Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.SpyMax.15.origin
- Android.SpyMax.16
- Android.SpyMax.17
- Android.SpyMax.19
- Android.SpyMax.20
- Android.SpyMax.21
- Android.SpyMax.22
- Android.SpyMax.23
- Android.SpyMax.24
Сетевая активность:
Подключается к:
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) s####.jee####.cn:80
- TCP(HTTP/1.1) astatic####.cos.ap-che####.####.com:80
- TCP(HTTP/1.1) aox####.cn:80
- TCP(TLS/1.0) rr9---s####.g####.com:443
- TCP(TLS/1.0) and####.a####.go####.com:443
- TCP(TLS/1.0) md####.google####.com:443
- TCP(TLS/1.2) 64.2####.164.94:443
- TCP(TLS/1.2) 64.2####.161.102:443
- UDP md####.google####.com:443
- TCP 1####.233.199.2:27772
Запросы DNS:
- 2.199.233.####.arpa
- and####.a####.go####.com
- aox####.cn
- astatic####.cos.ap-che####.####.com
- md####.google####.com
- q####.store
- rr9---s####.g####.com
- s####.jee####.cn
Запросы HTTP GET:
- aox####.cn/a/601186
- aox####.cn/app/a?code=####&userKey=####
- aox####.cn/app/clipdata?a=####&u=####&p=####&k=####
- aox####.cn/app/getClipType
- aox####.cn/app/home?60####&userKey=####&t=####
- aox####.cn/favicon.ico
- astatic####.cos.ap-che####.####.com/css/bootstrap.min.css
- astatic####.cos.ap-che####.####.com/css/font-awesome.min.css
- astatic####.cos.ap-che####.####.com/fonts/fontawesome-webfont.woff2?v=####
- astatic####.cos.ap-che####.####.com/img/loading2.gif
- astatic####.cos.ap-che####.####.com/img/user_avatar.png
- astatic####.cos.ap-che####.####.com/js/base64fast.js
- astatic####.cos.ap-che####.####.com/js/bootstrap.min.js
- astatic####.cos.ap-che####.####.com/js/jquery.esn.autobrowse.js
- astatic####.cos.ap-che####.####.com/js/jquery.min.js
- astatic####.cos.ap-che####.####.com/js/jquery.qrcode.min.js
- astatic####.cos.ap-che####.####.com/js/jstorage.js
- s####.jee####.cn/20211217/BYdJaPSl/1.gpj
- s####.jee####.cn/20211218/9k9xAIGt/1.gpj
- s####.jee####.cn/20211218/C2WySmqL/1.gpj
- s####.jee####.cn/20211218/eZaxyJ0f/1.gpj
- s####.jee####.cn/20211218/rBSW6SrS/1.gpj
- s####.jee####.cn/20211219/S6FHcDej/1.gpj
- s####.jee####.cn/20211220/1xLplAvV/1.gpj
- s####.jee####.cn/20211220/d4pjx54l/1.gpj
- s####.jee####.cn/20211221/TdYsO39z/1.gpj
- s####.jee####.cn/20211222/4IBH2w1R/1.gpj
- s####.jee####.cn/20211222/Xg27IlXH/1.gpj
- s####.jee####.cn/20211223/djQq79AF/1.gpj
- s####.jee####.cn/20211224/D7XHXsGD/1.gpj
- s####.jee####.cn/20211225/EpfqvZ0V/1.gpj
- s####.jee####.cn/20211230/yFbrZ6yp/1.gpj
- s####.jee####.cn/20220105/Ec4C7uf9/1.gpj
- s####.jee####.cn/20220110/e9WetOj3/1.gpj
- s####.jee####.cn/20220111/EgstBll2/1.gpj
- s####.jee####.cn/20220111/ewNlBgWg/1.gpj
- s####.jee####.cn/20220115/4sNM3E7w/1.gpj
- s####.jee####.cn/20220116/1ouPqqUG/1.gpj
- s####.jee####.cn/20220116/827ZjTrS/1.gpj
- s####.jee####.cn/20220130/dXkxmJso/1.gpj
- s####.jee####.cn/20220130/sgzBB4zK/1.gpj
- s####.jee####.cn/20220216/CfmLDHzw/1.gpj
- s####.jee####.cn/20220216/ndhUiO3C/1.gpj
- s####.jee####.cn/20220216/oS1kaqTS/1.gpj
- s####.jee####.cn/20220218/adKR7XVx/1.gpj
- s####.jee####.cn/20220218/lsuZflgd/1.gpj
