Android.SpyMax.228

Technical information

Malicious functions:

Executes code of the following detected threats:

Android.SpyMax.19

Threat detection based on machine learning.

Network activity:

Connects to:

UDP(DNS) 8####.8.4.4:53
TCP(TLS/1.0) c####.line-####.net.####.net:443
TCP(TLS/1.0) p####.google####.com:443
TCP(TLS/1.0) ads.twi####.com:443
TCP(TLS/1.0) t####.creativ####.com:443
TCP(TLS/1.0) 1####.250.150.95:443
TCP(TLS/1.0) 74.1####.205.95:443
TCP(TLS/1.0) t####.co:443
TCP(TLS/1.0) rr13---####.g####.com:443
TCP(TLS/1.0) analy####.go####.com:443
TCP(TLS/1.0) www.go####.ru:443
TCP(TLS/1.0) b99.y####.co.jp:443
TCP(TLS/1.0) bat-bin####.a-####.a-ms####.net:443
TCP(TLS/1.0) st####.ads-twi####.com:443
TCP(TLS/1.0) www.google-####.com:443
TCP(TLS/1.0) cdn.k####.net:443
TCP(TLS/1.0) www.app.kur####.####.jp:443
TCP(TLS/1.0) img.ak.impac####.jp:443
TCP(TLS/1.0) b97.y####.co.jp:443
TCP(TLS/1.0) s.y####.jp:443
TCP(TLS/1.0) www.googlet####.com:443
TCP(TLS/1.0) googl####.g.doublec####.net:443
TCP(TLS/1.0) 1####.251.1.94:443
TCP(TLS/1.0) con####.face####.net:443
TCP(TLS/1.0) and####.a####.go####.com:443
TCP(TLS/1.0) b92.y####.co.jp:443
TCP(TLS/1.0) pla####.google####.com:443
TCP(TLS/1.0) www.go####.com:443
TCP(TLS/1.0) f####.gst####.com:443
TCP(TLS/1.0) s####.g.doublec####.net:443
TCP(TLS/1.2) 74.1####.205.95:443
TCP(TLS/1.2) 1####.251.1.94:443
TCP 1####.233.210.35:27772
UDP p####.google####.com:443

DNS requests:

35.210.233.####.arpa
am.y####.co.jp
analy####.go####.com
analy####.twi####.com
and####.a####.go####.com
b92.y####.co.jp
b97.y####.co.jp
b99.y####.co.jp
bat.b####.com
cdn.ad####.smt.####.jp
cdn.k####.net
con####.face####.net
d.line-####.net
f####.gst####.com
googl####.g.doublec####.net
img.ak.impac####.jp
p####.google####.com
pla####.google####.com
rr13---####.g####.com
s####.g.doublec####.net
s.y####.jp
st####.ads-twi####.com
t####.co
t####.creativ####.com
tr.l####.me
www.app.kur####.####.jp
www.go####.com
www.go####.ru
www.google####.com
www.google-####.com
www.googlet####.com

File system changes:

Creates the following files:

