Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Android.BankBot.11359

Added to the Dr.Web virus database: 2021-12-25

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.8970
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(TLS/1.0) 1####.250.179.206:443
  • TCP(TLS/1.0) raw.githubu####.com:443
  • TCP(TLS/1.0) digital####.google####.com:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.0) instant####.google####.com:443
  • TCP(TLS/1.0) android####.go####.com:443
  • TCP(TLS/1.2) 1####.250.179.202:443
  • TCP(TLS/1.2) 1####.250.179.174:443
  • TCP(TLS/1.2) instant####.google####.com:443
  • TCP(TLS/1.2) 2####.58.208.99:443
DNS requests:
  • and####.google####.com
  • android####.go####.com
  • digital####.google####.com
  • instant####.google####.com
  • m####.go####.com
  • raw.githubu####.com
File system changes:
Creates the following files:
  • /data/anr/traces.txt
  • /data/data/####/.cl
  • /data/data/####/.fsgkea
  • /data/data/####/.jg.ri
  • /data/data/####/.jg.store.report_pid
  • /data/data/####/046ebf5a-e0fb-4282-8260-af19f9f8d184_prop.txt
  • /data/data/####/0b0718ef-147e-4649-b2ab-465cfb7e7160_prop.txt
  • /data/data/####/1c210ded-329e-4fe8-9d27-6c02e6108ed1_prop.txt
  • /data/data/####/2c7a295d-1266-4570-ace7-25a145d9fc87_prop.txt
  • /data/data/####/3467d59a-acdf-4ae2-b225-0e28b26f7b4c_prop.txt
  • /data/data/####/456f706f-3564-43f5-bf35-5a167f77540d_prop.txt
  • /data/data/####/64246de9-72d4-40be-8db7-25cf978bdead_prop.txt
  • /data/data/####/765bbb6b-e785-49ed-a017-961f3ad664d7_prop.txt
  • /data/data/####/84b26209-950e-4f2e-8e29-d64181e001d6_prop.txt
  • /data/data/####/9567fcf4-da78-4ab6-b2be-d0c1c3b40142_prop.txt
  • /data/data/####/9855790e-414c-438d-a86d-6f03cfd6416b_prop.txt
  • /data/data/####/a91f0479-0ff3-48d1-99be-996cf07e4788_prop.txt
  • /data/data/####/anr_state.txt
  • /data/data/####/b100b6ef-bbbf-4083-bf42-373856e4f718_prop.txt
  • /data/data/####/ca8804c2-3f0c-401b-8c7b-42b03d01e621_prop.txt
  • /data/data/####/classes.dex
  • /data/data/####/classes.dex;classes10.dex
  • /data/data/####/classes.dex;classes2.dex
  • /data/data/####/classes.dex;classes3.dex
  • /data/data/####/classes.dex;classes4.dex
  • /data/data/####/classes.dex;classes5.dex
  • /data/data/####/classes.dex;classes6.dex
  • /data/data/####/classes.dex;classes7.dex
  • /data/data/####/classes.dex;classes8.dex
  • /data/data/####/classes.dex;classes9.dex
  • /data/data/####/com.instagram.android_preferences.xml
  • /data/data/####/crash_lock
  • /data/data/####/crash_log
  • /data/data/####/dso_deps
  • /data/data/####/dso_instance_lock
  • /data/data/####/dso_lock
  • /data/data/####/dso_manifest
  • /data/data/####/dso_state
  • /data/data/####/insta_crash_log
  • /data/data/####/lacrima.xml
  • /data/data/####/libIGL.so
  • /data/data/####/lib_bandwidth_estimator.so
  • /data/data/####/lib_request_measurement.so
  • /data/data/####/libaborthooks.so
  • /data/data/####/libacra.so
  • /data/data/####/libanalyticsutil-jni.so
  • /data/data/####/libappstatelogger.so
  • /data/data/####/libappstatelogger2.so
  • /data/data/####/libarcore_sdk_c.so
  • /data/data/####/libard-android-async-asset-fetcher.so
  • /data/data/####/libard-shader-models-android.so
  • /data/data/####/libard-upload.so
  • /data/data/####/libardelivery-merged.so
  • /data/data/####/libarengineservicesutils.so
  • /data/data/####/libarfxgraphicsmerged.so
  • /data/data/####/libarlink.so
  • /data/data/####/libarstandalonetracking-native-android.so
  • /data/data/####/libartsmartgc.so
  • /data/data/####/libarvr_projects_viper_viper_pipeline_configura...oid.so
  • /data/data/####/libassetsExtractor.so
  • /data/data/####/libaudiograph-native.so
  • /data/data/####/libaudiopostprocessing-native.so
  • /data/data/####/libbandwidth_estimator_jni.so
  • /data/data/####/libbinderhookerjni.so
  • /data/data/####/libbloks-pando-jni.so
  • /data/data/####/libbreakpad_extra.so
  • /data/data/####/libbsdiff.so
  • /data/data/####/libcamera-xplat-spars-jni.so
  • /data/data/####/libcj_moz.so
