Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.RemoteCode.337.origin
Сетевая активность:
Подключается к:
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) mkk.g####.xyz.####.cn:80
- TCP(HTTP/1.1) allc####.for####.q####.####.net:80
- TCP(HTTP/1.1) m51.g####.top:80
- TCP(HTTP/1.1) m51.g####.vip:80
- TCP(HTTP/1.1) 1####.186.245.72:80
- TCP(HTTP/1.1) chg.t####.xyz:80
- TCP(HTTP/1.1) ww1.dandanz####.top:80
- TCP(HTTP/1.1) api.t####.com:80
- TCP(TLS/1.0) allc####.for####.q####.####.net:443
- TCP(TLS/1.0) 64.2####.164.94:443
- TCP(TLS/1.0) googl####.g.doublec####.net:443
- TCP(TLS/1.0) and####.a####.go####.com:443
- TCP(TLS/1.0) gmscomp####.google####.com:443
- TCP(TLS/1.0) cdn.buymeac####.com:443
- TCP(TLS/1.0) i####.doub####.com.####.com:443
- TCP(TLS/1.0) rr6---s####.g####.com:443
- TCP(TLS/1.0) img1-do####.b0.a####.com:443
- TCP(TLS/1.0) d####.fl####.com:443
- TCP(TLS/1.0) i####.doub####.com.####.cn:443
- TCP(TLS/1.0) pla####.google####.com:443
- TCP(TLS/1.2) gmscomp####.google####.com:443
- TCP(TLS/1.2) 64.2####.164.94:443
- TCP v####.fz####.cn:8083
- TCP www.nai####.com:443
- TCP a####.baiba####.com:8899
- UDP j####.jianpia####.com:8003
- TCP www.dandanz####.top:443
- UDP j####.jianpia####.com:8000
- TCP api.t####.com:443
- TCP a####.rr.tv:443
Запросы DNS:
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 0####.co
- 00c.co.8.####.8
- 01m.co.8.####.8
- 02b.co.8.####.8
- 02h.co.8.####.8
- 03m.co.8.####.8
- 03o.co.8.####.8
- 03x.co.8.####.8
- 05f.co.8.####.8
- 06d.co.8.####.8
- 06t.co.8.####.8
- 07f.co.8.####.8
- 07k.co.8.####.8
- 08t.co.8.####.8
- 1####.co
- 1####.co
- 1####.co
- 1####.co
- 1####.co
- 1####.co
- 1####.co
- 1####.co
- 1####.co
- 1####.co
- 1####.co
- 1####.co
- 13r.co.8.####.8
- 14z.co.8.####.8
- 15l.co.8.####.8
- 15q.co.8.####.8
- 17h.co.8.####.8
- 2####.co
- 2####.co
- 2####.co
- 2####.co
- 2####.co
- 2####.co
- 2####.co
- 2####.co
- 2####.co
- 2####.co
- 2####.co
- 2####.co
- 20q.co.8.####.8
- 21o.co.8.####.8
- 22l.co.8.####.8
- 26v.co.8.####.8
- 26y.co.8.####.8
- 27u.co.8.####.8
- 27w.co.8.####.8
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 3####.co
- 30f.co.8.####.8
- 30h.co.8.####.8
- 30z.co.8.####.8
- 31p.co.8.####.8
- 34a.co.8.####.8
- 38n.co.8.####.8
- 38r.co.8.####.8
- 39q.co.8.####.8
- 4####.co
- 4####.co
- 4####.co
- 4####.co
- 4####.co
- 4####.co
- 4####.co
- 4####.co
- 4####.co
- 4####.co
- 4####.co
- 40m.co.8.####.8
- 41h.co.8.####.8
- 43d.co.8.####.8
- 43g.co.8.####.8
- 43y.co.8.####.8
- 45c.co.8.####.8
- 45l.co.8.####.8
- 5####.co
- 5####.co
- 5####.co
- 5####.co
- 5####.co
- 5####.co
- 5####.co
- 5####.co
- 5####.co
- 50y.co.8.####.8
- 56f.co.8.####.8
- 56r.co.8.####.8
- 56z.co.8.####.8
- 57g.co.8.####.8
- 57q.co.8.####.8
- 58p.co.8.####.8
- 58r.co.8.####.8
- 59x.co.8.####.8
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 6####.co
- 61c.co.8.####.8
- 61w.co.8.####.8
- 65b.co.8.####.8
- 65j.co.8.####.8
- 65u.co.8.####.8
- 67y.co.8.####.8
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 7####.co
- 72i.co.8.####.8
- 73j.co.8.####.8
- 73u.co.8.####.8
- 74n.co.8.####.8
- 74o.co.8.####.8
- 75u.co.8.####.8
- 76t.co.8.####.8
- 77r.co.8.####.8
- 78e.co.8.####.8
- 78n.co.8.####.8
- 79x.co.8.####.8
