Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.DownLoader.307.origin
Network activity:
Connecting to:
- ga####.####.com
- 1####.####.28:8080
- 1####.####.28
- a####.####.com
HTTP GET requests:
- 1####.####.28/user/login
HTTP POST requests:
- a####.####.com/app_logs
- 1####.####.28:8080/makejoyjson/JsonRead
- ga####.####.com/?st=####&sv=####&tm=####&sv=####&sc=####&sid=####&apn=##...
Modified file system:
Creates the following files:
- /data/data/####/files/uu_data/o_S6HoFxxEqDcmoce0N1vQ==/proxy.apk
- /data/data/####/.lib/libexec.so
- /data/data/####/files/bundle/apkplug/mybundle/bundle1/bundle.startlevel
- /data/data/####/app_xxx/busybox
- /data/data/####/shared_prefs/pref_longtime.xml
- /data/data/####/shared_prefs/lotuseed_global_nr.xml.bak
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/cache/ACache/960312673
- /data/data/####/databases/hh_db_pay-journal
- /data/data/####/files/uu_data/TfwdHX6qHv0AkshSW_kmmg==/app_data/files/u6VSjxz-w3U=/libs/libuu_cb3a5e48-8f9e-4621-9464-fe82e3155371.so
- /data/data/####/files/uu_data/TfwdHX6qHv0AkshSW_kmmg==/app_code/com.yt.uu.dex
- /sdcard/.system/lotuseed.devid
- /data/data/####/shared_prefs/pref_shorttime.xml
- /data/data/####/.lib/libexecmain.so
- /sdcard/opaDC.txt
- /data/data/####/shared_prefs/shared_file.xml
- /data/data/####/files/uu_data/TfwdHX6qHv0AkshSW_kmmg==/app_code/app_info.txt
- /data/data/####/files/xhhLib
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /data/data/####/files/lotuseed_nr.apps
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/shared_prefs/pref_longtime.xml.bak
- /sdcard/OPBKEY_dcfa1514bb9cdb4205bbb1fb03b5f41ded12
- /data/data/####/files/uu_data/8SGi2j11Xi44bWqDzCUmxw==
- /data/data/####/files/.imprint
- /data/data/####/files/lotuseed_nr.s
- /data/data/####/files/uu_data/TfwdHX6qHv0AkshSW_kmmg==/app_code/lib/libuu_xx.so
- /data/data/####/files/bundle/apkplug/mybundle/bundle1/bundle.location
- /data/data/####/files/bundle/apkplug/mybundle/bundle1/bundle.state
- /sdcard/.tcookieid
- /data/data/####/cache/ACache/-631358068
- /data/data/####/files/mobclick_agent_cached_####3
- /data/data/####/files/uu_data/o_S6HoFxxEqDcmoce0N1vQ==/fMwBszcpKUCQ_gjZ
- /sdcard/.weixinh/plug/game.a
- /data/data/####/files/uu_data/IUzhXZvxBeEWBpe7_sDyGw==
- /data/data/####/files/uu_data/o_S6HoFxxEqDcmoce0N1vQ==/IvGAmCpxv64bLBwKxzNOZg==
- /data/data/####/files/bundle2.5.2.01.jar
- /data/data/####/files/lotuseed_nr.task
- /data/data/####/app_/firsttime
- /data/data/####/files/uu_data/V3Ro3erFjOIwZKru947bPA==/data.dat.tmp
- /data/data/####/shared_prefs/cfg.xml
- /data/data/####/app_xxx/cd
- /data/data/####/files/umeng_it.cache
- /data/data/####/files/TDtcagent.db
- /data/data/####/databases/mydata-journal
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /data/data/####/shared_prefs/tdid.xml
- /data/data/####/files/TDtcagent.db-journal
- /data/data/####/files/bundle/apkplug/mybundle/bundle1/version0.0/bundle.apk
- /data/data/####/files/apkplug.properties
- /sdcard/.weixinh/.cfg
- /data/data/####/app_xxx/configopb
- /data/data/####/files/uu_data/TfwdHX6qHv0AkshSW_kmmg==/app_code/com.yt.uu.apk
- /data/data/####/shared_prefs/lotuseed_global_nr.xml
Miscellaneous:
Executes next shell scripts:
- ps
- ls -l /system/sbin/su
- df
- /system/bin/dexopt --dex 27 44 40 547528 /data/data/####/files/bundle/apkplug/mybundle/bundle1/version0.0/bundle.apk 1179483462 1130305369 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system
- ls -l /vendor/bin/su
- /system/bin/dexopt --dex 27 73 40 430108 /data/data/####/files/uu_data/TfwdHX6qHv0AkshSW_kmmg==/app_code/com.yt.uu.apk 1181373075 1586325198 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /syst
- /system/bin/sh
- /system/bin/dexopt --dex 27 44 40 233108 /data/data/####/files/bundle2.5.2.01.jar 1176863193 -1301308105 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framewo
- ls -l /sbin/su
- /system/bin/dexopt --dex 27 40 40 4312 /data/app/####-1.apk 1182692520 84164358 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework.jar /system/
- ls -l /system/xbin/su
- /system/bin/dexopt --dex 27 96 40 1968 /data/data/####/files/uu_data/o_S6HoFxxEqDcmoce0N1vQ==/proxy.apk 1182038601 610766448 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext
- ls -l /system/bin/su
Uses special library to hide executable bytecode.
Contains functionality to send SMS messages automatically.
