Technical information
Malicious functions:
Intercepts incoming SMS and terminates the process of their transmission to handlers of other apps.
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) t1.dau####.net.####.net:80
- TCP(HTTP/1.1) rblogge####.reco####.io:80
- TCP(HTTP/1.1) www.mega####.co.kr:80
- TCP(HTTP/1.1) dis.as.cr####.com:80
- TCP(HTTP/1.1) cdn.mega####.co.####.net:80
- TCP(HTTP/1.1) wi####.as.cr####.com:80
- TCP(HTTP/1.1) www.cj####.com:80
- TCP(HTTP/1.1) d####.com:80
- TCP(HTTP/1.1) b####.cj####.com:80
- TCP(HTTP/1.1) itemi####.cj####.net:80
- TCP(HTTP/1.1) dis####.cj####.com:80
- TCP(HTTP/1.1) st####.cr####.net:80
- TCP(HTTP/1.1) cloud-i####.cj####.net:80
- TCP(HTTP/1.1) www.googlet####.com:80
- TCP(HTTP/1.1) wi####.cr####.com:80
- TCP(HTTP/1.1) as####.reco####.io:80
- TCP(HTTP/1.1) livelog####.cj####.com:80
- TCP(HTTP/1.1) t####.cj####.net:80
- TCP(HTTP/1.1) www.googlea####.com:80
- TCP(HTTP/1.1) sas.nsm-####.com:80
- TCP(HTTP/1.1) i####.cj####.net:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(HTTP/1.1) trac####.fee####.com:80
- TCP(HTTP/1.1) bc.ad.d####.net:80
- TCP(TLS/1.0) ter####.tec####.co.kr:443
- TCP(TLS/1.0) gum.cr####.com:443
- TCP(TLS/1.0) s####.g####.com:465
- TCP(TLS/1.0) googl####.g.doublec####.net:443
- TCP(TLS/1.0) b####.cj####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) i####.cj####.net:443
- TCP(TLS/1.0) dis####.cj####.com:443
- TCP(TLS/1.0) www.face####.com:443
- TCP(TLS/1.0) fds.cj####.com:443
- TCP(TLS/1.0) www.go####.nl:443
- TCP(TLS/1.0) n####.c####.com:443
DNS requests:
- as####.reco####.io
- b####.cj####.com
- bc.ad.d####.net
- cdn.mega####.co.kr
- cloud-i####.cj####.net
- d####.com
- dis####.cj####.com
- dis.as.cr####.com
- fds.cj####.com
- googl####.g.doublec####.net
- gum.cr####.com
- i####.cj####.net
- itemi####.cj####.net
- livelog####.cj####.com
- log.dreamse####.or.kr
- n####.c####.com
- rblogge####.reco####.io
- rblogge####.reco####.io
- s####.g####.com
- sas.nsm-####.com
- st####.cr####.net
- t####.cj####.net
- t1.dau####.net
- ter####.tec####.co.kr
- trac####.fee####.com
- wi####.as.cr####.com
- wi####.cr####.com
- www.cj####.com
- www.face####.com
- www.go####.com
- www.go####.nl
- www.google-####.com
- www.googlea####.com
- www.googlet####.com
- www.mega####.co.kr
HTTP GET requests:
- as####.reco####.io/rblc/js/rblc-apne1.min.js
- b####.cj####.com/m/rest/myzone/recentview?limit=####
- bc.ad.d####.net/bc?d={"track_id":"3724010666393291855","site":{"identifi...
- cdn.mega####.co.####.net/js/enliple_min2_amd.js
- cloud-i####.cj####.net/public/confirm/contents/design/static/flag/module...
- d####.com/rs/lib/pixel/dmcf1_1.2.0.js
- dis####.cj####.com/
- dis####.cj####.com/c/rest/commonBanners/popups?exposeLocation=####&displ...
- dis####.cj####.com/c/rest/module/contList?id=####&cjEmpYn=####&type=####...
- dis####.cj####.com/m/homeTab/main?hmtabMenuId=####&rPIC=####
- dis####.cj####.com/m/main
- dis.as.cr####.com/dis/dis.aspx?p=####&cb=####&ref=####&sc_r=####&sc_d=##...
- i####.cj####.net/public/confirm/assets/tbrandIdentity/201807/06/test/b86...
- i####.cj####.net/public/confirm/assets/thmtab_menu/201901/03/001529/bb6f...
