc03_isvrs/201509/25/21/53/af6ce5e2-9446-4d77-be...
- i2.let####.com.####.com/lc03_isvrs/201510/24/23/08/08c1f018-7fe1-42ca-a5...
- i2.let####.com.####.com/lc03_isvrs/201511/02/09/40/80ca36f9-f34e-4260-ba...
- i2.let####.com.####.com/lc03_isvrs/201511/14/19/09/e1189039-454b-4573-ba...
- i2.let####.com.####.com/lc03_isvrs/201511/26/09/15/2e38f0d6-f828-4318-9f...
- i2.let####.com.####.com/lc03_isvrs/201601/01/23/15/95bc767c-0574-4dce-9a...
- i2.let####.com.####.com/phone/201412/29/201412291017252056.jpg
- i2.let####.com.####.com/vrs/201402/19/151605bed3244e938fe7eb7951601642.jpg
- i2.let####.com.####.com/vrs/201407/31/7c800051-7ab4-4a64-816e-1ded42d745...
- i2.let####.com.####.com/vrs/201409/02/4411bee5-c03e-4604-8e8c-494d5262c6...
- i2.let####.com.####.com/vrs/201412/03/1a31a06b-3404-4610-8ead-3edb0728b6...
- i2.let####.com.####.com/vrs/201412/03/8af53ac8-d56f-49d3-a936-86d2b83ede...
- i2.let####.com.####.com/vrs/201412/17/e691408a-8eae-4ad5-8a94-270e064a2c...
- i2.let####.com.####.com/vrs/201412/31/2d97e218-6a20-4add-aaa2-b88cfc8f07...
- img.nin####.cn/dat/b/1.0.5/12.dat
- img.nin####.cn/dat/p/2.1.6/12.dat
- st####.app.m.####.com/android/mod/mob/ctl/padhome/act/index/markid/0/pco...
- st####.app.m.####.com/android/mod/mob/ctl/videolist/act/detail/id/100018...
- st####.app.m.####.com/android/mod/mob/ctl/videolist/act/detail/id/93325/...
- u####.v.tr####.net/android/mod/mob/ctl/album/act/detail/id/10001894/pcod...
- u####.v.tr####.net/android/mod/mob/ctl/album/act/detail/id/93325/pcode/0...
- u####.v.tr####.net/android/mod/mob/ctl/video/act/detail/id/21526923/pcod...
- u####.v.tr####.net/android/mod/mob/ctl/video/act/detail/id/23134916/pcod...
- u####.v.tr####.net/android/mod/mob/ctl/video/act/detail/id/23637713/pcod...
- u####.v.tr####.net/android/mod/mob/ctl/video/act/detail/id/23892020/pcod...
- u####.v.tr####.net/android/mod/mob/ctl/video/act/detail/id/24078070/pcod...
- u####.v.tr####.net/android/mod/mob/ctl/video/act/detail/id/24149387/pcod...
- u####.v.tr####.net/download/sci/10.png
Запросы HTTP POST:
- a####.u####.com/app_logs
- d####.fl####.com/aap.do
- p.nin####.cn/admin/bcp.action?requestId=####
- p.nin####.cn/admin/nbad.action
- s.nin####.cn/admin/sc.action?requestId=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.flurryagent.-7f3597e0
- /data/data/####/1.jar
- /data/data/####/13.jar
- /data/data/####/14.jar
- /data/data/####/15.jar
- /data/data/####/2.jar
- /data/data/####/LocationType.xml
- /data/data/####/box_cp_states.xml
- /data/data/####/boxcpdownloads
- /data/data/####/boxcpdownloads-journal
- /data/data/####/dij.xml
- /data/data/####/dim.xml
- /data/data/####/j-id.xml
- /data/data/####/letvpadvideo.db-journal
- /data/data/####/mid.xml
- /data/data/####/mobclick_agent_header_com.android.letv.client.pad.xml
- /data/data/####/mobclick_agent_state_com.android.letv.client.pad.xml
- /data/data/####/pdown
- /data/data/####/pdown-journal
- /data/data/####/push.xml
- /data/data/####/rp.xml
- /data/data/####/rs.xml
- /data/data/####/running_app_name.xml
- /data/data/####/short_create.xml
- /data/data/####/shortoutnamesha.xml
- /data/data/####/type.xml
- /data/data/####/vs.xml
- /data/data/####/xy.xml
- /data/media/####/-1533596943
- /data/media/####/-1558929388
- /data/media/####/-175002869
- /data/media/####/-1762233940
- /data/media/####/-181218522
- /data/media/####/-1812957405
- /data/media/####/-1839736028
- /data/media/####/-1951645950
- /data/media/####/-297625473
- /data/media/####/-302288799
- /data/media/####/-333589343
- /data/media/####/-424118659
- /data/media/####/-524730843
- /data/media/####/-531199092
- /data/media/####/-572697087
- /data/media/####/-658437880
- /data/media/####/-676644791
- /data/media/####/.nomedia
- /data/media/####/1.dat
- /data/media/####/1021004926
- /data/media/####/12.dat
- /data/media/####/1538096362
- /data/media/####/1584575653
- /data/media/####/1610699950
- /data/media/####/1637852015
- /data/media/####/1986641060
- /data/media/####/2.dat
- /data/media/####/2002458876
- /data/media/####/201412291017252056jpg
- /data/media/####/2064214844
- /data/media/####/2088795326
- /data/media/####/2123107747
- /data/media/####/3.dat
- /data/media/####/323541913
- /data/media/####/4238734
- /data/media/####/484472563
- /data/media/####/506251665
- /data/media/####/7.dat
- /data/media/####/709602132
- /data/media/####/800456873
- /data/media/####/856278639
- /data/media/####/864411168
- /data/media/####/955444617
- /data/media/####/MID.DAT
- /data/media/####/com.android.letv.client.pad.png
- /data/media/####/d.dat
- /data/media/####/homedata
- /data/media/####/names.dat
- /data/media/####/share.dat
- /data/media/####/st.dat
Другие:
Запускает следующие shell-скрипты:
- cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
Использует следующие алгоритмы для шифрования данных:
- DES
Использует следующие алгоритмы для расшифровки данных:
- DES
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
