SHA1 hash:
- 68572b9f2f588396d89ea85dc69bc5242de98a1c
Description
A trojan spy. The module loaded and executed by Android.Phantom.1.origin. It sends the hxxps[:]//iboot[.]site server device information, including the phone number, geolocation, and the list of apps. Below is the list of parameters collected by this SDK; whether the information in a parameter will be received depends on the permissions granted to the application containing the embedded trojan.
The list of parameters sent:
| Parameter | Description |
|---|---|
| sdk_version_name | SDK version |
| time | time of creation |
| appsflyerdebuginfo | Appsflyer data |
| ids | device identifier |
| build | Android build data |
| input | input information |
| library | library data |
| media | media opportunities |
| storage | storage information |
| memThreshold | threshold of available memory |
| usb | USB and ADB data |
| sensor | sensors |
| hardware | hardware data |
| batteryInfo | battery status |
| net | network |
| location | location |
| packageInfo | installer information |
| deviceInfo | detailed device data |
| procVersion | kernel version |
| fileStat | file system statistics |
| fonts | user fonts |
| systemFonts | system fonts |
| ringTitle | current ringtone |
| InputLanguageList | input languages |
| inputMethods | active input methods |
| installedApps | installed applications |
| gpuInfo | GPU information |
| inputDevices | input devices |
| uname | uname data |
| service_list | server list |
| advertisingInfo | advertising information |
| upTime | device uptime |
| getTotalSpace_INTERNAL | size of internal storage |
| getTotalSpace_EXTERNAL | size of external storage |
| screenOffTimeout | screen timeout |
| isEmulator | emulator's flag |
| EmuChecker | causes of emulator detection |
| deviceInfo.cpuFreq | CPU frequency per each core |
| deviceInfo.df | drive information |
| deviceInfo.memInfoList | memory data |
| deviceInfo.uptime | system uptime |
| deviceInfo.version | kernel version |
| deviceInfo.wlan0_address | Wi-Fi MAC address |
| deviceInfo.cpuFreq.cpuX.cpuinfo_max_freq | maximum CPU frequency |
| deviceInfo.cpuFreq.cpuX.cpuinfo_min_freq | minimum CPU frequency |
| deviceInfo.cpuFreq.cpuX.time_in_state | CPU frequency statistics |
| deviceInfo.memInfoList.memInfoX.meminfo0 | meminfo data |
| deviceInfo.memInfoList.memInfoX.meminfo1 | meminfo data |
| deviceInfo.memInfoList.memInfoX.meminfo2 | meminfo data |
| ids.imei | IMEI |
| ids.imeis | IMEI list |
| ids.deviceIds | device identifier |
| ids.meids | MEID |
| ids.imsi | IMSI |
| ids.serialNo | device serial number |
| ids.androidId | Android ID |
| ids.iccid | SIM serial number |
| ids.phoneNo | phone number |
| ids.userAgent | User-Agent |
| ids.googleADID | Google Advertising ID |
| ids.drmId | DRM identifier |
| ids.description | build description |
| ids.bootloader | installer version |
| ids.bootimage_utc | date of the "boot image" build |
| ids.getprop | getprop system properties |
| net.networkCountryIso | network country code |
| net.networkOperator | network operator code |
| net.networkSpecifier | network specifier |
| net.networkType | network type |
| net.networkSubType | network subtype |
| net.networkTypeName | network type name |
| net.networkSubTypeName | network subtype name |
| net.apn | APN |
| net.ip4 | IPv4 address |
| net.ip6 | IPv6 address |
| net.mac1 | MAC address |
| net.mac2 | MAC address |
| net.linkedWifi | current Wi-Fi network |
| net.wifiList | list of Wi-Fi networks |
| net.isWifi | Wi-Fi connection flag |
| net.wifiProxy | Wi-Fi proxy |
| net.baseStationId | base station ID |
| net.baseStationId1 | base station ID |
| net.bluetoothAddress | Bluetooth address |
| net.bluetoothMAC | Bluetooth MAC |
| net.allCellInfo | cell information |
| net.IP_address | the ip address command output |
| net.ip_neighbor | the ip neighbor command output |
| net.ip_route_list_match_0 | the ip route list output |
| net.ip_route | routing list |
| net.ip_addr_show | the ip addr show output |
