Android.SmsSend.20552

Technical information

Malicious functions:

Sends SMS messages:

12114516420: <IMSI>

Sends data on received text messages to remote host.

Network activity:

Connecting to:

1####.####.226
1####.####.226:8002
1####.####.238
1####.####.238:8977
7j####.####.com
a####.####.com
and####.####.com
and####.####.com:8077
c-h####.####.com
col####.####.com
huangda####.com
i####.####.cn
i####.####.com:10003
m####.####.com
p####.####.com
re####.####.com:10002
s####.####.com
so####.com
v####.####.com
w####.####.com

HTTP GET requests:

1####.####.238/dex/ldsource.bin
1####.####.238:8977/dex/version.txt
7j####.####.com/tdata_smp819
a####.####.com/fetch.php?gid=####&ch=####&key=####
a####.####.com/location/ip?ak=####&mcode=####
huangda####.com/apk!requestApkLog.action?provider=####&reqType=####&resu...
i####.####.cn/iplookup/iplookup.php?format=####
m####.####.com/course/504703.html?cm=####
p####.####.com/cityjson?ie=####
re####.####.com:10002/v1/sdk/init?net_name=####&imei=####&package_name=#...
s####.####.com/config/hz-hzv3.conf
so####.com/tcmn/tyvideo/get_mmplayer?vncode=####&channel=####&uid=####&p...
v####.####.com/pic/tcmn/mnfw/comment/2015/10/22/1308125314496.jpg
w####.####.com/r/p/index.jsp?vt=####&cm=####

HTTP POST requests:

1####.####.226/api/sl/device/upload
1####.####.226:8002/api/sl/vcoderule/getvalid
and####.####.com/record-plat/record/upload.do
and####.####.com:8077/android/sms/netpay/prefetch.do
c-h####.####.com/api.php?format=####&t=####
col####.####.com/pay-data-collect/collectAppStartUserData.json
i####.####.com:10003/v2/chis
s####.####.com/api.php?format=####&t=####
s####.####.com/pay-sms-access//uploadSmsDetailInfo.json?
v####.####.com/api/payment/mobileInit.html

Modified file system:

Creates the following files:

