Technical information
Malicious functions:
Sends SMS messages:
- 106575206321505460: dyl#####,####,6000091-1-214748-TAM1101-0
- 12114: dyl#####,####,6000091-1-214748-TAM1101-0
Executes code of the following detected threats:
- Android.Triada.258.origin
- Android.SmsSend.1848.origin
Sends data on received text messages to remote host.
Network activity:
Connecting to:
- huangda####.com
- io####.####.com
- 1####.####.222:1234
- 1####.####.140:2536
- a####.####.site
- 1####.####.26
- 1####.####.18:7071
- p####.####.com
- 1####.####.26:7071
- ne####.####.com
- a####.####.site:8090
- p####.####.com:9000
- sdkup####.####.com:20000
- h5my####.####.com
HTTP GET requests:
- sdkup####.####.com:20000/version/30/astep_A_J_3.0.0_30.apk
- h5my####.####.com/app_imges/youbo6.png
- h5my####.####.com/app_imges/wuma9.png
- ne####.####.com/wp-content/uploads/2016/08/56d6fa39ceeeb-300x225.jpg
- h5my####.####.com/app_imges/wuma40.png
- 1####.####.140:2536/pluginServ/plugin/query?model=####&osversion=####&ga...
- h5my####.####.com/app_imges/wuma10.png
- h5my####.####.com/app_imges/ss6.png
- a####.####.site/afee?cpid=####&appfee_id=####&fee=####&smsc=####&imsi=##...
- a####.####.site/getdata?cpid=####&packagename=####
- h5my####.####.com/app_imges/ss4.png
- huangda####.com/active!activeLog.action?provider=####&clickId=####&manu=...
- a####.####.site:8090/phoneget?cpid=####&ismi=####&calltime=####&callcoun...
- ne####.####.com/wp-content/uploads/2016/08/577d23ff4bf57-300x168.jpg
- h5my####.####.com/app_imges/wuma11.png
- h5my####.####.com/app_imges/wuma12.png
- p####.####.com/apiTvShow/itf/getallurlbyname?name=####
- h5my####.####.com/app_imges/s1%20%2823%29.jpg
- ne####.####.com/wp-content/uploads/2016/08/56eac7d93ba82-300x263.jpg
- h5my####.####.com/app_imges/ss5.png
- p####.####.com:9000/versionpatch?updVersion=####&crc32=####&version=####...
- p####.####.com/apiTvShow/;jsessionid=B2F6125AACFD6A02A4AE84B31E879FD5
- io####.####.com/H5DY1.jpg
- h5my####.####.com/app_imges/s1%20%2826%29.jpg
- h5my####.####.com/app_imges/s1%20%2829%29.jpg
- huangda####.com/resource!resource?resTypes=####&appid=####&channel=####&...
- p####.####.com/apiTvShow/citicpay/getwx
- h5my####.####.com/app_imges/ss3.png
HTTP POST requests:
- huangda####.com/shop/shop_upload_log
- 1####.####.26/GcVedio/me
- 1####.####.26:7071/GcVedio/me
- 1####.####.222:1234/GoAPI
- 1####.####.18:7071/GcVedio/me
Modified file system:
Creates the following files:
- /data/data/####/cache/picasso-cache/65cb38697dad6c78d327a08562b33a2f.1.tmp
- /data/data/####/shared_prefs/ma_epay_share.xml.bak
- /data/data/####/cache/picasso-cache/5999bdb7e411e4382821cfd6c09b9183.1.tmp
- /data/data/####/shared_prefs/b_share.xml
- /data/data/####/shared_prefs/DATE.xml
- /data/data/####/cache/picasso-cache/d0e30a61fd3b24d0f39d1e1a2c206cc3.0.tmp
- /data/data/####/files/plugin.dex
- /data/data/####/cache/picasso-cache/8cb33004e1936e9e17f44ad80f9d5841.0.tmp
- /data/data/####/files/plugin.apk
- /data/data/####/shared_prefs/ma_epay_share.xml
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/cache/picasso-cache/92d60d0b2a9e07063e31fa0e72189170.0.tmp
- /data/data/####/databases/bil_db-journal
- /data/data/####/shared_prefs/ma_data.xml.bak
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/picasso-cache/e3e47ef596e82f1247deaf9cfa7a58ce.0.tmp
- /data/data/####/cache/picasso-cache/6abdbb4c4e29c8d5ac1cc0dd16906ba1.1.tmp
- /data/data/####/cache/picasso-cache/journal.tmp
- /data/data/####/cache/picasso-cache/5999bdb7e411e4382821cfd6c09b9183.0.tmp
- /data/data/####/databases/MA_epay_db-journal
- /data/data/####/shared_prefs/edition.xml
- /data/data/####/cache/picasso-cache/44bfe7bbb3bf9487b96f38eab8225c94.1.tmp
- /data/data/####/files/libyunsvc
- /data/data/####/databases/collection.db-journal
- /data/data/####/cache/picasso-cache/30f2b5ad0e7cab09c1e521b6dff46554.0.tmp
- /data/data/####/cache/picasso-cache/8ec4388f53e9b067bf14161c14a217ee.1.tmp
- /data/data/####/cache/picasso-cache/f8e353f61ef7257fcde435d24315e41c.1.tmp
