Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.859.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) c3.res.m####.####.com:80
- TCP(HTTP/1.1) src.r####.com.####.com:80
- TCP(HTTP/1.1) 3####.tc.qq.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) api-t####.m####.com:80
- TCP(HTTP/1.1) 2####.195.1.254:8080
- TCP(HTTP/1.1) p####.tc.qq.com:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) c5.res.m####.com:80
- TCP(HTTP/1.1) sdk.c####.com:80
- TCP(HTTP/1.1) c.g####.qq.com:80
- TCP(HTTP/1.1) v.g####.qq.com:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(HTTP/1.1) c6.res.m####.####.com:80
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(SSL/3.0) s####.j####.cn:443
- TCP(TLS/1.0) s####.j####.cn:443
- UDP s.j####.cn:19000
- TCP 1####.121.49.103:7004
Запросы DNS:
- a####.u####.com
- api-t####.m####.com
- c.g####.qq.com
- c3.res.m####.com
- c5.res.m####.com
- c6.res.m####.com
- dd.m####.com
- imgc####.qq.com
- mi.g####.qq.com
- mt####.go####.com
- p####.ugd####.com
- pp.m####.com
- qp.yunanfu####.com
- qzones####.g####.cn
- s####.e.qq.com
- s####.j####.cn
- s.j####.cn
- sdk.c####.com
- src.r####.com
- v.g####.qq.com
Запросы HTTP GET:
- 3####.tc.qq.com/16891/A7A62CFAD0489F88B997C1D4DBC4EFD4.apk?fsname=####&_...
- 3####.tc.qq.com/dd.myapp.com/16891/A7A62CFAD0489F88B997C1D4DBC4EFD4.apk?...
- api-t####.m####.com/wallpapers/public/collection/detail/308?os=####&mzos...
- api-t####.m####.com/wallpapers/public/collection/detail/309?os=####&mzos...
- c.g####.qq.com/gdt_mclick.fcg?viewid=####&jtype=####&i=####&os=####&asi=...
- c.g####.qq.com/gdt_trace_a.fcg?actionid=####&targettype=####&tagetid=###...
- c3.res.m####.####.com/fileserver/wallpaper/1/15577a4f7deb4901a60d2ff33ff...
- c3.res.m####.####.com/fileserver/wallpaper/1/27075b6721644619bab842fdafe...
- c3.res.m####.####.com/fileserver/wallpaper/1/3638be9100a54b528344f64d058...
- c3.res.m####.####.com/fileserver/wallpaper/1/545119be07cf4a40909934c24f6...
- c3.res.m####.####.com/fileserver/wallpaper/1/e38613304a7545f2998f5c12a91...
- c3.res.m####.####.com/fileserver/wallpaper/353/807b4d24578442c78cce2c92b...
- c3.res.m####.####.com/fileserver/wallpaper/355/a6e4e60e58614bfe8ceafe4cb...
- c3.res.m####.####.com/fileserver/wallpaper/363/7f7338fa107c4423ac114bfef...
- c3.res.m####.####.com/fileserver/wallpaper/368/f39a66ce94c447728074efeed...
- c3.res.m####.####.com/fileserver/wallpaper/839/219303f60ce1464a89dec0f76...
- c3.res.m####.####.com/fileserver/wallpaper/839/24d4c1c1a81f4ef7a647d1c7d...
- c3.res.m####.####.com/fileserver/wallpaper/839/2d83907a43d64021a3349ba33...
- c3.res.m####.####.com/fileserver/wallpaper/839/35809a60ac33489c89782b2fa...
- c3.res.m####.####.com/fileserver/wallpaper/839/3e43e94ad6a640f8a02d4a5a9...
- c3.res.m####.####.com/fileserver/wallpaper/839/6964cecba0064b7086e926c22...
- c3.res.m####.####.com/fileserver/wallpaper/839/a1608a02403541b68d5c8aa10...
- c3.res.m####.####.com/fileserver/wallpaper/839/a4d1d224ae1f4648a8444532e...
- c3.res.m####.####.com/fileserver/wallpaper/839/bbefbf3ef7d441c5bca94ea22...
- c3.res.m####.####.com/fileserver/wallpaper/839/c97a4494629b4d239c1a98109...
- c3.res.m####.####.com/fileserver/wallpaper/839/f8fb31726a354a6caf24156ef...
- c3.res.m####.####.com/fileserver/wallpaper/839/fb43da2650d5446c9d80dc4cb...
