Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.RemoteCode.360.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.RemoteCode.360.origin
Сетевая активность:
Подключается к:
- TCP(DNS) 8####.8.4.4:53
- UDP(DNS) 8####.8.4.4:53
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) 1####.56.226.115:80
- TCP(HTTP/1.1) 1####.57.155.33:80
- TCP(HTTP/1.1) api.cdn.nexta####.com:80
- TCP(HTTP/1.1) prog####.nexta####.com:80
- TCP(HTTP/1.1) 4####.94.13.7:80
- TCP(HTTP/1.1) yd.gwt.nexta####.####.cn:80
- TCP(HTTP/1.1) 1####.56.226.115:7001
- TCP(HTTP/1.1) 39.1####.77.61:8052
- TCP(HTTP/1.1) 59.1####.154.162:80
- TCP(HTTP/1.1) cdn.nexta####.com:80
- TCP(HTTP/1.1) 39.1####.48.1:80
- TCP(HTTP/1.1) l####.miguv####.com:80
- TCP(TLS/1.0) 59.82.1####.219:443
- TCP(TLS/1.0) msg.umengc####.com:443
- TCP(TLS/1.0) www.a.sh####.com:443
- TCP(TLS/1.0) gmscomp####.google####.com:443
- TCP(TLS/1.0) def####.duals####.cn.####.com:443
- TCP(TLS/1.0) 1####.250.150.138:443
- TCP(TLS/1.0) ccs.u####.com.####.com:443
- TCP(TLS/1.0) rr9---s####.g####.com:443
- TCP(TLS/1.0) worldti####.org:443
- TCP(TLS/1.0) and####.b####.qq.com:443
- TCP(TLS/1.0) a####.u####.com.####.com:443
- TCP(TLS/1.0) new-####.u####.com:443
- TCP(TLS/1.0) u####.u####.com:443
- TCP(TLS/1.0) 59.82.1####.35:443
- TCP(TLS/1.0) 74.1####.131.94:443
- TCP(TLS/1.2) 74.1####.131.101:443
- TCP(TLS/1.2) gmscomp####.google####.com:443
- TCP(TLS/1.2) 74.1####.131.94:443
- TCP ms####.m.u####.com:443
- UDP 1####.48.148.49:40930
- UDP gmscomp####.google####.com:443
- UDP 4####.94.7.87:3478
- UDP 1####.0.21.254:38925
- UDP 1####.87.242.80:3023
- UDP 1####.139.63.231:14208
- TCP 1####.177.35.40:8888
- UDP 1####.201.50.6:3479
- UDP 1####.7.118.218:6349
- UDP 27.1####.165.217:42281
- UDP 1####.8.212.65:21512
- UDP 1####.229.224.208:26583
- UDP 27.2####.141.177:5249
- UDP 1####.106.57.221:46188
- UDP 39.1####.77.61:8050
Запросы DNS:
- a####.u####.com
- amdc####.m.u####.com
- and####.b####.qq.com
- api.cdn.nexta####.com
- ccs.u####.com
- cdn.nexta####.com
- g####.ch####.com
- gmscomp####.google####.com
- l####.miguv####.com
- msg.umengc####.com
- of####.u####.com
- p####.google####.com
- prog####.nexta####.com
- rr9---s####.g####.com
- u####.u####.com
- umen####.m.ta####.com
- ut####.u####.com
- worldti####.org
- www.b####.com
- www.google####.com
- yd.gwt.nexta####.com
Запросы HTTP GET:
- api.cdn.nexta####.com/api/live/v1/pindaos?s_t=####&s_m=####
- cdn.nexta####.com/app/apk/1.0.121/test/apk_upgrade_config_v2.json
- cdn.nexta####.com/app/apk/adJson.txt
- cdn.nexta####.com/app/config/live/splayer_d_c.txt
- cdn.nexta####.com/app/config/live/y4c.json
- cdn.nexta####.com/app/config/playback/config_support_ts.json
- cdn.nexta####.com/app/config/third/jar/hdp.jar
- cdn.nexta####.com/app/uploads/2024-01-25/2b8fef32-3184-40a5-bb0a-53ea2f9...