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 8####.co
- 80h.co.8.####.8
- 80i.co.8.####.8
- 80v.co.8.####.8
- 81s.co.8.####.8
- 82l.co.8.####.8
- 82n.co.8.####.8
- 83e.co.8.####.8
- 83u.co.8.####.8
- 84f.co.8.####.8
- 84i.co.8.####.8
- 84m.co.8.####.8
- 85i.co.8.####.8
- 85p.co.8.####.8
- 86s.co.8.####.8
- 86z.co.8.####.8
- 87k.co.8.####.8
- 89f.co.8.####.8
- 89j.co.8.####.8
- 89y.co.8.####.8
- 9####.co
- 9####.co
- 9####.co
- 9####.co
- 9####.co
- 9####.co
- 9####.co
- 9####.co
- 9####.co
- 9####.co
- 9####.co
- 90z.co.8.####.8
- 92p.co.8.####.8
- 93t.co.8.####.8
- 97z.co.8.####.8
- a####.baiba####.com
- a####.rr.tv
- and####.a####.go####.com
- and####.google####.com
- api.t####.com
- app.t####.com
- cdn.buymeac####.com
- chg.t####.xyz
- d####.fl####.com
- f####.gst####.com
- gmscomp####.google####.com
- googl####.g.doublec####.net
- i####.doub####.com
- i####.doub####.com
- i####.doub####.com
- i####.rr.tv
- j####.jianpia####.com
- m####.go####.com
- m51.g####.top
- m51.g####.vip
- mkk.g####.xyz
- p####.google####.com
- pla####.google####.com
- r.t####.com
- rr6---s####.g####.com
- sdk.z####.cn
- v####.fz####.cn
- ww1.dandanz####.top
- www.dandanz####.top
- www.nai####.com
Запросы HTTP GET:
- allc####.for####.q####.####.net/img/img/20220406/o_d033f03a79a348c481b61...
- allc####.for####.q####.####.net/img/img/20220601/o_c0bac8ff228c4cf7b99d9...
- allc####.for####.q####.####.net:443/ugc/20220520/o_b847666380b5445b82168...
- api.t####.com//chg.tubev.xyz/api.php/Index/getAppConfig
- api.t####.com//mkk.gotto.xyz/api.php/v1.user/appConfig?type=####
- api.t####.com/https://www.dandanzan10.top/
- cdn.buymeac####.com:443/uploads/gallery/1404419/2022-11-23/banner1122.pn...
- cdn.buymeac####.com:443/uploads/gallery/1404419/2023-01-08/_4.png
- cdn.buymeac####.com:443/uploads/gallery/1404419/2023-01-08/downloadcircu...
- cdn.buymeac####.com:443/uploads/gallery/1404419/2023-01-08/heart_1.png
- cdn.buymeac####.com:443/uploads/gallery/1404419/2023-01-08/messenger.png
- cdn.buymeac####.com:443/uploads/gallery/1404419/2023-01-08/share.png
- cdn.buymeac####.com:443/uploads/gallery/1404419/2023-01-08/viewfiles.png
- cdn.buymeac####.com:443/uploads/gallery/1404419/2023-01-08/world.png
- cdn.buymeac####.com:443/uploads/gallery/1404419/2023-01-11/link.png
- cdn.buymeac####.com:443/uploads/gallery/1404419/2023-04-03/followus.png
- chg.t####.xyz/api.php/Index/getAppConfig
- chg.t####.xyz/config.json
- i####.doub####.com.####.com:443/view/photo/l/public/p2888928674.webp
- i####.doub####.com.####.com:443/view/photo/l/public/p2891261995.webp
- img1-do####.b0.a####.com:443/view/photo/l/public/p2889089540.webp
- img1-do####.b0.a####.com:443/view/photo/l/public/p2890903780.webp
- img1-do####.b0.a####.com:443/view/photo/l/public/p2891659648.webp
- m51.g####.top/api.php/v1.user/appConfig?type=####
- m51.g####.vip/api.php/v1.user/appConfig?type=####
- mkk.g####.xyz.####.cn/api.php/v1.user/appConfig?type=####
- ww1.dandanz####.top/?subid1=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.YFlurrySenderIndex.info.AnalyticsData_BD3H8ZSV...3B_341
- /data/data/####/.YFlurrySenderIndex.info.StreamingMain
- /data/data/####/.jg.ac
- /data/data/####/.jg.ri
- /data/data/####/.jg.store.report_pid