- c5.res.m####.com/fileserver/operation/category/icon/1/5b01ce4116204192af...
- c5.res.m####.com/fileserver/wallpaper/1/3cf3ac5d733e4f678f91a2dc8ef77097...
- c5.res.m####.com/fileserver/wallpaper/1/ae26afbfb3c24068b064504e3331f101...
- c5.res.m####.com/fileserver/wallpaper/354/56329d88f4214e3f91ee6091c551cb...
- c5.res.m####.com/fileserver/wallpaper/839/87f09f0d557e4764be333986c6d054...
- c6.res.m####.####.com/fileserver/wallpaper/1/0c4cf6af2d364029a9fd9c0b2c5...
- c6.res.m####.####.com/fileserver/wallpaper/237/6566baaa27b1497289b000c3f...
- c6.res.m####.####.com/fileserver/wallpaper/361/e77186d7b1b34f62a8b3a00ab...
- c6.res.m####.####.com/fileserver/wallpaper/839/3214cf05e91043d49169c1102...
- c6.res.m####.####.com/fileserver/wallpaper/839/9bf8b76554724969a9a68265d...
- mi.g####.qq.com/gdt_mview.fcg?posw=####&posh=####&count=####&r=####&data...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.appcache
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.html
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/ad_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/banner_close_b...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg02.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg03.jpg
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg07.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/close02.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/close03.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/download_icon....
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/download_icon_...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/gdt_logo_black...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/icon-ad.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/sdk_bg.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tc-gdt-sdk-ope...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tsa_ad_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tsa_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/js-release/20170821/b...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/js/lib/require.js
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android02/images/tsa_ad_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
- s####.tc.qq.com/gdt/0/DAAk02LABIABIAAHBcfMCOA5R_krpd.jpg/0?ck=####
- s####.tc.qq.com/gdt/0/transformer_14743673431119961616_1551778418_80.jpg...
- s####.tc.qq.com/ma_icon/0/icon_42350811_1551776481/256
- src.r####.com.####.com/kubo/
- src.r####.com.####.com/kubo/dex/luomi10.249.dex
- src.r####.com.####.com/kubo/hongbao/hb6/chaishenye_1.png
- src.r####.com.####.com/kubo/hongbao/hb6/chaishenye_2.png
- src.r####.com.####.com/kubo/hongbao/hb7/hongbao1.png
- src.r####.com.####.com/kubo/hongbao/hb7/hongbao2.png
- src.r####.com.####.com/kubo/hongbao/hb8/hongbao1.png
- src.r####.com.####.com/kubo/hongbao/hb8/hongbao2.png
- src.r####.com.####.com/kubo/hongbao/hb8/hongbao3.png
- src.r####.com.####.com/kubo/hongbao/hb8/hongbao4.png
- v.g####.qq.com/gdt_stats.fcg?viewid=####&i=####&os=####&xp=####&gap=####
Запросы HTTP POST:
- a####.u####.com/app_logs
- s####.e.qq.com/activate
- s####.e.qq.com/click
- s####.e.qq.com/msg
- sdk.c####.com/versiontapi.php?v=####&type=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/1b489aa1e7eee17d1cfcb01248ea37f2a7fd76115b946ab....0.tmp
- /data/data/####/1fb4568607f2b4b67855b92ce4e5c1b9c07348d0be007d5....0.tmp
- /data/data/####/2c642e4d6b7068c9ea98e50419aa75214d5f97f896f2031....0.tmp
- /data/data/####/2cdf445cb62d0365f34421f9d04efcc35b9a879315ad8f9....0.tmp
- /data/data/####/3c5c4622437678c5c1bff4642674bef1f361c296d3c63de....0.tmp
- /data/data/####/44be3c82dee8395e61285bf8e431a959d8635d9e809c81b....0.tmp
- /data/data/####/4796cb4fe70c5a59ec87b38f0d14d6728fd8ccc6cd62c3c....0.tmp
- /data/data/####/50888aeebe225239af1da55848eb073986e9f3e810496e3....0.tmp
- /data/data/####/51768093c78e7e0e2e7a9c40a0bdd7d492ceffae9a55049....0.tmp