- cdn.nexta####.com/app/uploads/2024-01-25/40033922-db15-42a6-8b49-b7e34fa...
- cdn.nexta####.com/app/uploads/2024-01-25/4385533d-2cc3-46f8-874a-db404ae...
- cdn.nexta####.com/app/uploads/2024-01-25/5f4f2b7d-3be1-446d-bd35-89e87d3...
- cdn.nexta####.com/app/uploads/2024-01-25/ab63ff8a-1ea0-4f1b-8b6d-ff3aa3a...
- cdn.nexta####.com/app/uploads/2024-01-25/c144e15e-cc5f-4490-99d6-6dae868...
- cdn.nexta####.com/app/uploads/2024-01-30/4a37d8e0-8fcd-43b5-82e7-c44b393...
- cdn.nexta####.com/app/uploads/2024-01-30/5ef4f5bf-6bee-411a-ad6d-148aac4...
- cdn.nexta####.com/app/uploads/2024-01-30/676f458d-b1d9-4247-beed-487758c...
- cdn.nexta####.com/app/uploads/2024-01-30/6f0077d9-fae4-4f79-aa37-a60a054...
- cdn.nexta####.com/app/uploads/2024-01-30/965c4c9b-c02c-48c5-babc-7719aa2...
- cdn.nexta####.com/app/uploads/2024-02-03/420fdc09-cffe-41ae-b3a6-7ccc8fb...
- cdn.nexta####.com/app/uploads/2024-02-28/4a7acd1b-9562-4562-ae9a-756c183...
- cdn.nexta####.com/app/uploads/2024-03-11/718989c3-d3e2-434a-a3ab-b238a73...
- cdn.nexta####.com/app/uploads/2024-03-18/551a2f1b-344b-4bdb-8106-8997ef5...
- cdn.nexta####.com/app/uploads/2024-03-18/9e9b847f-d750-4c00-afd6-0f5f44e...
- cdn.nexta####.com/app/uploads/2024-03-30/5ed9981a-682e-4e3e-af68-56f6d61...
- cdn.nexta####.com/app/uploads/2024-04-02/6f9c914b-cce6-491d-993c-4611a34...
- l####.miguv####.com/live/v2/tv-programs-data/608807420/20240404
- l####.miguv####.com/live/v2/tv-programs-data/624878271/20240404
- l####.miguv####.com/live/v2/tv-programs-data/624878396/20240404
- l####.miguv####.com/live/v2/tv-programs-data/631780421/20240404
- l####.miguv####.com/live/v2/tv-programs-data/631780532/20240404
- l####.miguv####.com/live/v2/tv-programs-data/641886683/20240404
- prog####.nexta####.com/programs/20240404/local-bjcj
- prog####.nexta####.com/programs/20240404/local-bjxw
- prog####.nexta####.com/programs/20240404/local-dbxq
- prog####.nexta####.com/programs/20240404/local-fangshandianshitai
- prog####.nexta####.com/programs/20240404/local-hnly
- prog####.nexta####.com/programs/20240404/local-shunyitai
- worldti####.org:443/api/ip
- www.a.sh####.com:443/
- yd.gwt.nexta####.####.cn/user/d6f3f64id7nk/material/transcode/dg73t5byhg...