<Package Folder>/app_Wyzf_plg/5.0.7.jar
<Package Folder>/app_dex/classes.jar
<Package Folder>/app_workbench54874/apk.zip
<Package Folder>/app_workbench60400/apk.zip
<Package Folder>/cache/####/-12970019351982385548
<Package Folder>/cache/####/-1338047288-1230385511
<Package Folder>/cache/####/-1338047288-1421183070
<Package Folder>/cache/####/-1338047288-182583636
<Package Folder>/cache/####/-1338047288-2094887884
<Package Folder>/cache/####/-1338047288-370684317
<Package Folder>/cache/####/-1338047288-641513951
<Package Folder>/cache/####/-1338047288-936831720
<Package Folder>/cache/####/-1338047288-95714359
<Package Folder>/cache/####/-13380472881311129594
<Package Folder>/cache/####/-13380472881384046301
<Package Folder>/cache/####/-13380472881514426278
<Package Folder>/cache/####/-13380472881626691615
<Package Folder>/cache/####/-13380472881680700508
<Package Folder>/cache/####/-13380472882005695551
<Package Folder>/cache/####/-1338047288219583430
<Package Folder>/cache/####/-1338047288247462017
<Package Folder>/cache/####/-1338047288415159376
<Package Folder>/cache/####/-1338047288540598294
<Package Folder>/cache/####/-1338047288544269074
<Package Folder>/cache/####/-13524666311154795319
<Package Folder>/cache/####/-13602259901154795319
<Package Folder>/cache/####/-1765529583-1509910997
<Package Folder>/cache/####/-19748894551045225867
<Package Folder>/cache/####/-2124699567-697144755
<Package Folder>/cache/####/-218555393452157379
<Package Folder>/cache/####/-245209375-2006013062
<Package Folder>/cache/####/-406083722-1913861903
<Package Folder>/cache/####/-406083722-1915535325
<Package Folder>/cache/####/-406083722-673808585
<Package Folder>/cache/####/-40608372285953041
<Package Folder>/cache/####/-502396558-1216320515
<Package Folder>/cache/####/-559772673-1388195295
<Package Folder>/cache/####/-6658842261642890099
<Package Folder>/cache/####/-6746416031800111731
<Package Folder>/cache/####/-826632256452157379
<Package Folder>/cache/####/-918349749-1364809883
<Package Folder>/cache/####/1112325137-137884483
<Package Folder>/cache/####/1112325137-1628256917
<Package Folder>/cache/####/1112325137-1667762592
<Package Folder>/cache/####/1112325137-1878663413
<Package Folder>/cache/####/1112325137-427747099
<Package Folder>/cache/####/1112325137-583378255
<Package Folder>/cache/####/1112325137-658176393
<Package Folder>/cache/####/1112325137-961285557
<Package Folder>/cache/####/1112325137101390396
<Package Folder>/cache/####/11123251371126687508
<Package Folder>/cache/####/11123251371138282312
<Package Folder>/cache/####/11123251371176025204
<Package Folder>/cache/####/11123251371274553984
<Package Folder>/cache/####/111232513713399480
<Package Folder>/cache/####/11123251371644998833
<Package Folder>/cache/####/11123251371782824297
<Package Folder>/cache/####/11123251371806588945
<Package Folder>/cache/####/11123251371905714836
<Package Folder>/cache/####/11123251371909344241
<Package Folder>/cache/####/11123251372060391811
<Package Folder>/cache/####/1112325137509461107
<Package Folder>/cache/####/1112325137625850156
<Package Folder>/cache/####/1112325137827543757
<Package Folder>/cache/####/1112325137873926680
<Package Folder>/cache/####/1112325137951390760
<Package Folder>/cache/####/1282807442-151336940
<Package Folder>/cache/####/12828074421746016962
<Package Folder>/cache/####/1282807442185859017
<Package Folder>/cache/####/128280744219076090
<Package Folder>/cache/####/1282807442473419074
<Package Folder>/cache/####/14702071511275434285
<Package Folder>/cache/####/15557565-1029876615
<Package Folder>/cache/####/1566450513-102240651
<Package Folder>/cache/####/2963066051474777807
<Package Folder>/cache/####/321167103-896070772
<Package Folder>/cache/####/367581386382933576
<Package Folder>/cache/####/4868493962112182180
<Package Folder>/cache/####/576993478-1791807692
<Package Folder>/cache/####/595570210408523933