- /data/data/####/52ab2197073b05238662434005ac383a80013ff55a6f7a1....0.tmp
- /data/data/####/52aedf419a20b1c24fcd6b4238421385d253af10ad34078....0.tmp
- /data/data/####/5d71c3c253aeffea5ff22522cb800d60bdaa28d535b472b....0.tmp
- /data/data/####/5ead7c1916e321af3ee0d7d6aa595238.temp
- /data/data/####/60bc7ef9dc75b4bf5c25dd22db0d60647be7d961477a494....0.tmp
- /data/data/####/610f5995414fddb9212d298035ce1bd7a17a92988f75c79....0.tmp
- /data/data/####/86336bf3c223d00672c2e611c34e6140814fdb33c15d018....0.tmp
- /data/data/####/8be07452bdf0999a1aaeab2a3f90c800887ae24befd83de....0.tmp
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/DownloadTaskStore.db-journal
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/a8d38b495dfdd040a3acf965751a0a7277fe4a6773d7e59....0.tmp
- /data/data/####/ac32b68e0f09e848c0cfaf41f1bc43b5c0b4c6b3b27f2e6....0.tmp
- /data/data/####/aec2f3d8f9687882802e3c30ce1bbdce99d6be79bc89e3b....0.tmp
- /data/data/####/appPackageNames
- /data/data/####/c59d1a3d267a1a96f31b6f8d899371729c722eb6b0add27....0.tmp
- /data/data/####/c5f78022bacd4e95168a83f681a7b0bd1a8a296865c182c....0.tmp
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/cn.jpush.android.user.profile.xml
- /data/data/####/cn.jpush.preferences.v2.xml
- /data/data/####/cn.jpush.preferences.v2.xml.bak
- /data/data/####/d1328178bcc35fa17cea81c40456535109df7d07e4e8ecb....0.tmp
- /data/data/####/d45d6d0249201693a9a8af784cc1ba37d9871d9c31d0e95....0.tmp
- /data/data/####/d933f570a7cde093598f3a313088bab7c4c68481e0b22c4....0.tmp
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dc653fc077a9323d96287e1a5ebb4947b6cc519d29d4042....0.tmp
- /data/data/####/de9ab48b82355bc67ccb3b73d2a4e1e6ff85e3d20449f8e....0.tmp
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/dianrui_cache.xml
- /data/data/####/e2aa7b2af43dff3dc262957b7979994d.temp
- /data/data/####/e5135e687c1337d32c243bd0d7cc36a9febf0d93273234c....0.tmp
- /data/data/####/e94580b30fc1f44823acfdc489db06cb72181c58f67ebfe....0.tmp
- /data/data/####/e98c6c47a60c69f9118c6d274f032c7fa0036c1e1de46c7....0.tmp
- /data/data/####/ef843456b5dc6e56eda206036dcd9f1724a37c7ce383f91....0.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f2052201506be1c5eaf646927c732d6e1648b18911079df....0.tmp
- /data/data/####/f78ccd3b2624af7a851859cfc10299eead7d7bb0e422e91....0.tmp
- /data/data/####/f9f0b4db08ba46100ba86ecfb139be69c4970c015f1d7a0....0.tmp
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/ffb95ac6e1fe10d030532411a29a7e8f99940397fee96f7....0.tmp
- /data/data/####/ffbb6fa6dfffdef6daf7f0a00b0a14eb3c1f3ae83f3b3ce....0.tmp
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_plugin.tmp.sig
- /data/data/####/gdt_suid
- /data/data/####/index
- /data/data/####/jg_so_upgrade_setting.xml
- /data/data/####/journal.tmp
- /data/data/####/jpush_device_info.xml
- /data/data/####/jpush_local_notification.db
- /data/data/####/jpush_local_notification.db-journal
- /data/data/####/jpush_stat_cache_history.json
- /data/data/####/jpush_statistics.db
- /data/data/####/jpush_statistics.db-journal
- /data/data/####/libjiagu.so
- /data/data/####/luomi261.dex
- /data/data/####/luomi_cache.xml
- /data/data/####/luomi_dex_ok_ok.dex
- /data/data/####/news-journal
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/update_lc
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/.push_deviceid
- /data/media/####/2a1029a7653afd47298ab05dd3c0291a
- /data/media/####/chaishenye_1.png
- /data/media/####/chaishenye_2.png
- /data/media/####/com.ss.android.ugc.aweme.apk_0
- /data/media/####/hongbao1.png
- /data/media/####/hongbao2.png
- /data/media/####/hongbao3.png
- /data/media/####/hongbao4.png
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Загружает динамические библиотеки:
- jpush220
- libjiagu
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-ECB-PKCS7Padding
- RSA-ECB-PKCS1Padding
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