Запросы HTTP POST:
- a####.u####.com.####.com:443/v3/a/audid/req
- and####.b####.qq.com:443/rqd/async?aid=####
- ccs.u####.com.####.com:443/aa
- def####.duals####.cn.####.com:443/log/switch
- def####.duals####.cn.####.com:443/v2/offmsg/req
- msg.umengc####.com:443/v3/tag/add
- new-####.u####.com:443/anti/postZdata
- u####.u####.com:443/umpx_push_launch
- u####.u####.com:443/umpx_push_register
- u####.u####.com:443/unify_logs
- u####.u####.com:443/zcfg
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.hptc_kache_com.joy.happy
- /data/data/####/.imprint
- /data/data/####/0e9fb6677ec30bf8f35ad03ba7939990.0.tmp
- /data/data/####/0e9fb6677ec30bf8f35ad03ba7939990.1.tmp
- /data/data/####/1004
- /data/data/####/10df0d3acf4351045c24ac50ca4dd961e473bbf669dc93c....0.tmp
- /data/data/####/13e0a68417b5ed9b87a606f7d7be7d1db1b9112fc87c8dd....0.tmp
- /data/data/####/13e0a68417b5ed9b87a606f7d7be7d1db1b9112fc87c8dd...c0af.0
- /data/data/####/1ae3410fe731d22bff27bce3f50565f7.0.tmp
- /data/data/####/1ae3410fe731d22bff27bce3f50565f7.1
- /data/data/####/1ae3410fe731d22bff27bce3f50565f7.1.tmp
- /data/data/####/1baa64c4c2defdbc3f27d0632054c312.0
- /data/data/####/1baa64c4c2defdbc3f27d0632054c312.1
- /data/data/####/1f5189b4ffa5dbb413028d9155c6d99aafd87c0905e354e...10da.0
- /data/data/####/36bd67394ced21c20395444b7310fb932b4b39c4361aea9....0.tmp
- /data/data/####/380dcc0dd1e092c32a8c73a39456c16f.0.tmp
- /data/data/####/380dcc0dd1e092c32a8c73a39456c16f.1
- /data/data/####/380dcc0dd1e092c32a8c73a39456c16f.1.tmp
- /data/data/####/4373794a74c99b2299b7d2795cfde79f.0.tmp
- /data/data/####/4373794a74c99b2299b7d2795cfde79f.1.tmp
- /data/data/####/447ae164b619584675b4cd6b3db34e33.0
- /data/data/####/447ae164b619584675b4cd6b3db34e33.1
- /data/data/####/4cdf0c6a75534e0abc9f3c14472944c9.0
- /data/data/####/4cdf0c6a75534e0abc9f3c14472944c9.1
- /data/data/####/5f97a574ecef3f510f4869c3809b4277.0.tmp
- /data/data/####/5f97a574ecef3f510f4869c3809b4277.1
- /data/data/####/647813e1a8fab206c4238a31bd51d7ac1394b0d9e2fc563....0.tmp
- /data/data/####/647813e1a8fab206c4238a31bd51d7ac1394b0d9e2fc563...cfee.0
- /data/data/####/65fdb03d29a9ee68fce68fac8c25299995bea1d3681c74d....0.tmp
- /data/data/####/6741e7733f7041fa537abce7ec8707c8ca793b876f756f4...1982.0
- /data/data/####/6fa91af9a051a608376eadfe33ccff597c35117f79d913b...e51a.0
- /data/data/####/7a4adbd26ad1339db02dcfffcdb900dd.0
- /data/data/####/7a4adbd26ad1339db02dcfffcdb900dd.1
- /data/data/####/7bce701a0982b70114d70b12411a2ec2.0
- /data/data/####/7bce701a0982b70114d70b12411a2ec2.1
- /data/data/####/868fda8d49460a681cb6c7cc15c2125af1a75137ce92900....0.tmp
- /data/data/####/868fda8d49460a681cb6c7cc15c2125af1a75137ce92900...a5e0.0
- /data/data/####/93783eb171526b50728e365cdaf66c44879f51bfabd058b....0.tmp
- /data/data/####/93783eb171526b50728e365cdaf66c44879f51bfabd058b...baed.0
- /data/data/####/9b16b9068c6e98fc550241bd1badf010.0.tmp
- /data/data/####/9b16b9068c6e98fc550241bd1badf010.1
- /data/data/####/9b16b9068c6e98fc550241bd1badf010.1.tmp
- /data/data/####/ACCS_BINDdefault.xml
- /data/data/####/ACCS_SDK.xml
- /data/data/####/ACCS_SDK_CHANNEL.xml
- /data/data/####/AGOO_BIND.xml
- /data/data/####/Agoo_AppStore.xml
- /data/data/####/Agoo_AppStore.xml.bak
- /data/data/####/BUGLY_COMMON_VALUES.xml
- /data/data/####/CONFIG.xml
- /data/data/####/CONFIG_orther.xml
- /data/data/####/CP_cache.xml
