Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Mixi.16.origin
Network activity:
Connecting to:
- s####.####.com
- 1####.####.225
- g####.####.com
HTTP GET requests:
- g####.####.com/cr/sv/getGoFile?name=####
- s####.####.com/cr/sdk/170417/goplaysdk_statistics_all_1704171.dat
- s####.####.com/cr/sdk/170417/des_V17041703Aj1so32.zip
- g####.####.com/cr/sv/getRecord?eids=####&appKey=####&flag=####
HTTP POST requests:
- g####.####.com/cr/sv/getEPList
- 1####.####.225/dreport
Modified file system:
Creates the following files:
- /data/data/####/shared_prefs/settings.xml.bak
- /data/data/####/ReadyHost.txt
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /data/data/####/shared_prefs/settings.xml
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/files/1493729802868_V17041703Aj1so32.so
- /data/data/####/files/hftJcw46N.jar
- /data/data/####/app_file_dex/MasterControl.jar
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /data/data/####/databases/####.db-journal
- /data/data/####/PreExcuModsInfo.txt
- /data/data/####/files/23DB8520H32/####12x862
- /data/data/####/databases/webview.db-journal
- /data/data/####/files/az7x2DB8520H4/5az7x2DB8520H46
- /data/data/####/XmSmLockFile.txt
- /data/data/####/files/Android-x86112.jar
Sets the 'executable' attribute to the following files:
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
Miscellaneous:
Executes next shell scripts:
- sh /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
- sh -c rm /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
- getenforce
- sh -c rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
- rm /data/data/####/files/hftJcw46N.dex
- sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
- /system/bin/dexopt --dex 27 41 40 226208 /data/data/####/app_file_dex/MasterControl.jar 1244887144 -736492987 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/fr
- sh -c rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
- rm -f /data/data/####/files/hftJcw46N.dex
- chmod 0771 /data/data/####/.syslib-
- sh -c rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh -c rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
- rm /data/data/####/files/hftJcw46N.jar
- /system/bin/dexopt --dex 27 60 40 23552 /data/data/####/files/hftJcw46N.jar 1251046254 1664476667 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/fram
- rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /system/bin/dexopt --dex 27 82 40 66944 /data/data/####/files/Android-x86112.jar 1251052727 1662001824 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework
- sh -c /system/usr/toolbox rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
- sh -c rm /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
- rm -f /data/data/####/files/hftJcw46N.jar
- rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
Contains functionality to send SMS messages automatically.