/data/data/####/00c12b3052703884_0 (deleted)
/data/data/####/0c6b244083a6c976_0 (deleted)
/data/data/####/0e296789b86540d2_0 (deleted)
/data/data/####/11612f17f0bbedbb_0 (deleted)
/data/data/####/13cd448a17c53754_0 (deleted)
/data/data/####/14c4153602bd4c2d_0 (deleted)
/data/data/####/1502351eccb62dd2_0
/data/data/####/1502351eccb62dd2_1
/data/data/####/167fe117702fae4c_0 (deleted)
/data/data/####/1d857e38ed4ab734_0
/data/data/####/200a03250602bf6c_0 (deleted)
/data/data/####/212abf7e8b0c0f17_0 (deleted)
/data/data/####/25067fc7d9670554_0
/data/data/####/25d34fbeddc3b8f9_0 (deleted)
/data/data/####/281bbb511cd841b3_0 (deleted)
/data/data/####/2940195bd9870d6e_0
/data/data/####/2940195bd9870d6e_1
/data/data/####/30d663b7c776bed9_0 (deleted)
/data/data/####/328b541f701f946b_0 (deleted)
/data/data/####/347002368e00371f_0 (deleted)
/data/data/####/359a4cce1e2d15b2_0 (deleted)
/data/data/####/35acc0c2df31a926_0 (deleted)
/data/data/####/35f3137a35efe120_0 (deleted)
/data/data/####/3eb2f9626ef6f779_0 (deleted)
/data/data/####/4085d2a5eba90bab_0 (deleted)
/data/data/####/411cd2351756167e_0 (deleted)
/data/data/####/427ce4c3635eb8e1_0 (deleted)
/data/data/####/4377500b7272435d_0 (deleted)
/data/data/####/43b51115b86938ad_0 (deleted)
/data/data/####/444222660e8f4333_0
/data/data/####/444222660e8f4333_1
/data/data/####/44a9f6a2eeb53968_0 (deleted)
/data/data/####/47065f7e16ba30ee_0 (deleted)
/data/data/####/47c98c165d9e1c8f_0
/data/data/####/47c98c165d9e1c8f_1
/data/data/####/49dd2a69d1341a21_0 (deleted)
/data/data/####/4e030beb179ea69d_0
/data/data/####/4e030beb179ea69d_1
/data/data/####/529d0c5ed0d2b9a2_0 (deleted)
/data/data/####/54a84915a6266571_0
/data/data/####/54a84915a6266571_1
/data/data/####/575d57dacb1084d9_0
/data/data/####/575d57dacb1084d9_1
/data/data/####/584240892d411f73_0 (deleted)
/data/data/####/5bca52e388ac6191_0
/data/data/####/5bca52e388ac6191_1
/data/data/####/5e9670c8ebb56733_0 (deleted)
/data/data/####/5eb4ed8fd5752758_0 (deleted)
/data/data/####/655b8307218fd9c8_0 (deleted)
/data/data/####/668017db1371d75a_0
/data/data/####/668017db1371d75a_1
/data/data/####/6700e4415c6f1a46_0 (deleted)
/data/data/####/6b86bb68d2d627fa_0
/data/data/####/6b86bb68d2d627fa_1
/data/data/####/707efc33a8a9df36_0
/data/data/####/71d1fc65cf608b5e_0
/data/data/####/71d1fc65cf608b5e_1
/data/data/####/75ce6208a1120104_0
/data/data/####/75ce6208a1120104_1
/data/data/####/826d4bfeafa9cd2d_0 (deleted)
/data/data/####/88dafea6546c40af_0 (deleted)
/data/data/####/8c04abe1da7df9e9_0
/data/data/####/8c04abe1da7df9e9_1
/data/data/####/8df9de3be603336a_0 (deleted)
/data/data/####/91f12736728580d9_0 (deleted)
/data/data/####/921ce1afb3833054_0
/data/data/####/944fbfd86b7a276a_0
/data/data/####/944fbfd86b7a276a_1
/data/data/####/94b0620d481e5afb_0 (deleted)
/data/data/####/988d962deda62db2_0
/data/data/####/988d962deda62db2_1
/data/data/####/9ebbb0d73963b568_0 (deleted)
/data/data/####/9fdf1d605167b497_0
/data/data/####/9fdf1d605167b497_1
/data/data/####/Cookies-journal
/data/data/####/WebViewChromiumPrefs.xml
