Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.MulDrop.248.origin
Threat detection based on machine learning.
Network activity:
Connects to:
- UDP(???) ma####.bootstr####.com:443
- UDP(???) adultg####.games:443
- UDP(DNS) <Google DNS>
- TCP(TLS/1.0) c####.jq####.com:443
- TCP(TLS/1.0) clients####.google####.com:443
- TCP(TLS/1.0) s.or####.com:443
- TCP(TLS/1.0) content####.adultg####.games:443
- TCP(TLS/1.0) a.exoc####.com:443
- TCP(TLS/1.0) hw-####.a####.com:443
- TCP(TLS/1.0) content####.google####.com:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) s.el####.com:443
- TCP(TLS/1.0) up####.google####.com:443
- TCP(TLS/1.0) adultg####.games:443
- TCP(TLS/1.0) s.o####.com:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) st####.cloudfl####.com:443
- TCP(TLS/1.0) ed####.me.g####.com:443
- TCP(TLS/1.0) c####.cloudf####.com:443
- TCP(TLS/1.0) st####.traffic####.com:443
- TCP(TLS/1.0) ma####.bootstr####.com:443
DNS requests:
- a.exoc####.com
- adultg####.games
- c####.cloudf####.com
- c####.jq####.com
- clients####.google####.com
- content####.adultg####.games
- content####.google####.com
- ed####.me.g####.com
- f####.google####.com
- f####.gst####.com
- hw-####.a####.com
- ma####.bootstr####.com
- s.ch####.com
- s.ch####.com
- s.ds####.com
- s.ds####.com
- s.el####.com
- s.ma####.com
- s.o####.com
- s.or####.com
- s.pe####.com
- s.zl####.com
- s7.add####.com
- st####.cloudfl####.com
- st####.traffic####.com
- syndica####.rea####.com
- up####.google####.com
- www.google-####.com
File system changes:
Creates the following files:
- /app_webview/Default/####/000003.log
- /app_webview/Default/####/LOCK
- /app_webview/Default/####/LOG
- /app_webview/Default/####/MANIFEST-000001
- /app_webview/Default/Cookies
- /app_webview/Default/Web Data
- /app_webview/Default/Web Data-journal
- /app_webview/webview_data.lock
- /cache/WebView/####/05810a2fa0b84c4d_0
- /cache/WebView/####/292c7e097c54a9ce_0
- /cache/WebView/####/323be72c7ee938a4_0
- /cache/WebView/####/34f884c572f9fc9f_0
- /cache/WebView/####/4192f3424f6f7807_0
- /cache/WebView/####/7b8e80bdeebc8033_0
- /cache/WebView/####/886e9e46ac66ede2_0
- /cache/WebView/####/9485d2d5c06a285f_0
- /cache/WebView/####/94f5d674e6569f57_0
- /cache/WebView/####/99b94ec60820cec2_0
- /cache/WebView/####/9e60b30331298192_0
- /cache/WebView/####/dc7d4091cb2b5bdb_0
- /cache/WebView/####/ee85f2f420c93553_0
- /cache/WebView/####/f44d7995fbb5895e_0
- /data/data/####/.org.chromium.Chromium.MoLRwV (deleted)
- /data/data/####/000001.dbtmp
- /data/data/####/0796faf3b329c868_0
- /data/data/####/14f4c290dd327432_0
- /data/data/####/17052db2fd5153d3_0
- /data/data/####/197d106f74535811_0
- /data/data/####/1a6ddd1c900a307d_0
- /data/data/####/25b1e2421a94207a_0
- /data/data/####/2b6beadb0adab9f7_0
- /data/data/####/300c21a8562b113c_0
- /data/data/####/3e2cfaff6e822c7b_0
- /data/data/####/43c31b66546440e3_0
- /data/data/####/45ca65d5ae06e2a0_0
- /data/data/####/4889f35f74dcadc3_0
- /data/data/####/54b711ce0fea9a6b_0
- /data/data/####/58d9f078e08c8ccb_0
- /data/data/####/5bffe3979cfc62c0_0
- /data/data/####/69ce57e1b0dd40cd_0
- /data/data/####/6a332d63b43ff1b1_0
- /data/data/####/74866404db9184b8_0
- /data/data/####/77309420994c43e8_0
- /data/data/####/77b48ccdacc43077_0
- /data/data/####/789e07e0c0505307_0
- /data/data/####/81772eb8c0e687b0_0
- /data/data/####/82c346032b07d6b5_0
- /data/data/####/83fb2a1159752a70_0
- /data/data/####/88b0da4a3aec64fb_0
- /data/data/####/8c938553950fe851_0
- /data/data/####/8e7a584d6022bfd3_0
- /data/data/####/9ee4e21fe0f34028_0
- /data/data/####/9f24e960a96b720a_0
- /data/data/####/BrowserMetrics-spare.pma.tmp
- /data/data/####/CURRENT
- /data/data/####/Cookies-journal
- /data/data/####/MANIFEST-000001
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/a26bc06b81e71fe0_0
- /data/data/####/b4635b71c1867667_0
- /data/data/####/b642199fdcf350d3_0
- /data/data/####/c712cd253978e7b7_0
- /data/data/####/ce34c7de5f9d7a38_0
- /data/data/####/cf0123c506076b5f_0
- /data/data/####/d1aaabeee4c82787_0
- /data/data/####/db04759ef4e6e442_0
- /data/data/####/ddeed1ba8eca50e8_0
- /data/data/####/e5cc2c136ed1a9ef_0
- /data/data/####/e6692a5290d055af_0
- /data/data/####/e775159a6ebd8cb6_0
- /data/data/####/e78cd74e11b2c926_0
- /data/data/####/edaeb07a44929f0f_0
- /data/data/####/f1b2528377f8fe40_0
- /data/data/####/ffd978423c332aee_0
- /data/data/####/font_unique_name_table.pb
- /data/data/####/gUFXecw.json
- /data/data/####/gUFXecw.json.cur.prof
- /data/data/####/gUFXecw.vdex
- /data/data/####/index
- /data/data/####/settings.dat
- /data/data/####/temp-index
- /data/data/####/the-real-index
- /data/data/####/todelete_d982179659dc7cfc_0_1 (deleted)
- /data/data/####/todelete_dc89f741907c95d1_0_1 (deleted)
- /data/data/####/variations_seed_new
- /data/data/####/variations_stamp
Miscellaneous:
Gets information about installed apps.
Displays its own windows over windows of other apps.
Appears corrupted in a way typical for malicious files.
Attempts to detect sandbox environment.
