Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.BankBot.9221

Added to the Dr.Web virus database: 2021-05-13

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.819.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(TLS/1.0) sqs.ap-nort####.amazo####.com:443
DNS requests:
  • sqs.ap-nort####.amazo####.com
File system changes:
Creates the following files:
  • /data/data/####/.br_com_analyserpro.meta
  • /data/data/####/150035
  • /data/data/####/19
  • /data/data/####/2021-05-13AM075828.str
  • /data/data/####/2021-05-13AM075830.rt
  • /data/data/####/2021-05-13AM075834.str
  • /data/data/####/2021-05-13AM075835.str
  • /data/data/####/2021-05-13AM075837.rt
  • /data/data/####/2021-05-13AM075842.str
  • /data/data/####/2021-05-13AM075844.str
  • /data/data/####/2021-05-13AM075846.rt
  • /data/data/####/2021-05-13AM075851.str
  • /data/data/####/2021-05-13AM075853.str
  • /data/data/####/2021-05-13AM075854.rt
  • /data/data/####/2021-05-13AM075900.str
  • /data/data/####/2021-05-13AM075902.str
  • /data/data/####/2021-05-13AM075903.rt
  • /data/data/####/2021-05-13AM075908.str
  • /data/data/####/2021-05-13AM075910.str
  • /data/data/####/2021-05-13AM075911.rt
  • /data/data/####/2021-05-13AM075916.str
  • /data/data/####/2021-05-13AM075918.str
  • /data/data/####/2021-05-13AM075920.rt
  • /data/data/####/2021-05-13AM075925.str
  • /data/data/####/2021-05-13AM075927.str
  • /data/data/####/2021-05-13AM075929.rt
  • /data/data/####/20210513T075829.dmp.asi
  • /data/data/####/20210513T075834.dmp.asi
  • /data/data/####/20210513T075836.dmp.asi
  • /data/data/####/20210513T075843.dmp.asi
  • /data/data/####/20210513T075845.dmp.asi
  • /data/data/####/20210513T075851.dmp.asi
  • /data/data/####/20210513T075853.dmp.asi
  • /data/data/####/20210513T075900.dmp.asi
  • /data/data/####/20210513T075902.dmp.asi
  • /data/data/####/20210513T075908.dmp.asi
  • /data/data/####/20210513T075910.dmp.asi
  • /data/data/####/20210513T075917.dmp.asi
  • /data/data/####/20210513T075919.dmp.asi
  • /data/data/####/20210513T075926.dmp.asi
  • /data/data/####/20210513T075928.dmp.asi
  • /data/data/####/2MEWGTOY9F53PLJFM8ELVXFQJE6MVAG.dex
  • /data/data/####/2MEWGTOY9F53PLJFM8ELVXFQJE6MVAG.dex.flock (deleted)
  • /data/data/####/2MEWGTOY9F53PLJFM8ELVXFQJE6MVAG.zip
  • /data/data/####/3BJ15YTFIKA4IY8GFDB2WYGJG77BO3L.dex
  • /data/data/####/3BJ15YTFIKA4IY8GFDB2WYGJG77BO3L.dex.flock (deleted)
  • /data/data/####/3BJ15YTFIKA4IY8GFDB2WYGJG77BO3L.zip
  • /data/data/####/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex
  • /data/data/####/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex.flock (deleted)
  • /data/data/####/6MUWW5OMXFXNL5JFYCMHVPZ2VAMY7U0.dex
  • /data/data/####/6MUWW5OMXFXNL5JFYCMHVPZ2VAMY7U0.dex.flock (deleted)
  • /data/data/####/6MUWW5OMXFXNL5JFYCMHVPZ2VAMY7U0.zip
  • /data/data/####/7N35XETZ2SI02UWG31B20YKF8JF3SBH.dex
  • /data/data/####/7N35XETZ2SI02UWG31B20YKF8JF3SBH.dex.flock (deleted)
  • /data/data/####/7N35XETZ2SI02UWG31B20YKF8JF3SBH.zip
  • /data/data/####/AKNE43G86EPPA4CPNAR0BJFKZKA9VDC.dex
  • /data/data/####/AKNE43G86EPPA4CPNAR0BJFKZKA9VDC.dex.flock (deleted)
  • /data/data/####/AKNE43G86EPPA4CPNAR0BJFKZKA9VDC.zip
  • /data/data/####/ECRIWJGSQMH1U005BYRKF3J0BWI1ZL8.dex
  • /data/data/####/ECRIWJGSQMH1U005BYRKF3J0BWI1ZL8.dex.flock (deleted)
  • /data/data/####/ECRIWJGSQMH1U005BYRKF3J0BWI1ZL8.zip
  • /data/data/####/I0JU0RGKIIT9M8C5VIRSR3JO7SMXJXG.dex
  • /data/data/####/I0JU0RGKIIT9M8C5VIRSR3JO7SMXJXG.dex.flock (deleted)
  • /data/data/####/I0JU0RGKIIT9M8C5VIRSR3JO7SMXJXG.zip
  • /data/data/####/IAQS4PO2D7PR19VFUO6HR5VM3YE63M4.dex
  • /data/data/####/IAQS4PO2D7PR19VFUO6HR5VM3YE63M4.dex.flock (deleted)
  • /data/data/####/IAQS4PO2D7PR19VFUO6HR5VM3YE63M4.zip
  • /data/data/####/MYIK8XOU53LZTX7FESM9J5FUZEI2NYC.dex
  • /data/data/####/MYIK8XOU53LZTX7FESM9J5FUZEI2NYC.dex.flock (deleted)
  • /data/data/####/MYIK8XOU53LZTX7FESM9J5FUZEI2NYC.zip
  • /data/data/####/NZBDT6T7AGMSAMKGJXBUOY0RC3B78F9.dex
  • /data/data/####/NZBDT6T7AGMSAMKGJXBUOY0RC3B78F9.dex.flock (deleted)
  • /data/data/####/NZBDT6T7AGMSAMKGJXBUOY0RC3B78F9.zip
