Technical information
Malicious functions:
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) api.tap####.com:80
- TCP(HTTP/1.1) str####.va####.click:1935
- TCP(HTTP/1.1) ta####.com:80
- TCP(TLS/1.0) e.crashly####.com:443
- TCP(TLS/1.0) 2####.58.212.206:443
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP(TLS/1.0) api.va####.click:443
- TCP(TLS/1.0) ssl.google-####.com:443
- TCP(TLS/1.0) onesi####.com:443
DNS requests:
- api.tap####.com
- api.va####.click
- e.crashly####.com
- mt####.go####.com
- onesi####.com
- sett####.crashly####.com
- ssl.google-####.com
- str####.va####.click
- ta####.com
HTTP GET requests:
- api.tap####.com/img/Resources2.zip
- str####.va####.click:1935/vod/_definst_/mp3:17/assets/products/Music/150...
- ta####.com/assets/endpics/311/action.png
- ta####.com/assets/endpics/311/back-land.jpg
- ta####.com/assets/endpics/311/back-port.jpg
- ta####.com/assets/endpics/311/banner_new.html
- ta####.com/assets/endpics/311/logo.png
- ta####.com/assets/endpics/311/logo2.png
- ta####.com/assets/endpics/509/action.png
- ta####.com/assets/endpics/509/back-land.jpg
- ta####.com/assets/endpics/509/back-port.png
- ta####.com/assets/endpics/509/banner_new.html
- ta####.com/assets/endpics/511/action.png
- ta####.com/assets/endpics/511/back-land.jpg
- ta####.com/assets/endpics/511/back-port.png
- ta####.com/assets/endpics/511/banner_new.html
- ta####.com/assets/endpics/start_load.html
HTTP POST requests:
- api.tap####.com/api/v1/initialize
- api.tap####.com/api/v1/setdeviceid
- api.tap####.com/api/v1/setsdklog
Modified file system:
Creates the following files:
- /data/data/####/38603aa0e120e6b95f31be7a9944dbfd1560b3312accb37....0.tmp
- /data/data/####/48099e3767c385231b674eae6cb37293053fbcd28ef99a6....0.tmp
- /data/data/####/5AFBD7E60092-0001-080F-1A7D3CD90BCEBeginSession.cls_temp
- /data/data/####/5AFBD7E60092-0001-080F-1A7D3CD90BCESessionApp.cls_temp
- /data/data/####/5AFBD7E60092-0001-080F-1A7D3CD90BCESessionDevice.cls_temp
- /data/data/####/5AFBD7E60092-0001-080F-1A7D3CD90BCESessionOS.cls_temp
- /data/data/####/63efd023e6f4a9f670b24607f0b2fef754bd97caf04ad18....0.tmp
- /data/data/####/75ae7f5bdaacd2849caf14b4894ef697fbf1ee02dd9abbe....0.tmp
- /data/data/####/983c0c3a4adb0500e3e0648dce7a8d32d66c1aa1de39793....0.tmp
- /data/data/####/ADWATCH
- /data/data/####/ADWATCH-journal
- /data/data/####/OneSignal.db-journal
- /data/data/####/OneSignal.xml
- /data/data/####/Resources.zip
- /data/data/####/TwitterAdvertisingInfoPreferences.xml
- /data/data/####/__pushe_base_lib_db-journal
- /data/data/####/aaeb03e9090beebef036f6ba05f0168dceddc7dddf80f5b....0.tmp
- /data/data/####/action.png
- /data/data/####/back-land.jpg
- /data/data/####/back-port.jpg
- /data/data/####/back-port.png
- /data/data/####/banner_new.html
- /data/data/####/co.ronash.pushe.keystore.xml
- /data/data/####/com.crashlytics.prefs.xml
- /data/data/####/com.crashlytics.sdk.android.crashlytics-core;co...re.xml
- /data/data/####/com.crashlytics.sdk.android;answers;settings.xml
- /data/data/####/com.crashlytics.settings.json
- /data/data/####/com.google.android.gms.analytics.prefs.xml
- /data/data/####/com.google.android.gms.appid-no-backup
- /data/data/####/com.google.android.gms.appid.xml
- /data/data/####/com.google.android.gms.measurement.prefs.xml
- /data/data/####/config_stored_prefs.xml
- /data/data/####/config_stored_prefs.xml.bak
- /data/data/####/data_stored_prefs.xml
- /data/data/####/db25c0234cb7e807df7800597050c4c966b05d0c1a0a863....0.tmp
- /data/data/####/evernote_jobs.db-journal
- /data/data/####/evernote_jobs.xml
- /data/data/####/font.ttf
- /data/data/####/gaClientId
- /data/data/####/google_analytics_v4.db-journal
- /data/data/####/google_app_measurement_local.db
- /data/data/####/google_app_measurement_local.db-journal
- /data/data/####/ic_clear.png
- /data/data/####/ic_download.png
- /data/data/####/ic_volum_enable.png
- /data/data/####/ic_volumn_disable.png
- /data/data/####/initialization_marker
- /data/data/####/io.fabric.sdk.android;fabric;io.fabric.sdk.andr...ng.xml
- /data/data/####/ir.ehsanstore.music-1.apk.classes-758047677.zip
- /data/data/####/journal.tmp
- /data/data/####/logo.png
- /data/data/####/logo2.png
- /data/data/####/multidex.version.xml
- /data/data/####/music-db-journal
- /data/data/####/sa_069b1cd2-0361-4aa6-a95a-db1c129c9896_1526454249052.tap
- /data/data/####/sa_897db45b-a0a9-42c7-8dbb-02f8afd52a57_1526454246199.tap
- /data/data/####/session_analytics.tap
- /data/data/####/session_analytics.tap.tmp
- /data/data/####/start_load.html
- /data/data/####/temp_store_pref.xml
- /data/data/####/unsent_requests
- /data/media/####/aparatchi-v2.1.0-cinema72-origin-base-release.apk
Miscellaneous:
Contains functionality to send SMS messages automatically.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.
