Technical information
Malicious functions:
Sends SMS messages:
- 106575206321505460: dyl#<IMSI>,<IMEI>,6000022-1-304-6_kh15s0004_-0
Executes code of the following detected threats:
- Android.Triada.178
- Android.Triada.258.origin
- Android.Triada.155.origin
Sends data on received text messages to remote host.
Network activity:
Connecting to:
- huangda####.com
- 1####.####.34
- 1####.####.57:10001
- a####.####.com
- i####.####.com
HTTP GET requests:
- i####.####.com/ando-res/ads/30/14/f15541de-b7bd-4ff9-97fb-9e6cc9e4e044/0...
- i####.####.com/ando-res/m/fUuctJnkGSxsEOC6TaFXT4moCtSmKHc5drsBHRgzJD7z6Q...
- i####.####.com/ando-res/ads/30/14/f15541de-b7bd-4ff9-97fb-9e6cc9e4e044/3...
- a####.####.com/ando/i/mon?k=####&d=####
- 1####.####.57:10001/v1/order/get?phone=####&imei=####&sdk_version=####&c...
- i####.####.com/ando-res/m/hQFsvuTOjQG2grLU8T2VCshw4jkuJadBny-GDQ
- i####.####.com/ando-res/ads/4/5/d73ab4a4-4c75-43a7-a3c9-5bdabd9437c8/6ae...
- huangda####.com/resource!resource?resTypes=####&appid=####&channel=####&...
- huangda####.com/active!activeLog.action?provider=####&clickId=####&manu=...
- i####.####.com/ando-res/ads/13/23/bc4dd2ed-0d19-49bd-ad99-f8d032103d54/8...
- i####.####.com/ando-res/ads/4/5/d73ab4a4-4c75-43a7-a3c9-5bdabd9437c8/d26...
- i####.####.com/ando-res/ads/3/2/eff3c843-7d88-43f5-8d7e-c94c4a29226a/e90...
HTTP POST requests:
- huangda####.com/shop/shop_upload_log
- 1####.####.34/v2/chis
- a####.####.com/ando/x/req?app_id=####&r=####
- a####.####.com/ando/x/liv?app_id=f3208725-7012-4a02-b200-5313e98d60a0&r=...
- a####.####.com/ando/x/lis?app_id=####&r=####
- huangda####.com/mobilepay/v2/getPayInfoListX2.do
Modified file system:
Creates the following files:
- <Package Folder>/files/VyBLRJ4wVsfjC8rs6RPY9rI8-2w4Y1XWZ-e-S572CKM=/e8hdLknw0NEUKtmm.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/9eK4uCMXHMlR_f0Me01jjbyPvN4=
- <Package Folder>/databases/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_96zaf7vWhiz709fTL_5v03RWb0c=-journal
- <Package Folder>/files/VyBLRJ4wVsfjC8rs6RPY9rI8-2w4Y1XWZ-e-S572CKM=/CjUj1thCB045yZpe69twrA==/88FXHXbmLWLoiCc3.zip
- <Package Folder>/shared_prefs/pretw.xml
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/idxJ3l31xHk7bS3c/Ib8Dji6nqslSG4TL/2fe5533a-a3ff-4089-85e3-b8b2545d29d6.res.temp
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/Rn0EpK68Y6j6Fjy3WPkHr5rhUfkQVHEa.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/GYMaKMkR0ezQjg0JMFA9I1-_xYmgH_OrOh7XVw==.new
- <Package Folder>/files/VyBLRJ4wVsfjC8rs6RPY9rI8-2w4Y1XWZ-e-S572CKM=/yWwFKbM4mmGoAYGu0_zUng==/data.dat.tmp
- <Package Folder>/files/.ca/QYnIi.jar
- <Package Folder>/files/VyBLRJ4wVsfjC8rs6RPY9rI8-2w4Y1XWZ-e-S572CKM=/0ZP4KuZmcDIC1IvQhrnZ8A==.new
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/9eK4uCMXHMlR_f0Me01jjbyPvN4=.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/C8m5cYdjJklPTsGYG6IvwY7NJiKVcckljWBJPQ==.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/fdUAIaq5rccfnZut_KnFYw==.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/wRzfpxa0K973xalp/e8hdLknw0NEUKtmm.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/c60DusqTt1sZmJK3mey1ralMkys=.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/fwh-AtaF3WQ67ZlxepM_1ukoFmgFhKwkkdlBHw==.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/AqqomI3RMDc_IGNtr6wGwHcedz-oJ2Kuyx928_SvDCw=.new
- <Package Folder>/files/VyBLRJ4wVsfjC8rs6RPY9rI8-2w4Y1XWZ-e-S572CKM=/pO3tpgn35reqKgHtF6TKbg==/h7MVAH-nbqhP7onsaKk-BQ==
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/2Un-gKJw7U9HINx5whVhumIapZnavl3z.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/idxJ3l31xHk7bS3c/Ib8Dji6nqslSG4TL/07a2e0a3-2587-4c46-ace7-ca2d14f708da.res.temp
- <Package Folder>/files/VyBLRJ4wVsfjC8rs6RPY9rI8-2w4Y1XWZ-e-S572CKM=/CAomlLEE4dw4WQ1wpBCAvg==.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/NRcLfYxgYHytTCcFu4rjybIlM8E7aNf9.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/DTJ9vgtxblQPNswUOa935DJvCCY=.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/zhOLnP6J-9veqlhfiLcXRg==/NAh8GYQP6vb1F9woYcARMQzQE7pB79I2.new