  • /data/data/####/OG4MUZEKV9N57BHX4M0FDRL4PC4CDGQ.dex
  • /data/data/####/OG4MUZEKV9N57BHX4M0FDRL4PC4CDGQ.dex.flock (deleted)
  • /data/data/####/OG4MUZEKV9N57BHX4M0FDRL4PC4CDGQ.zip
  • /data/data/####/T76X72BNTXK053BOMP27YAEVIRL0A83.dex
  • /data/data/####/T76X72BNTXK053BOMP27YAEVIRL0A83.dex.flock (deleted)
  • /data/data/####/T76X72BNTXK053BOMP27YAEVIRL0A83.zip
  • /data/data/####/TJALJ6BJPL0C9ZZOEPABMIEZY7DGMWF.dex
  • /data/data/####/TJALJ6BJPL0C9ZZOEPABMIEZY7DGMWF.dex.flock (deleted)
  • /data/data/####/TJALJ6BJPL0C9ZZOEPABMIEZY7DGMWF.zip
  • /data/data/####/VP8ZTKLD33MQJH16CZGDSC05SP7A0QH.dex
  • /data/data/####/VP8ZTKLD33MQJH16CZGDSC05SP7A0QH.dex.flock (deleted)
  • /data/data/####/VP8ZTKLD33MQJH16CZGDSC05SP7A0QH.zip
  • /data/data/####/ZD0BXSL5VZIERPD6W3G5KCKDOLB642P.dex
  • /data/data/####/ZD0BXSL5VZIERPD6W3G5KCKDOLB642P.dex.flock (deleted)
  • /data/data/####/ZD0BXSL5VZIERPD6W3G5KCKDOLB642P.zip
  • /data/data/####/empty_classes.dex
  • /data/data/####/lastReportSendTimeFile
  • /data/data/####/proc_auxv
  • /data/data/####/sealed1.obk
  • /data/data/####/sealeh.bdc
  • /data/data/####/stat1
  • /data/data/####/working
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/2MEWGTOY9F53PLJFM8ELVXFQJE6MVAG.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/2MEWGTOY9F53PLJFM8ELVXFQJE6MVAG.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/3BJ15YTFIKA4IY8GFDB2WYGJG77BO3L.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/3BJ15YTFIKA4IY8GFDB2WYGJG77BO3L.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/6MUWW5OMXFXNL5JFYCMHVPZ2VAMY7U0.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/6MUWW5OMXFXNL5JFYCMHVPZ2VAMY7U0.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/7N35XETZ2SI02UWG31B20YKF8JF3SBH.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/7N35XETZ2SI02UWG31B20YKF8JF3SBH.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/AKNE43G86EPPA4CPNAR0BJFKZKA9VDC.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/AKNE43G86EPPA4CPNAR0BJFKZKA9VDC.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/ECRIWJGSQMH1U005BYRKF3J0BWI1ZL8.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/ECRIWJGSQMH1U005BYRKF3J0BWI1ZL8.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/I0JU0RGKIIT9M8C5VIRSR3JO7SMXJXG.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/I0JU0RGKIIT9M8C5VIRSR3JO7SMXJXG.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/IAQS4PO2D7PR19VFUO6HR5VM3YE63M4.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/IAQS4PO2D7PR19VFUO6HR5VM3YE63M4.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/MYIK8XOU53LZTX7FESM9J5FUZEI2NYC.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/MYIK8XOU53LZTX7FESM9J5FUZEI2NYC.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/NZBDT6T7AGMSAMKGJXBUOY0RC3B78F9.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/NZBDT6T7AGMSAMKGJXBUOY0RC3B78F9.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/OG4MUZEKV9N57BHX4M0FDRL4PC4CDGQ.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/OG4MUZEKV9N57BHX4M0FDRL4PC4CDGQ.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/T76X72BNTXK053BOMP27YAEVIRL0A83.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/T76X72BNTXK053BOMP27YAEVIRL0A83.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/TJALJ6BJPL0C9ZZOEPABMIEZY7DGMWF.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/TJALJ6BJPL0C9ZZOEPABMIEZY7DGMWF.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/VP8ZTKLD33MQJH16CZGDSC05SP7A0QH.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/VP8ZTKLD33MQJH16CZGDSC05SP7A0QH.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/ZD0BXSL5VZIERPD6W3G5KCKDOLB642P.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/ZD0BXSL5VZIERPD6W3G5KCKDOLB642P.dex --compiler-filter=speed
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex
