Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.RemoteCode.337.origin
Threat detection based on machine learning.
Network activity:
Connects to:
- UDP(DNS) 8####.8.4.4:53
- UDP(NTP) 2.and####.p####.####.org:123
- TCP(TLS/1.0) g####.face####.com:443
- TCP(TLS/1.0) firebas####.google####.com:443
- TCP(TLS/1.0) app-mea####.com:443
- TCP(TLS/1.0) reg####.app-mea####.com:443
- TCP(TLS/1.0) firebas####.crashly####.com:443
- TCP(TLS/1.2) app-mea####.com:443
- TCP man.ko####.co.id:443
- TCP thumb####.ko####.id:443
- TCP arm.5####.cn:10010
DNS requests:
- 2.and####.p####.####.org
- app-mea####.com
- arm.5####.cn
- f####.gst####.com
- firebas####.crashly####.com
- firebas####.google####.com
- g####.face####.com
- h####.ko####.id
- man.ko####.co.id
- reg####.app-mea####.com
- thumb####.ko####.id
HTTP GET requests:
- firebas####.crashly####.com:443/spi/v2/platforms/android/gmp/1:319275463...
- g####.face####.com:443/v11.0/2506705769543424/mobile_sdk_gk?fields=####&...
- g####.face####.com:443/v11.0/2506705769543424/model_asset?fields=####&fo...
- g####.face####.com:443/v11.0/2506705769543424?fields=####&format=####&sd...
HTTP POST requests:
- g####.face####.com:443/v11.0/2506705769543424/activities
File system changes:
Creates the following files:
- /data/data/####/.xml
- /data/data/####/031b4b699ed24d0529e5ff4a9d3d5b1905891865848ed08....0.tmp
- /data/data/####/0502c0820bdced79ea5d4dfb15649ed85f86d220a9ef152....0.tmp
- /data/data/####/0691eae33de326f56ae92d37a2073dfb3701574150d3da0....0.tmp
- /data/data/####/0691eae33de326f56ae92d37a2073dfb3701574150d3da0...0a94.0
- /data/data/####/07d3893737900d8c3d57cc9091c19783761a9df9750c7d1...16ec.0
- /data/data/####/0d40fe879e0c5a8cf5836b9a775241c9a77a8a8d217e4e9....0.tmp
- /data/data/####/0d864028c57b1dc18b254505021702975e5a2b0b849cb19...0405.0
- /data/data/####/0e2a5849fd02128aadab9093642fcf47b1841577f3ea7a5...217d.0
- /data/data/####/0efd698467a5ffac7eb523efc37c63d13db3133befe0e4c....0.tmp
- /data/data/####/0efd698467a5ffac7eb523efc37c63d13db3133befe0e4c...737f.0
- /data/data/####/0f7b06cb7f8cf36a808c980c19dd1ac59c88fc240e72454...fc60.0
- /data/data/####/117b45ad90ed7b3f9a778327a4783d7ea542faf588042ae...4c57.0
- /data/data/####/11b27899ee3c9fe27f80eb6ca5de1323982d4e69fdde5d6....0.tmp
- /data/data/####/11b27899ee3c9fe27f80eb6ca5de1323982d4e69fdde5d6...0ccf.0
- /data/data/####/1368cecf7f325dcda48a1a1b1d298046c3318b4d7888e1d....0.tmp
- /data/data/####/14afdfa13c7aad947be7432dc00a7a3abc4e4460ded4149....0.tmp
- /data/data/####/15dbc4d03ea5edd701aac7b900f5b95ecb72cf27ab93898...24fd.0
- /data/data/####/1a27e9366f0bb3bc193500036b887f79e1baf3dddda6490....0.tmp
- /data/data/####/1a27e9366f0bb3bc193500036b887f79e1baf3dddda6490...4e74.0
- /data/data/####/1a6b70e812e972df3b557ebf3b03433434c406c75e3d583....0.tmp
- /data/data/####/1a6b70e812e972df3b557ebf3b03433434c406c75e3d583...920e.0
- /data/data/####/1b4ccce6c00163c04b1869757b53a5835fc1534e6236889....0.tmp
- /data/data/####/1b4ccce6c00163c04b1869757b53a5835fc1534e6236889...e3dc.0
- /data/data/####/1c17c50f1d2e881a136927f700d569376d46091dce3a5b5....0.tmp
- /data/data/####/1c17c50f1d2e881a136927f700d569376d46091dce3a5b5...2771.0
- /data/data/####/1e9b579502e2ea9f8b458af1fb6b3dfa546648a3e959277....0.tmp