- /data/data/####/.yflurrydatasenderblock.b17ff842-ab24-4514-82cf...efa75e
- /data/data/####/08313f6a7ae57ee3e0f6d4806cecb6bfb6516577738d1e5....0.tmp
- /data/data/####/229b152252aa94a4d599563612f80b2feaae1524302b645....0.tmp
- /data/data/####/229b152252aa94a4d599563612f80b2feaae1524302b645...06a9.0
- /data/data/####/26afc908f80f9fbdeb2b4dd2902e326684f0a0d693ab6bd....0.tmp
- /data/data/####/3098498b910c5fe3151f33f1ec105db577ebc6f0eb9890c....0.tmp
- /data/data/####/3098498b910c5fe3151f33f1ec105db577ebc6f0eb9890c...bdaf.0
- /data/data/####/37b5274d8e8e46c967395bcdedceb95b25970e73939016c....0.tmp
- /data/data/####/37b5274d8e8e46c967395bcdedceb95b25970e73939016c...02c9.0
- /data/data/####/3b50cace43575c2e33ff7b51195722a454b8d8c125d1788....0.tmp
- /data/data/####/4fe084ffea9b1915dcf1e5d2f71db0222d98a2e1b3cb22a....0.tmp
- /data/data/####/4fe084ffea9b1915dcf1e5d2f71db0222d98a2e1b3cb22a...e9e9.0
- /data/data/####/557e96750b13448015f7de9c0db7633d766bef292df3cc6....0.tmp
- /data/data/####/557e96750b13448015f7de9c0db7633d766bef292df3cc6...2d80.0
- /data/data/####/56159fcc313f873fc7344f86c8889a59a7f2b453931f781....0.tmp
- /data/data/####/71a31c64a14f4d6c34180a140ad44b5f7687aac3d30c243....0.tmp
- /data/data/####/7bf873590c2b46667b954f8c5a1289d0e59e93b0d85ae14...e58c.0
- /data/data/####/7ceef66f890b2d288bf825d4898b8899bc9e91e87c758d5....0.tmp
- /data/data/####/7ceef66f890b2d288bf825d4898b8899bc9e91e87c758d5...0f3d.0
- /data/data/####/80719f4e7ecb5fe3e0a95da5358c22f46e43d76e4d4513f....0.tmp
- /data/data/####/80719f4e7ecb5fe3e0a95da5358c22f46e43d76e4d4513f...b902.0
- /data/data/####/80abe8a371d43068d0bc7f22b94905dd422fa8b66f54469....0.tmp
- /data/data/####/80cc0617873d0ce4a312099ca55042235a7f114091fd649....0.tmp
- /data/data/####/80cc0617873d0ce4a312099ca55042235a7f114091fd649...aa6d.0
- /data/data/####/82345d122a2419de25217574485e8a21b286aecfc560a6a....0.tmp
- /data/data/####/878c0b0ff977232f20c37a0497632181a7edac0a7bd77f3....0.tmp
- /data/data/####/878c0b0ff977232f20c37a0497632181a7edac0a7bd77f3...bb6d.0
- /data/data/####/8eef3088d04cf7f56947aa08a217d4befb12c3770eb1aca....0.tmp
- /data/data/####/8eef3088d04cf7f56947aa08a217d4befb12c3770eb1aca...5c73.0
- /data/data/####/9379c39c97436b972bae23c85bfd8e198005cdd46e3ccf2....0.tmp
- /data/data/####/9379c39c97436b972bae23c85bfd8e198005cdd46e3ccf2...9247.0
- /data/data/####/9bb9be87973c56bad84a259d81787538f7a24756712d50e....0.tmp
- /data/data/####/9bb9be87973c56bad84a259d81787538f7a24756712d50e...d526.0
- /data/data/####/BflovdwlnjzS (deleted)
- /data/data/####/Cookies-journal
- /data/data/####/FLURRY_SHARED_PREFERENCES.xml
- /data/data/####/FLURRY_SHARED_PREFERENCES.xml.bak
- /data/data/####/MetaSteamDataSource.preferences_pb
- /data/data/####/MetaSteamDataSource.preferences_pb.tmp
- /data/data/####/Utils.xml
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/a64f6119d2ab04230d16e6593b7d9fed5ffbc416c0e8e4a....0.tmp
- /data/data/####/adb26bb2fa04c1d0_0
- /data/data/####/admob.xml
- /data/data/####/ae9ac77ddee60571dbaf573c540795fef460aa4931b8c9e....0.tmp
- /data/data/####/androidx.work.workdb-journal (deleted)
- /data/data/####/androidx.work.workdb.lck
- /data/data/####/b541ec48689c7371e780d45999ae5415d2ebf19588e9110....0.tmp
