Technical information
Malicious functions:
Sends SMS messages:
- 12114516386: 上海麦圈网##########
Executes code of the following detected threats:
- Android.Triada.155.origin
- Android.Triada.151.origin
Network activity:
Connecting to:
- g####.####.com
- i####.####.com
- o####.####.com
- p####.####.com
- w####.####.cn
- i####.####.cn
- 1####.####.136:8090
- a####.####.com
HTTP GET requests:
- i####.####.com/ando-res/m/i0r*lg6v0h8-VWU1P*FQdeOi4Rt063q4kkFbwd7Db1IzyTD5msrpwg
HTTP POST requests:
- a####.####.com/ando/x/liv?app_id=9d918ef9-f3ff-4380-ae9c-6606528ba596&r=855525292?r=####
- 1####.####.136:8090/main.aspx
- a####.####.com/ando/x/liv?app_id=9d918ef9-f3ff-4380-ae9c-6606528ba596&r=1041372691?r=####
- g####.####.com/cooguosdk?b=####&requestId=####&a=####
- o####.####.com/v2/get_update_time
- p####.####.com/interfaceAction?unikey=####
- w####.####.cn/ip.jsp
- o####.####.com/v2/check_config_update
- i####.####.cn/iplookup/iplookup.php?format=####
- a####.####.com/app_logs
Modified file system:
Creates the following files:
- /data/data/####/files/RqGU16kuBD_a8Flko2-xkI18zlgVKB3nId_R05RlyYY=/ZRSkiQFBqnOo2rwrKoBjaA==.new
- /sdcard/.hand/developkeyda6ebeac-5622-4241-8492-fd3742d1bdab.tmp
- /sdcard/widgets/system/configs/tmn22.sys26209298-28f6-416f-8895-c86e03990bba.tmp
- /sdcard/widgets/system/configs/tmn22.sysf753e744-f2b9-4c4e-9cbf-fe9aa7c730db.tmp
- /sdcard/sdtmp/id101ae865a-7514-43a3-a1ce-e24cddf64495.tmp
- /data/data/####/files/RqGU16kuBD_a8Flko2-xkI18zlgVKB3nId_R05RlyYY=/2k0GFH_8YixEMRYbm1hllA==/Jr3PBc0gDWD1jTyB.zip
- /data/data/####/files/RqGU16kuBD_a8Flko2-xkI18zlgVKB3nId_R05RlyYY=/hNjOLTLQBsP0D8F7XtTIVA==.new
- /sdcard/widgets/system/configs/tmn22.sys6daad0f6-4017-41ac-bebb-49d203a5d6a1.tmp
- /data/data/####/files/RqGU16kuBD_a8Flko2-xkI18zlgVKB3nId_R05RlyYY=/7Qy6-jh2Ptf51elWg7kPLg==/skVRABhUT7jzxylT
- /data/data/####/shared_prefs/sendtimedetail.xml
- /sdcard/widgets/system/configs/tmn22.sys864c3518-67c6-4843-be48-9040c435904e.tmp
- /data/data/####/files/RqGU16kuBD_a8Flko2-xkI18zlgVKB3nId_R05RlyYY=/7Qy6-jh2Ptf51elWg7kPLg==/N7bdoHu3xGGwucXjgMVKEw==
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/shared_prefs/onlineconfig_agent_online_setting_####.xml
- /sdcard/.env/.uunique.new
- /sdcard/mmt/widegets/data/test.dat19f3e0a9-5b71-4919-a633-03e5d54c0f54.tmp
- /data/data/####/files/.imprint
- /data/data/####/files/RqGU16kuBD_a8Flko2-xkI18zlgVKB3nId_R05RlyYY=/rAKQPNYLrURUZ4xnxiNHCw==/data.dat.tmp
- /data/data/####/shared_prefs/cg.xml
- /data/data/####/files/skmnaa_d/skmnaa_f.zip
- /sdcard/.hand/lastacc4a5fb7a9-6d34-4622-a86b-b76b6d127e3a.tmp
- /sdcard/mmt/widegets/data/test.dat3d1b3af7-2270-4bae-9ba9-32269afbadbd.tmp
- /data/data/####/files/XFonSzQ_ot5NWW8103pKNvMKxxjHq_bbqB2Q3lm4BKk=/2k0GFH_8YixEMRYbm1hllA==/Jr3PBc0gDWD1jTyB.zip
- /sdcard/sdtmp/id267dac309-1e4a-470d-8f78-91c8d4617a6d.tmp
- /data/data/####/files/RqGU16kuBD_a8Flko2-xkI18zlgVKB3nId_R05RlyYY=/ZRSkiQFBqnOo2rwrKoBjaA==
- /sdcard/widgets/system/configs/tmn22.sysf3cc38db-220c-4930-91d2-5563ddbbd8d0.tmp
- /sdcard/mmt/widegets/data/test.dat111f7e52-1ac0-4b65-8f21-1e62e6c07b5a.tmp
- /sdcard/mmt/widegets/data/droidinfo-journal
- /data/data/####/files/tzxq_d/tzxq_f.zip
- /data/data/####/shared_prefs/sendsms.xml
- /sdcard/cooguo/data/code/CG.DAT
- /data/data/####/files/umeng_it.cache
- /sdcard/Android/data/####/cache/.nomedia
- /sdcard/.uct/uuid3c0b594c8-0dad-4dc3-9196-2fab619fa56e.tmp
- /sdcard/.balt/sysds.dat8fc99355-a412-4cc1-90ca-3403e108d397.tmp
- /sdcard/tmpsd11012/test.dat75bf1245-a06d-408d-837d-fd7fafe6b7f7.tmp
- /sdcard/widgets/system/configs/tmn22.sys779d9a00-14f6-4eb8-b956-ffde33a7ae9b.tmp
- /sdcard/tmpsd11012/test.dat5086b36c-7971-4ed0-8565-452c01bae963.tmp
- /data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
- /sdcard/widgets/system/configs/tmn22.sysfdbab6cb-4346-43a3-96c1-0a76930bf134.tmp
- /sdcard/widgets/system/configs/tmn22.sys7c8ef0ba-f7d4-475e-92fa-a765fd0cf0e1.tmp
- /sdcard/mmt/widegets/data/droidinfo
Miscellaneous:
Executes next shell scripts:
- /system/bin/.nbwayxwzt
- cat /sys/class/net/wlan0/address
Contains functionality to send SMS messages automatically.