- /data/data/####/21d701c595c607baacff9da6aa459466476c9c8e0085204...a246.0
- /data/data/####/25246d46a2bbf162265cf97d0671d5a90208202f8821cb4....0.tmp
- /data/data/####/2719c0aaf1b32ab255fa43e4c857f908c92aff02ab34099....0.tmp
- /data/data/####/2719c0aaf1b32ab255fa43e4c857f908c92aff02ab34099...15ad.0
- /data/data/####/29eac365e6797977cd87b271a1dba943130cf8c0be2840d...5e5d.0
- /data/data/####/2bef3c62b374e39568c986575a32c44f2709cdd2cb209b0...dcc8.0
- /data/data/####/303f723a318296a6d64616fd3f9776df677f4ad7fe7c738....0.tmp
- /data/data/####/303f723a318296a6d64616fd3f9776df677f4ad7fe7c738...6ade.0
- /data/data/####/30419b4c5dd0430c190f9b6fbc7d224a779c9962f2ca2a6...1d6d.0
- /data/data/####/31146c9aecf808ef0710d667d0427ad187814e09066d63b....0.tmp
- /data/data/####/32a8678cd1d6d9dcbc3a6ec3c12e8984f4b22015616f087...98db.0
- /data/data/####/3349582390.apk
- /data/data/####/35afdda1523e1f98840db24fc40be3e8d8e7ea607f3c224....0.tmp
- /data/data/####/35afdda1523e1f98840db24fc40be3e8d8e7ea607f3c224...b3eb.0
- /data/data/####/369b3318687e81b0255c30ad96492b6912e7482fed70e40...6241.0
- /data/data/####/3b89a405d880198603540ee1f00925a83c36b1e74d6a9a1...d18b.0
- /data/data/####/3d3abcdb682c397a928dbaa48f05688bb1894115e8b7bca....0.tmp
- /data/data/####/3d3abcdb682c397a928dbaa48f05688bb1894115e8b7bca...73cd.0
- /data/data/####/441c76c082764598b9c2785f0278ab780d75aa1d567907a...e040.0
- /data/data/####/4609403f47a40395e470a0d409f18f2f0179651ad140fc8....0.tmp
- /data/data/####/4609403f47a40395e470a0d409f18f2f0179651ad140fc8...210e.0
- /data/data/####/4958298c0c1e430422450a7e8c1c42e75364a3b998f6562....0.tmp
- /data/data/####/4958298c0c1e430422450a7e8c1c42e75364a3b998f6562...e3d1.0
- /data/data/####/533d03a0ea9d9d743ab0b37c646e989d0f664da6053e8a7...961c.0
- /data/data/####/5614c34b71a089bfed03fd2a3990d83046b1f09ce35faac....0.tmp
- /data/data/####/5614c34b71a089bfed03fd2a3990d83046b1f09ce35faac...12ba.0
- /data/data/####/5a09ad59bc365bccd8512fee1ca9b691f8ae0ad8ef88ac5....0.tmp
- /data/data/####/5a09ad59bc365bccd8512fee1ca9b691f8ae0ad8ef88ac5...f1fe.0
- /data/data/####/5aa7c157f436da71010562a00e5643cc2560e6813a3d7f8....0.tmp
- /data/data/####/5aa7c157f436da71010562a00e5643cc2560e6813a3d7f8...fcc7.0
- /data/data/####/5ac04127047efcb42dd9095126d7c23786b549189488388...be4d.0
- /data/data/####/5f42e8772e6132c0c0471f023704d6c9dad0386f7b50cb9...de88.0
- /data/data/####/6005f9f3c0924662e94e0f2f917779d3b3aab855c64fec0....0.tmp
- /data/data/####/627a2d38e9c8c4d0c6d8ce2ffe0297d13aa8b2291517e8c....0.tmp
- /data/data/####/627a2d38e9c8c4d0c6d8ce2ffe0297d13aa8b2291517e8c...8db2.0
- /data/data/####/630a9e92abec3fe7651924bfc89a1d5a18ac88b3034d9b5....0.tmp
- /data/data/####/66ef399ba1162fdb4fdc16bda4345118cfbaa77fea4ce4f...698b.0
- /data/data/####/68c8ee28b3f6834dc13e3baa99ecce7ea83750378006485...947d.0
- /data/data/####/6e42f25463981d84c0f97e083a99c2dda0b4bfb1b27696d....0.tmp
- /data/data/####/6e42f25463981d84c0f97e083a99c2dda0b4bfb1b27696d...c1dd.0
- /data/data/####/7500903999496fe3149c930412675cca5eaf0f7a387a332....0.tmp
- /data/data/####/7500903999496fe3149c930412675cca5eaf0f7a387a332...e19a.0
- /data/data/####/75acca58a7a4c089c1accfd9baf1e4f662cfb9cf6c345db...5638.0
- /data/data/####/79a60304f4e29f619584d7ee617a0b1c4134c340ac84502....0.tmp