- /data/data/####/c09f6137f8f3c37a1610a7a8201e2866674c362dcdcc195....0.tmp
- /data/data/####/c09f6137f8f3c37a1610a7a8201e2866674c362dcdcc195...3f4c.0
- /data/data/####/c1cbd8a789d3d8198dafdec69c5ceff4acc5150fd32ce1c....0.tmp
- /data/data/####/c1cbd8a789d3d8198dafdec69c5ceff4acc5150fd32ce1c...625e.0
- /data/data/####/c4fb5c1211813040377883592581de97d74c6781d19bd54....0.tmp
- /data/data/####/c4fb5c1211813040377883592581de97d74c6781d19bd54...eef7.0
- /data/data/####/c6c1e7bafae7cc5d3a9c3fb6810435779ca8e62e2565f88....0.tmp
- /data/data/####/ce58ce755ba0dde9e637759ee9a5ab6d73d4638ddb01563....0.tmp
- /data/data/####/ceed1a6269fea56e226d1f7be503e7933ba99f31f260e18....0.tmp
- /data/data/####/ceed1a6269fea56e226d1f7be503e7933ba99f31f260e18...e85e.0
- /data/data/####/classes.dex
- /data/data/####/classes.dex;classes2.dex
- /data/data/####/classes.dex;classes3.dex
- /data/data/####/classes.dex;classes4.dex
- /data/data/####/com.google.android.gms.measurement.prefs.xml
- /data/data/####/com.google.android.gms.measurement.prefs.xml.bak
- /data/data/####/com.metasteam.cn_preferences.xml
- /data/data/####/completed-1684273136342
- /data/data/####/currentFile
- /data/data/####/d7d89bd3978e8650f9f842543164d127ce090e3d9c48ae6....0.tmp
- /data/data/####/d7d89bd3978e8650f9f842543164d127ce090e3d9c48ae6...78b5.0
- /data/data/####/d88ec57731311b6a17c71393f7b5f54381c1f7f3b6461ea....0.tmp
- /data/data/####/d88ec57731311b6a17c71393f7b5f54381c1f7f3b6461ea...133a.0
- /data/data/####/dc6cb7d5c1a2ea5c1edf80c1d30547f9af34a982961f816....0.tmp
- /data/data/####/dc6cb7d5c1a2ea5c1edf80c1d30547f9af34a982961f816...bcc5.0
- /data/data/####/dfc267a54707ccf195fb658584fdfb589f7776b866beeae....0.tmp
- /data/data/####/dfc267a54707ccf195fb658584fdfb589f7776b866beeae...0aa8.0
- /data/data/####/dfe6b2497a7513ba_0
- /data/data/####/e0b5b5b446ee03cdb432794ef0f10e18922f465ca11267f....0.tmp
- /data/data/####/f038e94cb33282ab_0
- /data/data/####/f15541f616d68d59a4e25812f0a1f611d36ab04bd80574a....0.tmp
- /data/data/####/f15541f616d68d59a4e25812f0a1f611d36ab04bd80574a...3d99.0
- /data/data/####/f5d17806186c6eb3741fecaa9df2fe2f9b8d97d6a78a908....0.tmp
- /data/data/####/f5d17806186c6eb3741fecaa9df2fe2f9b8d97d6a78a908...9919.0
- /data/data/####/google_app_measurement_local.db-journal
- /data/data/####/https_googleads.g.doubleclick.net_0.localstorage-journal
- /data/data/####/index
- /data/data/####/installationNum
- /data/data/####/journal
- /data/data/####/journal.tmp
- /data/data/####/libjiagu.so
- /data/data/####/meta.db-journal
- /data/data/####/metrics_guid
- /data/data/####/nlDCnbKzHVdU (deleted)
- /data/data/####/proc_auxv
- /data/data/####/profileinstaller_profileWrittenFor_lastUpdateTime.dat
- /data/data/####/temp-index
- /data/data/####/the-real-index
- /data/media/####/LocalDataExTexDBv1-journal (deleted)
- /data/media/####/jpaliData.cfg-journal
- /data/media/####/jpaliData.cfg-journal (deleted)
- /data/misc/####/primary.prof
Другие:
Загружает динамические библиотеки:
- libjiagu
- libp2p
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS7Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
- RSA-ECB-PKCS1Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Отрисовывает собственные окна поверх других приложений.