- s####.jee####.cn/20220219/MIfc3lFH/1.gpj
- s####.jee####.cn/20220219/zj5wA0St/1.gpj
- s####.jee####.cn/20220222/aaSE2iVQ/1.gpj
- s####.jee####.cn/20220225/GrJA2CTr/1.gpj
- s####.jee####.cn/20220225/Pr73tf8v/1.gpj
- s####.jee####.cn/20220225/V1A2RLcM/1.gpj
- s####.jee####.cn/20220225/YJ26K4Kv/1.gpj
- s####.jee####.cn/20220225/bVwowbaX/1.gpj
- s####.jee####.cn/20220227/UIUBjXhD/1.gpj
- s####.jee####.cn/20220227/lxnaDWpr/1.gpj
- s####.jee####.cn/20220509/UR2IfRw3/1.gpj
- s####.jee####.cn/v5/1GSkUAH8/1.gpj
- s####.jee####.cn/v5/20220825/x6KYRqHH/1.gpj
- s####.jee####.cn/v5/20220826/BYM8SgFG/1.gpj
- s####.jee####.cn/v5/20220828/gMVZG4ir/1.gpj
- s####.jee####.cn/v5/20220830/UK6jX0dH/1.gpj
- s####.jee####.cn/v5/20220928/bcTUBcbV/1.gpj
- s####.jee####.cn/v5/20221005/SC7vG1g6/1.gpj
- s####.jee####.cn/v5/20221009/6fzXXlEI/1.gpj
- s####.jee####.cn/v5/20221009/ZjfN0Eux/1.gpj
- s####.jee####.cn/v5/20221009/apUWFvaK/1.gpj
- s####.jee####.cn/v5/20221014/hvHt5SLm/1.gpj
- s####.jee####.cn/v5/2HmoubZy/1.gpj
- s####.jee####.cn/v5/83KkEeTc/1.gpj
- s####.jee####.cn/v5/CJTXGeA8/1.gpj
- s####.jee####.cn/v5/EMS0U268/1.gpj
- s####.jee####.cn/v5/Jm5FFPnC/1.gpj
- s####.jee####.cn/v5/KV0O6Vhb/1.gpj
- s####.jee####.cn/v5/Vr3CQxS0/1.gpj
- s####.jee####.cn/v5/WdLYuZ3M/1.gpj
- s####.jee####.cn/v5/aVClMTk9/1.gpj
- s####.jee####.cn/v5/duC7am4B/1.gpj
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/068b8ee4b6bf4348_0
- /data/data/####/06da8f9a147d9558_0
- /data/data/####/0b4a13ade0d0f2be_0
- /data/data/####/0c566a6b473251a2_0
- /data/data/####/0cf7918f56f9fa84_0
- /data/data/####/10579ed6f7b5de19_0
- /data/data/####/115f42040037e3c6_0
- /data/data/####/1aa98c56f2890e6f_0
- /data/data/####/1bbf59e37d63a4cc_0
- /data/data/####/213e00148aac1875_0
- /data/data/####/2621ef17af4180ea_0
- /data/data/####/2621ef17af4180ea_1
- /data/data/####/28433fc122feb37e_0
- /data/data/####/2a330b93072900f9_0
- /data/data/####/2ce286184fbc3e7d_0
- /data/data/####/2d1cd2860c7f9706_0
- /data/data/####/306a3796aeb1ae5d_0
- /data/data/####/30fee580c90acff1_0
- /data/data/####/3190ed2471e085b3_0
- /data/data/####/3615781f98356851_0
- /data/data/####/3e38820c9880fc89_0
- /data/data/####/3feb3ae822408d8a_0
- /data/data/####/4227f995fb09e208_0
- /data/data/####/4227f995fb09e208_1
- /data/data/####/430f3294bf19b721_0
- /data/data/####/430f3294bf19b721_1
- /data/data/####/445faa19c2b944ed_0
- /data/data/####/44e78c385da5eacf_0
- /data/data/####/4523fa753200ead8_0
- /data/data/####/46ad576ddeed5eb2_0
- /data/data/####/4adc1580a3e9df98_0
- /data/data/####/4edac9c2b1ac5932_0
- /data/data/####/4edac9c2b1ac5932_1
- /data/data/####/5547caa5e1c285b3_0
- /data/data/####/5f5dac81d94c2038_0
- /data/data/####/641c53962f9e94f7_0
- /data/data/####/6a423592cf16600b_0
- /data/data/####/6af82c28fbc6aecb_0
- /data/data/####/7053a29614752227_0
- /data/data/####/7053a29614752227_1
- /data/data/####/7575f4c0e0ab481f_0
- /data/data/####/7628c1f79f7e6cd1_0
- /data/data/####/7955bb1ddef1b52d_0
- /data/data/####/796472d467d10570_0
