SHA1 hash:
- f347afa9e35dbbfc27f5aa3f27ef2fd22e628909
Description
A shell script that downloads and installs Android.Pandora.2 or its modifications; file name: .tmp.sh.
Operating routine
It downloads the programs and malicious modules it needs to operate from the following servers:
- hxxp://195[.]154.168[.]94
- hxxp://fadfatest[.]pneydn[.]com:8080
It copies the downloaded files to the system partition.
To run the trojan, it adds the below line to the .sh system-services-related files on the device: /system/bin/supervisord -c /system/bin/s.conf &
It launches the Android.Pandora.2 trojan.