<Package Folder>/cache/####/595570210458385214
<Package Folder>/cache/####/595570210992581184
<Package Folder>/databases/####/cc.db
<Package Folder>/databases/####/cc.db-journal
<Package Folder>/databases/Data_sync.db-journal
<Package Folder>/databases/my_pagecache.db-journal
<Package Folder>/databases/pushext.db-journal
<Package Folder>/databases/pushsdk.db-journal
<Package Folder>/databases/recordInfo-journal
<Package Folder>/databases/smspay20723719.db
<Package Folder>/databases/smspay20723719.db-journal
<Package Folder>/databases/sy_pay_record-journal
<Package Folder>/databases/tmpd8.db-journal
<Package Folder>/databases/webview.db-journal
<Package Folder>/files/####/plus.jar
<Package Folder>/files/gdaemon_20161017
<Package Folder>/files/init.pid
<Package Folder>/files/init_c1.pid
<Package Folder>/files/libabc
<Package Folder>/files/mobclick_agent_cached_<Package>198
<Package Folder>/files/push.pid
<Package Folder>/files/run.pid
<Package Folder>/files/tdata_Diu264
<Package Folder>/files/tdata_Diu264.jar
<Package Folder>/shared_prefs/<Package>_preferences.xml
<Package Folder>/shared_prefs/ACCOUNT_SYSTEM_ACCOUNT_INFO.xml
<Package Folder>/shared_prefs/BOOT_SMS_INFO.xml
<Package Folder>/shared_prefs/BOOT_SMS_SENT_TIME.xml
<Package Folder>/shared_prefs/DB_MTS.xml
<Package Folder>/shared_prefs/QugouUser.xml
<Package Folder>/shared_prefs/QugouUserTag.xml
<Package Folder>/shared_prefs/VistorNo.xml
<Package Folder>/shared_prefs/first_pref.xml
<Package Folder>/shared_prefs/first_register.xml
<Package Folder>/shared_prefs/getui_sp.xml
<Package Folder>/shared_prefs/jmsdk.dat.xml
<Package Folder>/shared_prefs/jmsdk.dat.xml.bak (deleted)
<Package Folder>/shared_prefs/mgsdkfin1.xml
<Package Folder>/shared_prefs/mgsdkfin1.xml.bak
<Package Folder>/shared_prefs/p_config.xml
<Package Folder>/shared_prefs/plugin_record_app_info.xml
<Package Folder>/shared_prefs/pref_recomm.xml
<Package Folder>/shared_prefs/pref_recomm.xml.bak
<Package Folder>/shared_prefs/pretw.xml
<Package Folder>/shared_prefs/sp_name_config20723719.xml
<Package Folder>/shared_prefs/sy_pay_config.xml
<Package Folder>/shared_prefs/sy_pay_config.xml.bak
<Package Folder>/shared_prefs/tpservices.xml
<Package Folder>/shared_prefs/umeng_general_config.xml
<Package Folder>/shared_prefs/umeng_general_config.xml.bak
<Package Folder>/shared_prefs/version.dat.xml
<Package Folder>/shared_prefs/wyzf_config20723719.xml
<Package Folder>/shared_prefs/wyzf_config20723719.xml.bak
<Package Folder>/shared_prefs/zzconfig.xml
<SD-Card>/.5545F5FE2582481BADADD7569834je3/####/722r4w26ngm4w5pbx1c68whiaoihot7c
<SD-Card>/.5545F5FE2582481BADADD7569834je3/####/9ukjyf5wbpvwi7vx92ax22c82yh2g7u9
<SD-Card>/.5545F5FE2582481BADADD7569834je3/####/boh0r0pcyfe2f756dqng3y6c0132g764
<SD-Card>/.5545F5FE2582481BADADD7569834je3/user.sys
<SD-Card>/.tpservice/####/qsha_80001_5096.jar
<SD-Card>/.twservice/####/tw
<SD-Card>/.twservice/qshp_3003_2274.zip
<SD-Card>/<Package>/####/5e590351238941286393f8dedc38cfce
<SD-Card>/<Package>/####/TYDSETTING
<SD-Card>/<Package>/####/f42a2f3be7be22d7413a108337d7f9e0
<SD-Card>/Android/####/.nomedia
<SD-Card>/libs/<Package>.bin
<SD-Card>/libs/<Package>.db
<SD-Card>/libs/app.db
<SD-Card>/libs/com.getui.sdk.deviceId.db
<SD-Card>/libs/com.igexin.sdk.deviceId.db
<SD-Card>/system/####/tdata_Diu264

Miscellaneous:

Executes next shell scripts:

/data/data/com.sosnsel.cwspxejf/files/gdaemon_20161017 0 com.sosnsel.cwspxejf/nghfw.anbey.service.MhGtphService 25060 300 0
<dexopt>
cat /proc/version
cat /sys/block/mmcblk0/device/cid
chmod 700 /data/data/com.sosnsel.cwspxejf/files/gdaemon_20161017
chmod 700 <Package Folder>/files/gdaemon_20161017
sh <Package Folder>/files/gdaemon_20161017 0 <Package>/nghfw.anbey.service.MhGtphService 25060 300 0

Технологии

Термины

Обучение и просвещение

Мифы

Technical information

Рекомендации по лечению

Демо бесплатно на 14 дней