- /data/data/####/79a3a0d75c3536f6_0
- /data/data/####/7bacb017d901665f_0
- /data/data/####/7bf0f606758324c2_0
- /data/data/####/831b4adee880913a_0
- /data/data/####/84cbfa952f2980d7_0
- /data/data/####/85f0c1d6509819d0_0
- /data/data/####/85f0c1d6509819d0_1
- /data/data/####/8be6b39cc0fc9dc5_0
- /data/data/####/8e19d380d06600b0_0
- /data/data/####/8e96397fae81786b_0
- /data/data/####/90464f32f5310cd1_0
- /data/data/####/Cookies-journal
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/ae6122a6fdd5979d_0
- /data/data/####/bb299648a835dc4e_0
- /data/data/####/c0b7913d18b1f9f4_0
- /data/data/####/c2061c729b1fb8e5_0
- /data/data/####/c5ef8dad1b5ea4a5_0
- /data/data/####/c6e3e410f8c07f06_0
- /data/data/####/ce32cfe6606d8038_0
- /data/data/####/com.sys.apemxx1.xml
- /data/data/####/com.sys.apemxx1_preferences.xml
- /data/data/####/d0e8f656d153056b_0
- /data/data/####/d149d7f3615af76a_0
- /data/data/####/d53f1793c4bdf79a_0
- /data/data/####/dd4d315ab3814c79_0
- /data/data/####/dec10447eec626c3_0
- /data/data/####/df7a8e6ad2a5be69_0
- /data/data/####/e19335b910b036ad_0
- /data/data/####/e4447b5f0eda26bc_0
- /data/data/####/e68947cbf0f173c4_0
- /data/data/####/e79285f7a152cab5_0
- /data/data/####/e9c17c337ec49a2e_0
- /data/data/####/ec3867f3c1971e02_0
- /data/data/####/ed2c9eb9cd7ef6b8_0
- /data/data/####/edebdb0c24adcab5_0
- /data/data/####/ee7ced1fa1695f0b_0
- /data/data/####/f2d52542a131738e_0
- /data/data/####/f4153e6fd7db83e4_0
- /data/data/####/f7fd290b872d9bd7_0
- /data/data/####/f89d9e70506f0659_0
- /data/data/####/f9a82a52407ba155_0
- /data/data/####/fe27413dff48aeba_0
- /data/data/####/ff65c389db313027_0
- /data/data/####/http_qp29.store_0.localstorage-journal
- /data/data/####/index
- /data/data/####/metrics_guid
- /data/data/####/sysinfo0.dex
- /data/data/####/sysinfo0.dex.flock (deleted)
- /data/data/####/sysinfo1.dex
- /data/data/####/sysinfo1.dex.flock (deleted)
- /data/data/####/sysinfo2.dex
- /data/data/####/sysinfo2.dex.flock (deleted)
- /data/data/####/sysinfo3.dex
- /data/data/####/sysinfo3.dex.flock (deleted)
- /data/data/####/sysinfo4.dex
- /data/data/####/sysinfo4.dex.flock (deleted)
- /data/data/####/sysinfo5.dex
- /data/data/####/sysinfo5.dex.flock (deleted)
- /data/data/####/sysinfo6.dex
- /data/data/####/sysinfo6.dex.flock (deleted)
- /data/data/####/sysinfo7.dex
- /data/data/####/sysinfo7.dex.flock (deleted)
- /data/data/####/temp-index
- /data/data/####/the-real-index
- /data/media/####/kvm.dat
- /data/media/####/log-2023-07-04.txt
- /data/media/####/sysinfo0
- /data/media/####/sysinfo1
- /data/media/####/sysinfo2
- /data/media/####/sysinfo3
- /data/media/####/sysinfo4
- /data/media/####/sysinfo5
- /data/media/####/sysinfo6
- /data/media/####/sysinfo7
Другие:
Запускает следующие shell-скрипты:
- getprop ro.product.cpu.abi
Загружает динамические библиотеки:
- libluckin-vip-x86
Получает информацию о сети.
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
Запрашивает разрешение на отображение системных уведомлений.