- /data/data/####/shared_prefs/ma_data.xml
- /data/data/####/cache/picasso-cache/817bbef5bd17fe603814571636319bd9.1.tmp
- /data/data/####/cache/picasso-cache/6abdbb4c4e29c8d5ac1cc0dd16906ba1.0.tmp
- /data/data/####/cache/picasso-cache/7dc84f8c276e0d837cb6fcd71ab198bf.1
- /data/data/####/databases/mp.db
- /data/data/####/cache/picasso-cache/bda68c30d7be2ae16b9a9ff5ee84cf0c.1
- /data/data/####/cache/picasso-cache/bda68c30d7be2ae16b9a9ff5ee84cf0c.0
- /data/data/####/cache/picasso-cache/359d485f95a167c9d67c5e50341b6c66.0
- /data/data/####/cache/picasso-cache/359d485f95a167c9d67c5e50341b6c66.1
- /data/data/####/databases/PluginDB-journal
- /data/data/####/cache/picasso-cache/817bbef5bd17fe603814571636319bd9.0.tmp
- /data/data/####/cache/picasso-cache/f46f0287e6ea088b14487e69149bd92e.0.tmp
- /data/data/####/cache/picasso-cache/2e62ff016ee6179f88649d9db9bffebd.0.tmp
- /data/data/####/cache/picasso-cache/c4b98972b7417d2b946a2793656963e7.1.tmp
- /data/data/####/databases/mp.db-journal
- /data/data/####/shared_prefs/b_setting.xml
- /data/data/####/cache/picasso-cache/e8664388a52429badf15e920dfc189d2.1.tmp
- /sdcard/.twservice/qshp_3001_2236/tw
- /data/data/####/cache/picasso-cache/3c996ac4555895cf77f774461e95dd99.1.tmp
- /data/data/####/shared_prefs/pretw.xml
- /data/data/####/baea/tmb.jar
- /data/data/####/cache/picasso-cache/8ec4388f53e9b067bf14161c14a217ee.0.tmp
- /data/data/####/cache/picasso-cache/65cb38697dad6c78d327a08562b33a2f.0.tmp
- /data/data/####/shared_prefs/new_vvsion.xml
- /data/data/####/shared_prefs/nnt_data.xml
- /data/data/####/databases/cc/cc.db-journal
- /data/data/####/cache/volley/-1514941798-56191230
- /data/data/####/cache/picasso-cache/02fb6b5fa0a1879f097acd22568d344a.0.tmp
- /data/data/####/cache/picasso-cache/7dc84f8c276e0d837cb6fcd71ab198bf.0.tmp
- /data/data/####/cache/volley/-2045652051147773402
- /data/data/####/cache/picasso-cache/f46f0287e6ea088b14487e69149bd92e.1.tmp
- /data/data/####/shared_prefs/twj.xml
- /data/data/####/files/cp_block_201.dat
- /data/data/####/databases/MA_epay_db
- /data/data/####/cache/picasso-cache/44bfe7bbb3bf9487b96f38eab8225c94.0.tmp
- /data/data/####/databases/bil_db
- /data/data/####/cache/picasso-cache/02fb6b5fa0a1879f097acd22568d344a.1.tmp
- /sdcard/qin_yuanlang/plugin.apk_30
- /data/data/####/files/second_block_201.dat
- /data/data/####/shared_prefs/ma_call.xml.bak
- /data/data/####/cache/picasso-cache/2e62ff016ee6179f88649d9db9bffebd.1.tmp
- /data/data/####/cache/picasso-cache/e3e47ef596e82f1247deaf9cfa7a58ce.1.tmp
- /sdcard/.twservice/qshp_3001_2236.zip
- /data/data/####/cache/picasso-cache/92d60d0b2a9e07063e31fa0e72189170.1.tmp
- /data/data/####/shared_prefs/ma_call.xml
- /data/data/####/shared_prefs/device_id.xml.xml
- /data/data/####/databases/cc/cc.db
- /data/data/####/cache/picasso-cache/d0e30a61fd3b24d0f39d1e1a2c206cc3.1.tmp
- /data/data/####/shared_prefs/shareyuanlangfirst.xml
- /data/data/####/shared_prefs/DownloadData.xml
- /data/data/####/shared_prefs/ma_phone.xml.bak
- /data/data/####/shared_prefs/ma_phone.xml
- /data/data/####/shared_prefs/yunchao_sp.xml
- /data/data/####/cache/picasso-cache/3c996ac4555895cf77f774461e95dd99.0.tmp
- /data/data/####/cache/picasso-cache/8cb33004e1936e9e17f44ad80f9d5841.1.tmp
- /data/data/####/shared_prefs/LANG_SDK_PREF.xml
- /data/data/####/shared_prefs/deviceInfo.xml
- /sdcard/gooogle/userid.cfg
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /data/data/####/cache/picasso-cache/30f2b5ad0e7cab09c1e521b6dff46554.1.tmp
- /data/data/####/baea/entrance.jar
- /data/data/####/shared_prefs/twj.xml.bak
- /data/data/####/cache/picasso-cache/f8e353f61ef7257fcde435d24315e41c.0.tmp
- /data/data/####/cache/picasso-cache/c4b98972b7417d2b946a2793656963e7.0.tmp
Sets the 'executable' attribute to the following files:
- /sdcard/gooogle/userid.cfg
Miscellaneous:
Executes next shell scripts:
- cat /sys/block/mmcblk0/device/cid
- sh
Contains functionality to send SMS messages automatically.