- /data/data/####/79a60304f4e29f619584d7ee617a0b1c4134c340ac84502...590d.0
- /data/data/####/7d461cdd31588ee8d761c09fa2440592f093135bcae8997...2c6c.0
- /data/data/####/84732c583f6ce1a542607600be19b3a6c00037c1dce4197....0.tmp
- /data/data/####/84bf799cefb54f3b298f7e9d8cb48404700cba328169874...0dd7.0
- /data/data/####/84ecb01d137bc48df098528c57669a91bbeb94081e1125c...60a1.0
- /data/data/####/854402b63430248d54ffe35c5730ea10fe0cad635586e60....0.tmp
- /data/data/####/854402b63430248d54ffe35c5730ea10fe0cad635586e60...bcd5.0
- /data/data/####/871aca688cde7eebdef23e33868a8edeb7049bcb2b7ea67...9998.0
- /data/data/####/887066294c579dc846a494c2df3359c1f0a66b76b07c3e6...6b65.0
- /data/data/####/8cec4592e7de708b18ac9d0931be5dcc3e91563ee4a82eb...0545.0
- /data/data/####/8d80a1a9e97e8c2b0bbacc9ff59fd1519a29b8ad58d09fa...da90.0
- /data/data/####/9067ab21910f0dd68444d821d6102ca6ef9ff0913bc0e40....0.tmp
- /data/data/####/93ecc061e058fff25083bd151e62f2881d8e3b437d5a809....0.tmp
- /data/data/####/94fb4cb55517f73232174ae1ebba5d870e4aa99632ff16a...c162.0
- /data/data/####/99705a57c87289e26a0bc47765552d9ce6723eecf76e6d7....0.tmp
- /data/data/####/9ae37fc848a8ec8fb923dfb6549defeef98cefc0bd9eecb....0.tmp
- /data/data/####/9d8d06f883cc8a7bd681ad25ad854bdb575f4d3c87b7f9c....0.tmp
- /data/data/####/AppEventsLogger.persistedevents
- /data/data/####/FirebaseAppHeartBeat.xml
- /data/data/####/FirebaseAppHeartBeat.xml.bak
- /data/data/####/KomikuPro.db-journal (deleted)
- /data/data/####/PersistedInstallation1800923697tmp
- /data/data/####/PersistedInstallation1842463415tmp
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/Weibo.Yx.v5_preferences.xml
- /data/data/####/a1bb4bc48585ee0253113b55601179baed8fc1b261810ab....0.tmp
- /data/data/####/a3d0d9b1ce748d2c14d992d0e96f079b32005f036649266...bb2f.0
- /data/data/####/a5cdb71de6dfdacf427dbaf9cd4720d8aac5ecc7c5dee27....0.tmp
- /data/data/####/a636cf219c622bca03929a7d1ed0376d32d5757f3033d66...6397.0
- /data/data/####/aa6da2ca8962b6c5909b6c687c0f652de519b6db98bc0ad...2d9b.0
- /data/data/####/aaeb6440458f3bc3e39b33ea1b2f165f2256d7cef0bb727...5f6d.0
- /data/data/####/ab76edf64e49fdfc921f9eb7a8819ef2ea76b969c59015e...26f8.0
- /data/data/####/ac76ece62966592178bdf3a25a1840169788ba3d566a3bc....0.tmp
- /data/data/####/ac76ece62966592178bdf3a25a1840169788ba3d566a3bc...77c4.0
- /data/data/####/androidx.work.workdb-journal (deleted)
- /data/data/####/app_cache.xml
- /data/data/####/b354abe03a07b4d70d33b087373f1a697eba21346fe5475...5303.0
- /data/data/####/b364eae97c36f54bc8a1c7838b4637d1a6cba2f5ae0498b....0.tmp
- /data/data/####/b364eae97c36f54bc8a1c7838b4637d1a6cba2f5ae0498b...efdc.0
- /data/data/####/b8d329b40e8213d7ea9f921907a684ea568b6e240ade00b...8679.0
- /data/data/####/ba19e37a77533ceec7102fc56080f02c05118ae9d86240d...84d8.0
- /data/data/####/bc4a21a96a9e90e2960cffcb874ab7443d6ff3830f8bc2b...2c5e.0
- /data/data/####/bda1525e4f89cdab5ef691b6312836b6750b03a03cd3fec....0.tmp
- /data/data/####/c071e7588de155d9f3dbae5da5221cf2527b9b703f364ca....0.tmp
- /data/data/####/c071e7588de155d9f3dbae5da5221cf2527b9b703f364ca...3143.0
- /data/data/####/c133b8a9ed5b16d7355bba8cf9f981752ca32afd9b5bc3c....0.tmp
- /data/data/####/c133b8a9ed5b16d7355bba8cf9f981752ca32afd9b5bc3c...1cf9.0
- /data/data/####/c27365a74d74a6b21026a0e1d9ca2be485efe4b248e3937...4637.0