  • chmod 777 /data/user/0/<Package>/oat/6MUWW5OMXFXNL5JFYCMHVPZ2VAMY7U0.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/7N35XETZ2SI02UWG31B20YKF8JF3SBH.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/ECRIWJGSQMH1U005BYRKF3J0BWI1ZL8.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/I0JU0RGKIIT9M8C5VIRSR3JO7SMXJXG.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/NZBDT6T7AGMSAMKGJXBUOY0RC3B78F9.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/OG4MUZEKV9N57BHX4M0FDRL4PC4CDGQ.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/VP8ZTKLD33MQJH16CZGDSC05SP7A0QH.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/ZD0BXSL5VZIERPD6W3G5KCKDOLB642P.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/arm/6MUWW5OMXFXNL5JFYCMHVPZ2VAMY7U0.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/6MUWW5OMXFXNL5JFYCMHVPZ2VAMY7U0.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/7N35XETZ2SI02UWG31B20YKF8JF3SBH.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/7N35XETZ2SI02UWG31B20YKF8JF3SBH.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/ECRIWJGSQMH1U005BYRKF3J0BWI1ZL8.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/ECRIWJGSQMH1U005BYRKF3J0BWI1ZL8.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/I0JU0RGKIIT9M8C5VIRSR3JO7SMXJXG.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/I0JU0RGKIIT9M8C5VIRSR3JO7SMXJXG.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/NZBDT6T7AGMSAMKGJXBUOY0RC3B78F9.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/NZBDT6T7AGMSAMKGJXBUOY0RC3B78F9.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/OG4MUZEKV9N57BHX4M0FDRL4PC4CDGQ.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/OG4MUZEKV9N57BHX4M0FDRL4PC4CDGQ.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/VP8ZTKLD33MQJH16CZGDSC05SP7A0QH.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/VP8ZTKLD33MQJH16CZGDSC05SP7A0QH.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/ZD0BXSL5VZIERPD6W3G5KCKDOLB642P.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/ZD0BXSL5VZIERPD6W3G5KCKDOLB642P.vdex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/2MEWGTOY9F53PLJFM8ELVXFQJE6MVAG.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/3BJ15YTFIKA4IY8GFDB2WYGJG77BO3L.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/6MUWW5OMXFXNL5JFYCMHVPZ2VAMY7U0.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/7N35XETZ2SI02UWG31B20YKF8JF3SBH.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/AKNE43G86EPPA4CPNAR0BJFKZKA9VDC.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/ECRIWJGSQMH1U005BYRKF3J0BWI1ZL8.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/I0JU0RGKIIT9M8C5VIRSR3JO7SMXJXG.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/IAQS4PO2D7PR19VFUO6HR5VM3YE63M4.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/MYIK8XOU53LZTX7FESM9J5FUZEI2NYC.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/NZBDT6T7AGMSAMKGJXBUOY0RC3B78F9.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/OG4MUZEKV9N57BHX4M0FDRL4PC4CDGQ.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/T76X72BNTXK053BOMP27YAEVIRL0A83.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/TJALJ6BJPL0C9ZZOEPABMIEZY7DGMWF.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/VP8ZTKLD33MQJH16CZGDSC05SP7A0QH.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/ZD0BXSL5VZIERPD6W3G5KCKDOLB642P.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex --oat-file=/data/user/0/<Package>/cache/<Package>/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex --compiler-filter=verify-none --instruction-set=x86
  • getprop ro.dalvik.vm.isa.arm
  • rm /data/user/0/<Package>/app_payload_lib/<Package>/*.dbk
  • rm /data/user/0/<Package>/app_payload_lib/<Package>/*.dex
  • rm /data/user/0/<Package>/app_payload_lib/<Package>/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex --oat-file=/data/user/0/<Package>/cache/<Package>/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c rm /data/user/0/<Package>/app_payload_lib/<Package>/*.dbk
  • sh -c rm /data/user/0/<Package>/app_payload_lib/<Package>/*.dex
  • touch -t 20160801.002000 /data/user/0/<Package>/app_payload_lib/<Package>/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex
  • touch -t 20210513.075829 /data/user/0/<Package>/cache/<Package>/68213IUTU4NSW3WTLOVI4O4MYJXUT4KG.dex
Gets information about network.
Gets information about installed apps.
Contains Play Store Frosting.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android