- i####.cj####.net/public/confirm/assets/thmtab_menu/201902/11/001708/bb6f...
- i####.cj####.net/public/confirm/assets/thmtab_menu/201902/15//bb6fc7425a...
- i####.cj####.net/public/confirm/assets/ttag_flag_set/201902/28/3864/ced2...
- i####.cj####.net/public/confirm/assets/ttag_flag_set/201902/28/3871/8ee8...
- i####.cj####.net/public/confirm/assets/ttag_flag_set/201902/28/3873/55b9...
- i####.cj####.net/public/confirm/contents/ec-static-contents/design/img/i...
- i####.cj####.net/public/confirm/static/deploy/ec-display-cjmall/dist/pag...
- i####.cj####.net/public/confirm/static/deploy/webjars/ec-markup-common/d...
- i####.cj####.net/public/confirm/static/deploy/webjars/ec-static-common/d...
- i####.cj####.net/public/confirm/static/deploy/webjars/ec-static-componen...
- itemi####.cj####.net/goods_images/53/842/53973842L.jpg?timestamp=####
- rblogge####.reco####.io/rest/logs?data={"cuid":"e0fadd9e-1aa6-441e-8492-...
- rblogge####.reco####.io/user/guid?callback=####
- sas.nsm-####.com/sa-m.js?gc=####&dn=####&rd=####
- st####.cr####.net/js/ld/ld.js
- t####.cj####.net/unsafe/136x90/image.cjmall.net/public/confirm/assets/td...
- t####.cj####.net/unsafe/1482x0/image.cjmall.net/public/confirm/assets/td...
- t####.cj####.net/unsafe/1482x0/image.cjmall.net/public/confirm/contents/...
- t####.cj####.net/unsafe/152x152//image.cjmall.net/public/confirm/static/...
- t####.cj####.net/unsafe/188x120/image.cjmall.net/public/confirm/assets/t...
- t####.cj####.net/unsafe/208x70/image.cjmall.net/public/confirm/assets/td...
- t####.cj####.net/unsafe/32x32//image.cjmall.net/public/confirm/static/de...
- t####.cj####.net/unsafe/550x550/image.cjmall.net/public/confirm/assets/t...
- t####.cj####.net/unsafe/550x550/image.cjmall.net/public/confirm/contents...
- t####.cj####.net/unsafe/550x550/itemimage.cjmall.net/goods_images/50/295...
- t####.cj####.net/unsafe/550x550/itemimage.cjmall.net/goods_images/53/842...
- t####.cj####.net/unsafe/550x550/itemimage.cjmall.net/goods_images/55/822...
- t####.cj####.net/unsafe/640x0/image.cjmall.net/public/confirm/assets/tdp...
- t####.cj####.net/unsafe/640x100/image.cjmall.net/public/confirm/assets/t...
- t####.cj####.net/unsafe/640x320/image.cjmall.net/public/confirm/contents...
- t####.cj####.net/unsafe/640x480/image.cjmall.net/public/confirm/assets/t...
- t####.cj####.net/unsafe/640x480/image.cjmall.net/public/confirm/contents...
- t####.cj####.net/unsafe/680x778/image.cjmall.net/public/confirm/assets/t...
- t####.cj####.net/unsafe/fit-in/188x188/image.cjmall.net/public/confirm/c...
- t####.cj####.net/unsafe/fit-in/240x240/image.cjmall.net/public/confirm/c...
- t1.dau####.net.####.net/adfit/static/kp.js
- trac####.fee####.com/tracking/gather/pixel?ver=1.2.0&event_type=PAGE_VIE...
- wi####.as.cr####.com/event?a=####&v=####&p0=####&m=####&p1=e####&site_ty...
- wi####.cr####.com/event?a=####&v=####&p0=####&m=####&p1=e####&site_type=...
- www.cj####.com/
- www.google-####.com/analytics.js
- www.google-####.com/plugins/ua/ec.js
- www.google-####.com/r/collect?v=1&_v=j73&a=872845456&t=pageview&_s=1&dl=...
- www.googlea####.com/pagead/conversion_async.js
- www.googlet####.com/gtm.js?id=####
- www.mega####.co.kr/servlet/rd?sc=&form=&url=http://display.cjmall.com/m/...
- www.mega####.co.kr/servlet/rf?sc=&form=&url=http://display.cjmall.com/m/...
HTTP POST requests:
- livelog####.cj####.com/liveLog_Tracker.jsp
Miscellaneous:
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
Parses information from SMS.