- /data/data/####/DECODE_CONFIG.xml
- /data/data/####/HISTORY.xml
- /data/data/####/LIVE_CONFIG.xml
- /data/data/####/MessageStore.db-journal
- /data/data/####/MsgLogStore.db-journal
- /data/data/####/PERMANENT_DATA.xml
- /data/data/####/PLAY.xml
- /data/data/####/Sb_Cn.xml
- /data/data/####/Splayer_config.xml
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/accs.db-journal
- /data/data/####/advertisement.xml
- /data/data/####/api.prefs.xml
- /data/data/####/api.prefs.xml.bak
- /data/data/####/api.prefs.xml.bak (deleted)
- /data/data/####/b128703cd3a465203f3b09db2a628f3b.0.tmp
- /data/data/####/b128703cd3a465203f3b09db2a628f3b.1.tmp
- /data/data/####/b18e786982a736c0cebe78fbd9b2c04321c30da3a66bf6c....0.tmp
- /data/data/####/b18e786982a736c0cebe78fbd9b2c04321c30da3a66bf6c...d97f.0
- /data/data/####/b4b69caa52463ba70e5e57af6d73252d.0
- /data/data/####/b4b69caa52463ba70e5e57af6d73252d.1
- /data/data/####/bd035c39874eb6c38c6452c24a79b265.0.tmp
- /data/data/####/bd035c39874eb6c38c6452c24a79b265.1
- /data/data/####/bd035c39874eb6c38c6452c24a79b265.1.tmp
- /data/data/####/bugly_db_-journal
- /data/data/####/bugly_last_us_up_tm
- /data/data/####/c32a6393d2a5980a2588b69b5c42759e27bf6b79cf12599...3607.0
- /data/data/####/c87cb1b81d66b8204506dde15ee7b83a.0.tmp
- /data/data/####/c87cb1b81d66b8204506dde15ee7b83a.1
- /data/data/####/c87cb1b81d66b8204506dde15ee7b83a.1.tmp
- /data/data/####/cc19d736cf692685252c9835e3b6f60a.0.tmp
- /data/data/####/cc19d736cf692685252c9835e3b6f60a.1
- /data/data/####/cc19d736cf692685252c9835e3b6f60a.1.tmp
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-1.bl...leted)
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-1.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-10.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-11.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-12.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-13.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-14.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-18.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-2.bl...leted)
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-2.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-3.bl...leted)
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-3.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-4.bl...leted)
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-4.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-5.bl...leted)
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-5.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-6.bl...leted)
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-6.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-7.bl...leted)
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-7.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-8.bl...leted)
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-8.block
- /data/data/####/channel---3af59bddec93fa43ae15a4299602a11d-9.block
- /data/data/####/conf.dat
- /data/data/####/count_shop_tip.xml
- /data/data/####/crashrecord.xml
- /data/data/####/cuuid.xml
- /data/data/####/d54b14df7f8f142a671869cfd69740854874b43dfabff2c....0.tmp
- /data/data/####/d54b14df7f8f142a671869cfd69740854874b43dfabff2c...d037.0
- /data/data/####/db4cc779f4f82a5625bfbeed79d74d2e.0.tmp
- /data/data/####/db4cc779f4f82a5625bfbeed79d74d2e.1
