Android.Locker.18024

Technical information

Malicious functions:

Executes code of the following detected threats:

Android.Locker.1198.origin

Network activity:

Connects to:

UDP(DNS) 8####.8.4.4:53
UDP(DNS) <Google DNS>
TCP(HTTP/1.1) 6213271####.xn--xkr####.cn:80
TCP(HTTP/1.1) cdn.u1.hul####.####.com:80
TCP(HTTP/1.1) 6903733####.xn--xkr####.cn:80
TCP(TLS/1.0) cc####.com:443
TCP(TLS/1.0) pla####.google####.com:443
TCP(TLS/1.0) cdn.c####.online:443
TCP(TLS/1.0) rr9---s####.g####.com:443
TCP(TLS/1.0) p####.google####.com:443
TCP(TLS/1.0) and####.a####.go####.com:443
TCP(TLS/1.0) connect####.gst####.com:443
TCP(TLS/1.2) and####.a####.go####.com:443
TCP(TLS/1.2) p####.google####.com:443

DNS requests:

4263050####.xn--xkr####.cn
5430923####.xn--xkr####.cn
6213271####.xn--xkr####.cn
6903733####.xn--xkr####.cn
and####.a####.go####.com
and####.google####.com
api.xn--xkr####.cn
cc####.com
cdn.c####.online
cdn.u1.hul####.com
connect####.gst####.com
p####.google####.com
pla####.google####.com
rr9---s####.g####.com

HTTP GET requests:

cc####.com:443/view.php/0883a2908d2a150a95bd2ab1a90c111b.jpg
cdn.c####.online:443/app/uin/img/dk.png
cdn.c####.online:443/app/uin/img/dl.png
cdn.c####.online:443/app/uin/img/hy.png
cdn.c####.online:443/app/uin/img/ss.png
cdn.c####.online:443/app/uin/img/ws.png
cdn.c####.online:443/app/uin/img/yq.png
cdn.u1.hul####.####.com/g4/M01/2E/6A/rBAAdmXTcm6AE0OnAAAX2QtFRtM953.png
cdn.u1.hul####.####.com/g4/M01/2E/6D/rBAAdmXTgZOAZdEPAAAWj08hCPo296.png
cdn.u1.hul####.####.com/g4/M01/5C/1D/rBAAdmQGwTiAfbJRAAKsyUE3dCc994.jpg
cdn.u1.hul####.####.com/g4/M02/2E/6D/rBAAdmXTgGyAKQ59AAANd-mHwNI955.png
cdn.u1.hul####.####.com/g4/M02/2E/6D/rBAAdmXTgMOAG-weAAAXM1fHJrM553.png
cdn.u1.hul####.####.com/g4/M02/2E/6D/rBAAdmXTgOSAchupAAAnXUvbaaU458.png
cdn.u1.hul####.####.com/g4/M02/2E/6D/rBAAdmXTgP2AGVbvAAAjXwRwC8o572.png
cdn.u1.hul####.####.com/g4/M03/2E/7A/rBAAdmXT-D-AFFy0AAAfvo7VkeQ998.png
cdn.u1.hul####.####.com/g4/M03/2E/7A/rBAAdmXT-MqAY_9NAAAU-nGRaq4411.png

HTTP POST requests:

6213271####.xn--xkr####.cn/api/add/statistics/increase.php
6213271####.xn--xkr####.cn/api/info.php
6903733####.xn--xkr####.cn/api/info.php

File system changes:

Creates the following files:

/data/data/####/-1909343991482377702.xzz
/data/data/####/-2961455203501542228.xzz
/data/data/####/-3275523355976885124.xzz
/data/data/####/-6167959266868448329.xzz
/data/data/####/-6839824911339848242.xzz
/data/data/####/-7134331406007049490.xzz
/data/data/####/-7156268206634109256.xzz
/data/data/####/-7811583606432637893.xzz
/data/data/####/0f4b5a28e7f1d7c816c4698996b06403.img
/data/data/####/1f069ab21ad4a51f1def1ad301ccb992.img
/data/data/####/2299ed1732b72e985e217c8c44efb160.img
/data/data/####/2732649671962944736.xzz
/data/data/####/3962883561971446342.xzz
/data/data/####/3a73a59e0bc4abe9b4ec2cd7c586383b.img
/data/data/####/418865890296978231.xzz
/data/data/####/4400905297052611585.xzz
/data/data/####/5685556112043041202.xzz
/data/data/####/6a3d462988026c13456085a20674a085.img
/data/data/####/70041738ac493a773050a56d8a9432dd.img
/data/data/####/7447392808790226116.xzz
/data/data/####/775f6e4cc8a36eb14cdba53edb678670.img
/data/data/####/8213445160051f46623aad21ca50856c.img
/data/data/####/8720095284574760487.xzz
/data/data/####/8911251049689613344.xzz
/data/data/####/9572fe7c01b4d425c5ce9bb460ee12dc.img
/data/data/####/a31bf1a43acf2b499aa864a17388bc3a.img
/data/data/####/classes.dex
/data/data/####/classes.dex;classes2.dex
/data/data/####/classes.dex;classes3.dex
/data/data/####/classes.oat
/data/data/####/d18d4ac71272d385e425c7992332fd36.img
/data/data/####/d9f06bed22f15f0e13eaa6998c90e6f2.img
/data/data/####/deploy.db
/data/data/####/f72121494b4c85b404ec5a331453ba04.img
/data/data/####/jgobfppppp (deleted)
/data/data/####/libjiagu.so
/data/data/####/设备信息.txt
/data/misc/####/primary.prof

Miscellaneous:

Loads the following dynamic libraries:

libjiagu

Uses special library to hide executable bytecode.

Displays its own windows over windows of other apps.

Tecnologías

Términos

Formación y educación

Mitos

Technical information

Curing recommendations

Free trial