Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.MobiDash.20.origin
Removes app icon from the screen.
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) imb####.com:80
- TCP(TLS/1.0) mobilep####.pass####.ya####.net:443
- TCP(TLS/1.0) re####.appmet####.ya####.net:443
- TCP(TLS/1.0) sta####.mo####.ya####.net:443
DNS requests:
- certifi####.mo####.ya####.net
- imb####.com
- re####.appmet####.ya####.net
- sta####.mo####.ya####.net
HTTP POST requests:
- imb####.com/
File system changes:
Creates the following files:
- /data/data/####/MultiDex.lock
- /data/data/####/com.ict.freshbag_boundentrypreferences.xml
- /data/data/####/com.ict.freshbag_migrationpreferences.xml
- /data/data/####/com.ict.freshbag_preferences.xml
- /data/data/####/com.ict.freshbag_servertimeoffset.xml
- /data/data/####/com.ict.freshbag_startupserviceinfopreferences.xml
- /data/data/####/com.yandex.metrica.configuration.xml
- /data/data/####/credentials.dat
- /data/data/####/db_metrica_com.ict.freshbag_13-journal
- /data/data/####/db_metrica_com.ict.freshbag_20799a27-fa80-4b36-...ournal
- /data/data/####/db_metrica_com.ict.freshbag_a14fa974-5a86-4332-...ournal
- /data/data/####/freshbag.dat.jar
- /data/data/####/metrica_client_data.db
- /data/data/####/metrica_client_data.db-journal
- /data/data/####/metrica_client_data.db.lock
- /data/data/####/metrica_data.db-journal
- /data/data/####/multidex.version.xml
- /data/data/####/ustvXMWVz
Miscellaneous:
Loads the following dynamic libraries:
- ustvXMWVz
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS7Padding
- RSA-ECB-PKCS1Padding
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about active device administrators.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.