- /data/data/####/db4cc779f4f82a5625bfbeed79d74d2e.1.tmp
- /data/data/####/delayed_transmission_flag_new.xml
- /data/data/####/e3b681250b264cc5631036bc2f21facbadbcd9adf3c4cf1....0.tmp
- /data/data/####/e8b82c69f658e5f8a66d46fccaf85b9513d8f526a8919de....0.tmp
- /data/data/####/epg-cctv01_v2-20240404-pb.json
- /data/data/####/epg-cctv02_v2-20240404-pb.json
- /data/data/####/epg-cctv03_v2-20240404-pb.json
- /data/data/####/epg-cctv04_v2-20240404-pb.json
- /data/data/####/epg-cctv05_v2-20240404-pb.json
- /data/data/####/epg-cctv06_v2-20240404-pb.json
- /data/data/####/epg-local-bjcj_v2-20240404-pb.json
- /data/data/####/epg-local-bjxw_v2-20240404-pb.json
- /data/data/####/event_db
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f789dd6a0fced08334d5df132b360ef0.0.tmp
- /data/data/####/f789dd6a0fced08334d5df132b360ef0.1
- /data/data/####/f789dd6a0fced08334d5df132b360ef0.1.tmp
- /data/data/####/f8fdb5d40c8dad1ea52e74cd6ee7eb60.0.tmp
- /data/data/####/f8fdb5d40c8dad1ea52e74cd6ee7eb60.1
- /data/data/####/f8fdb5d40c8dad1ea52e74cd6ee7eb60.1.tmp
- /data/data/####/hdl_v3.jar
- /data/data/####/i==1.2.0&&1.0.127_1712239523896_dW5pZnlfbG9ncw==;.log
- /data/data/####/journal
- /data/data/####/journal.tmp
- /data/data/####/kk.xml
- /data/data/####/kk.xml.bak
- /data/data/####/libvaci_tvcore.so
- /data/data/####/local_crash_lock
- /data/data/####/message_accs_db
- /data/data/####/message_accs_db-journal
- /data/data/####/native_record_lock
- /data/data/####/native_record_lock (deleted)
- /data/data/####/p==6.6.2&&1.0.127_1712239520483_dW1weF9wdXNoX3J...y;.log
- /data/data/####/p==6.6.2&&1.0.127_1712239533150_dW1weF9wdXNoX2x...=;.log
- /data/data/####/player.tmp
- /data/data/####/proc_auxv
- /data/data/####/risk_user_info.xml
- /data/data/####/settings.prefs.xml
- /data/data/####/spider_prefs.xml
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_policy_grant.xml
- /data/data/####/um_push_ut.xml
- /data/data/####/um_session_id.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_policy_result_flag
- /data/data/####/umeng_push.xml
- /data/data/####/umeng_push.xml.bak
- /data/data/####/umeng_sp_oaid.xml
- /data/data/####/umeng_zcfg_flag
- /data/data/####/umeng_zero_cache.db
- /data/data/####/umeng_zero_cache.db-journal
- /data/data/####/umzid_general_config.xml
- /data/data/####/user_info.xml
- /data/data/####/vaci_epg.dex
- /data/data/####/vaci_epg.dex.flock (deleted)
- /data/data/####/vaci_epg.tmp
- /data/data/####/vaci_plugin.dex
- /data/data/####/vaci_plugin.dex.flock (deleted)
- /data/data/####/vaci_plugin.tmp
- /data/data/####/vaci_plugin_config.xml
- /data/data/####/vaci_pp.jar
- /data/data/####/z==1.2.0&&1.0.127_1712239514900_emNmZw==;.log
- /data/data/####/zijian-kangqitanglining.0
- /data/data/####/zijian-yijiantanghonglanguangzhuanshu.0
- /data/media/####/ffu.txt
- /data/media/####/uuid.data
- /data/misc/####/primary.prof
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_max_freq
- /system/bin/sh -c getprop
- getprop
- getprop ro.product.brand
- getprop ro.product.model
- getprop ro.system.build.id
- ls /
- ls /sys/class/thermal
Загружает динамические библиотеки:
- libBugly_Native
- libijkffmpeg
- libijkplayer
- libijksdl
- libmmkv
- libplayer
- libtnet-3.1.14
- libumeng-spy
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
Получает информацию об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