- /data/data/####/c92e0604ea43252ffb389e5d2fe50f9214e888ea672983a....0.tmp
- /data/data/####/classes.dex
- /data/data/####/classes.dex.flock (deleted)
- /data/data/####/classes2.dex
- /data/data/####/classes2.dex.flock (deleted)
- /data/data/####/classes3.dex
- /data/data/####/classes3.dex.flock (deleted)
- /data/data/####/classes4.dex
- /data/data/####/classes4.dex.flock (deleted)
- /data/data/####/com.crashlytics.settings.json
- /data/data/####/com.facebook.internal.MODEL_STORE.xml
- /data/data/####/com.facebook.internal.preferences.APP_GATEKEEPERS.xml
- /data/data/####/com.facebook.internal.preferences.APP_SETTINGS.xml
- /data/data/####/com.facebook.sdk.USER_SETTINGS.xml
- /data/data/####/com.facebook.sdk.appEventPreferences.xml
- /data/data/####/com.facebook.sdk.attributionTracking.xml
- /data/data/####/com.google.android.datatransport.events-journal
- /data/data/####/com.google.android.gms.appid-no-backup
- /data/data/####/com.google.android.gms.appid.xml
- /data/data/####/com.google.android.gms.measurement.prefs.xml
- /data/data/####/com.google.android.gms.measurement.prefs.xml.bak (deleted)
- /data/data/####/com.google.firebase.crashlytics.xml
- /data/data/####/crashlytics-userlog-63D3495002EB00010DC9B22E462...mp.tmp
- /data/data/####/crashlytics-userlog-63D3495002EB00010DC9B22E4620C77C.temp
- /data/data/####/d0d5e01a6428cd7f17514918279b89b4aebdf1271475626...d7a5.0
- /data/data/####/d2366e5349036daea5c737e06853134c66354749d519ac6...71c9.0
- /data/data/####/d8a4386970f28c03c8f6a3ab027c31267d9ef832fd803a1...b4c4.0
- /data/data/####/db74fe6ed123f5b954caae50dc2e6d55149576b550e23b3....0.tmp
- /data/data/####/df2b7a53136f44cd4855c72a68e7896210c606cb7af04ef....0.tmp
- /data/data/####/e3954d0c21112f2228baf36995726c52e3bdce45f68aff0...ea2a.0
- /data/data/####/e4140185f62c52a6d672b360a2e8c71bd3a0dc9600f3344....0.tmp
- /data/data/####/e4816c560b70a5a6390364e2c3c4e6aab001fb72587715a...5618.0
- /data/data/####/e9b88bab320553ccfd696f8297c382ec1222c3a14bcf0ab....0.tmp
- /data/data/####/enc.xml
- /data/data/####/f076de3d999e2363436713dda43906441941cd4f5b0e06f....0.tmp
- /data/data/####/f22d3216e21a6533dee2af8687db784b18bee7088e10963....0.tmp
- /data/data/####/f46c6cd6412dd12b42101a392daa81c586b1f048ea8a674...952d.0
- /data/data/####/f7ed2fdded62180732ced7ebc0256974a5436d7c7f3f197...65ab.0
- /data/data/####/generatefid.lock
- /data/data/####/google_app_measurement_local.db
- /data/data/####/google_app_measurement_local.db-journal
- /data/data/####/index
- /data/data/####/initialization_marker
- /data/data/####/journal (deleted)
- /data/data/####/journal.tmp
- /data/data/####/metrics_guid
- /data/data/####/notice.xml
- /data/data/####/proc_auxv
- /data/data/####/report
- /data/data/####/start-time
- /data/data/####/temp-index
- /data/data/####/this.xml
- /data/data/####/this.xml.bak
Miscellaneous:
Loads the following dynamic libraries:
- libArmEpicVm
- libmthook
- libprotected
Uses the following algorithms to encrypt data:
- AES-CTR-NoPadding
- AES-ECB-NoPadding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
- AES
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
Gets information about network.
Gets information about installed apps.
Displays its own windows over windows of other apps.