/data/data/####/a27e78b1b65d331a_0 (deleted)
/data/data/####/a3c0405aeb63d582_0 (deleted)
/data/data/####/a525daef20f447b1_0
/data/data/####/a525daef20f447b1_1
/data/data/####/a608caedeab77e4b_0
/data/data/####/a608caedeab77e4b_1
/data/data/####/a8d23760ef2a36f0_0 (deleted)
/data/data/####/aad7e2ab33f6d046_0 (deleted)
/data/data/####/af12679e6b694c0a_0 (deleted)
/data/data/####/b32ec2fb3f69d400_0
/data/data/####/b32ec2fb3f69d400_1
/data/data/####/b3c97903ed09839e_0
/data/data/####/b3c97903ed09839e_1
/data/data/####/b43864a90babb1c5_0
/data/data/####/b43864a90babb1c5_1
/data/data/####/b51fe9df9731e52e_0
/data/data/####/b51fe9df9731e52e_1
/data/data/####/b8f68974faedde85_0
/data/data/####/c02b3d0cfd95697f_0 (deleted)
/data/data/####/c20cd0b32fcfe0e9_0 (deleted)
/data/data/####/c5a0249fe59a1da2_0
/data/data/####/c5a0249fe59a1da2_1
/data/data/####/c73bafbb9b5dfa4d_0
/data/data/####/c7be82439e4273e6_0 (deleted)
/data/data/####/cc3dc9c27cf2b7f7_0 (deleted)
/data/data/####/cceded2a799e3e83_0
/data/data/####/cceded2a799e3e83_1
/data/data/####/com.faceai.boot.xml
/data/data/####/com.faceai.boot_preferences.xml
/data/data/####/d0d0073902a8a591_0
/data/data/####/d0d0073902a8a591_1
/data/data/####/d28232e7a7b26e5c_0
/data/data/####/d28232e7a7b26e5c_1
/data/data/####/d2bd06cd65b8b204_0 (deleted)
/data/data/####/d2ee78c105efca0f_0
/data/data/####/d2ee78c105efca0f_1
/data/data/####/d8739ac74364f9c9_0 (deleted)
/data/data/####/dbb09721aabaff11_0
/data/data/####/dc4e65d20a911dfa_0
/data/data/####/dc4e65d20a911dfa_1
/data/data/####/dcaf1d571d046200_0 (deleted)
/data/data/####/dd47621dde43a00d_0 (deleted)
/data/data/####/dfb5db76d8a5f441_0 (deleted)
/data/data/####/e3757be3d9a0d762_0 (deleted)
/data/data/####/e4e0356d64cadbbb_0 (deleted)
/data/data/####/e7c141bed8121326_0 (deleted)
/data/data/####/e8bdf414fc88ea10_0 (deleted)
/data/data/####/ea6a464b92f4fe63_0 (deleted)
/data/data/####/eb30e483e8841df0_0 (deleted)
/data/data/####/f0230e99df5ad2c9_0 (deleted)
/data/data/####/f1ef1f8b651e95ab_0 (deleted)
/data/data/####/f4cee5662957875c_0
/data/data/####/f4cee5662957875c_1
/data/data/####/f839488d03f68964_0 (deleted)
/data/data/####/faaf8551eb9f731f_0
/data/data/####/faaf8551eb9f731f_1
/data/data/####/ff176ef88bfd88f6_0
/data/data/####/ff176ef88bfd88f6_1
/data/data/####/https_www.app.kurashi.tepco.co.jp_0.localstorage-journal
/data/data/####/index
/data/data/####/metrics_guid
/data/data/####/sysinfo0.dex
/data/data/####/sysinfo0.dex.flock (deleted)
/data/data/####/temp-index
/data/data/####/the-real-index
/data/media/####/kvm.dat
/data/media/####/log-2023-06-09.txt
/data/media/####/sysinfo0
/data/misc/####/primary.prof

Miscellaneous:

Gets information about network.

Adds tasks to the system scheduler.

Displays its own windows over windows of other apps.

Requests the system alert window permission.

Appears corrupted in a way typical for malicious files.

Технологии

Термины

Обучение и просвещение

Мифы

Technical information

Рекомендации по лечению

Демо бесплатно на 14 дней