Technical information
Malicious functions:
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
- UDP(DNS) <Google DNS>
- TCP(TLS/1.0) mobilep####.pass####.ya####.net:443
- TCP(TLS/1.0) re####.appmet####.ya####.net:443
- TCP(TLS/1.0) sta####.mo####.ya####.net:443
DNS requests:
- api-pr####.com
- asd.redir####.ru
- certifi####.mo####.ya####.net
- re####.appmet####.ya####.net
- sta####.mo####.ya####.net
Modified file system:
Creates the following files:
- /data/data/####/com.severodvinsk_boundentrypreferences.xml
- /data/data/####/com.severodvinsk_boundentrypreferences.xml.bak
- /data/data/####/com.severodvinsk_initpreferences.xml
- /data/data/####/com.severodvinsk_migrationpreferences.xml
- /data/data/####/com.severodvinsk_servertimeoffset.xml
- /data/data/####/com.severodvinsk_serviceproviderspreferences.xml
- /data/data/####/com.severodvinsk_startupinfopreferences.xml
- /data/data/####/com.severodvinsk_startupserviceinfopreferences.xml
- /data/data/####/credentials.dat
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/db_metrica_com.severodvinsk-journal
- /data/data/####/index
- /data/data/####/main.xml
- /data/data/####/metrica_data.db-journal
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
Miscellaneous:
Loads the following dynamic libraries:
- YandexMetricaNativeModule
Gains access to geolocation.
Gains access to network information.
Displays its own windows over windows of other applications.