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/databases/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_KPBDVSW_lJ9cUudX-journal
- <Package Folder>/files/YVx7owP9n95GrYet94CxkA==/xfcNpXXIrypMkNLZ4tXoc4RKOK8=
- <Package Folder>/shared_prefs/zzconfig.xml
- <Package Folder>/databases/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_96zaf7vWhiz709fTL_5v03RWb0c=
- <Package Folder>/databases/cc/cc.db-journal
- <Package Folder>/databases/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_KPBDVSW_lJ9cUudX
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/OX4b_4vF_7ugjDr5Nn4HcA==.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/idxJ3l31xHk7bS3c/Ib8Dji6nqslSG4TL/e00b22d1-4fe2-4b22-92ac-3198d7d2abd4.res.temp
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/6XR02Ux7CsNuwzmFysEXz0HoksqkRvf1.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/FZVUSq5T-sgQg1QZXsx-5NlhKEg=.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_Dr-XdaYUMYK238lO_app/ci7cZMIPEYHRsRxVNTt9Xg==/dHKYg0KNdkTV89DTuhphOnzrTAa6dehZ.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/idxJ3l31xHk7bS3c/Ib8Dji6nqslSG4TL/c7e6049a-4359-4bf5-8fc3-9214c68cfed4.res.temp
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/idxJ3l31xHk7bS3c/Ib8Dji6nqslSG4TL/0754bf00-b64e-40fd-94b5-805323d0e3ea.res.temp
- <Package Folder>/files/gfaug_d/gfaug_f.zip
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/idxJ3l31xHk7bS3c/Ib8Dji6nqslSG4TL/c660f344-8dbd-41f0-b021-6ddf3787742c.res.temp
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/br6B3JNZ1Aihjb5dwjsKrEVmEJVGy3Bnkkps7v82ruo=.new
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/6LTxFWM1kRq78Uxu/jRd-yq5SaUcnhQKGjX8QQctb-sN9rj9ucitEhYGxKU4=
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/HBuuEM6n9ztEk4pK-XUpU-D21E5URNnB.new
- <Package Folder>/files/VyBLRJ4wVsfjC8rs6RPY9rI8-2w4Y1XWZ-e-S572CKM=/bFI5uGp161xiptHgTMl6uA==/runner_info.prop
- <Package Folder>/databases/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_51i_j-C1vleNQHrIHB9uUA==-journal
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/bfJiOOM4A8Z4c0xt/u8nd3ANOw82vyDRWz7iChwsRcjj0W-YIdIa-XA==
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/G7WjykGrB9S_-mp_OjVBCADCEEc=.new
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/ci7cZMIPEYHRsRxVNTt9Xg==/YTq4C4O8jhVt4I0imkAk23Wu9SKBhNt2.new
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/cc/cc.db
- <Package Folder>/shared_prefs/twj.xml
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/idxJ3l31xHk7bS3c/Ib8Dji6nqslSG4TL/6faa706a-83b5-4ef4-bc8d-01b7c9def6f8.res.temp
- <Package Folder>/files/VyBLRJ4wVsfjC8rs6RPY9rI8-2w4Y1XWZ-e-S572CKM=/pO3tpgn35reqKgHtF6TKbg==/mE9yk5ZyIrUCZkSx
- <Package Folder>/code-1413997/-xyShJX29Hg7__kB
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/idxJ3l31xHk7bS3c/Ib8Dji6nqslSG4TL/ed832c8b-1c3d-41e3-a79e-0da8bb334d51.res.temp
- <Package Folder>/files/VyBLRJ4wVsfjC8rs6RPY9rI8-2w4Y1XWZ-e-S572CKM=/CAomlLEE4dw4WQ1wpBCAvg==
- <Package Folder>/files/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_files/idxJ3l31xHk7bS3c/Ib8Dji6nqslSG4TL/e152b208-6449-4c6a-81b1-f783bf8dea5e.res.temp
- <Package Folder>/databases/g5OfJeAvYj9aAsv0ksGk1Ev5HEbmgNa-_6msjGkIZs6EVKBGx-journal
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/webviewCacheChromium/data_0
Miscellaneous:
Executes next shell scripts:
- sh <Package Folder>/code-1413997/-xyShJX29Hg7__kB <Package> com.xhoy.znhw.afrfuw.a.a.c.b /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M /storage/emulated/0/Download/ladung
- /data/data/####/code-1413997/-xyShJX29Hg7__kB #### com.xhoy.znhw.afrfuw.a.a.c.b /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M /storage/emulated/0/Download/ladung
- <dexopt>
Contains functionality to send SMS messages automatically.