  • /data/data/####/libcommonpatchjni.so
  • /data/data/####/libcontextual-music-graph-android.so
  • /data/data/####/libcrypto.so
  • /data/data/####/libcryptopub-jni.so
  • /data/data/####/libcryptopub.so
  • /data/data/####/libdalvikdistract.so
  • /data/data/####/libdalviksmartgc.so
  • /data/data/####/libdextricksmerged.so
  • /data/data/####/libdistractutil.so
  • /data/data/####/libdouble-conversion.so
  • /data/data/####/libeffectservicehostmerged.so
  • /data/data/####/libfb_ffmpeg.so
  • /data/data/####/libfb_ffmpeg_jni.so
  • /data/data/####/libfb_mboost-lite.so
  • /data/data/####/libfb_mboost.so
  • /data/data/####/libfb_mozjpeg.so
  • /data/data/####/libfbandroid_java_com_facebook_cameracore_media...jni.so
  • /data/data/####/libfbandroid_java_com_facebook_memory_ion_libion_libion.so
  • /data/data/####/libfbandroid_native_aosp_libs_libunwindstack.so
  • /data/data/####/libfbaudiomerged.so
  • /data/data/####/libfbjitdalvikutils.so
  • /data/data/####/libfbjitoptionsjni.so
  • /data/data/####/libfbjitshared.so
  • /data/data/####/libfbnightwatch.so
  • /data/data/####/libfbpayptt-android.so
  • /data/data/####/libfbreact-i18nassetsmodule.so
  • /data/data/####/libfbsystrace.so
  • /data/data/####/libfilestathelper.so
  • /data/data/####/libfilters-native-android.so
  • /data/data/####/libflatbuffers.so
  • /data/data/####/libflexlayout.so
  • /data/data/####/libfmt.so
  • /data/data/####/libforker.so
  • /data/data/####/libfssync.so
  • /data/data/####/libglcommon.so
  • /data/data/####/libglprogramcompiler.so
  • /data/data/####/libgputimer-jni.so
  • /data/data/####/libhermes-crashmanager.so
  • /data/data/####/libhermes-executor.so
  • /data/data/####/libhiddenapi.so
  • /data/data/####/libhprofsanitizer.so
  • /data/data/####/libhybridlogsinkjni.so
  • /data/data/####/libig_libyuv_jni.so
  • /data/data/####/libigbitmap_runtime_for_v21.so
  • /data/data/####/libigbitmap_runtime_for_v23.so
  • /data/data/####/libigblur.so
  • /data/data/####/libimage_quality_utils.so
  • /data/data/####/libinstagram-libarlink.so-orderfile.so
  • /data/data/####/libinstagram-libcaffe2.so-orderfile.so
  • /data/data/####/libinstagram-libfb_mozjpeg.so-orderfile.so
  • /data/data/####/libinstagram-libfbjsc.so-orderfile.so
  • /data/data/####/libinstagram-libxplat_third-party_protobuf_fb-p...ile.so
  • /data/data/####/libionmemory.so
  • /data/data/####/libjavamemmetrics.so
  • /data/data/####/libjiagu.so
  • /data/data/####/libjniperflogger.so
  • /data/data/####/libjniuserflow.so
  • /data/data/####/libjpegutils_moz.so
  • /data/data/####/libjsijnimdcd.so
  • /data/data/####/libjsijniprofiler.so
  • /data/data/####/libliger.so
  • /data/data/####/liblimitstack.so
  • /data/data/####/liblivestreaming.so
  • /data/data/####/liblocationdataprovider.so
  • /data/data/####/liblogcat-interceptor-breakpad.so
  • /data/data/####/liblogcat-interceptor.so
  • /data/data/####/libloommerged.so
  • /data/data/####/liblyramanager.so
  • /data/data/####/libmapbufferjni.so
  • /data/data/####/libmapsreader.so
  • /data/data/####/libmediacodechooks_jni.so
  • /data/data/####/libmediapipeline-iglu-merged.so
  • /data/data/####/libmediapipeline.so
  • /data/data/####/libmem_alloc_marker.so
  • /data/data/####/libmessengersynctaskexecutormanagerjni.so
  • /data/data/####/libminscompiler-jni.so
  • /data/data/####/libmnscertificateverifier.so
  • /data/data/####/libmobilenetwork_jni.so
  • /data/data/####/libmsgnotificationenginejni.so
  • /data/data/####/libmsssim.so
  • /data/data/####/libmsysxplatmerged.so
  • /data/data/####/libmultipeerservice.so
  • /data/data/####/libmusiceffect-native.so
  • /data/data/####/libnative_allocation_hooks_installer_jni.so
  • /data/data/####/libnative_bridge.so
  • /data/data/####/libnightwatch.so
  • /data/data/####/liboatmeal.so
  • /data/data/####/libomnigridjni.so
  • /data/data/####/libonecamera-iglufilter-graph.so
  • /data/data/####/libopenh264libdecoderAndroid.so
  • /data/data/####/libopenh264libencoderAndroid.so
  • /data/data/####/libpando-api-framework.so
  • /data/data/####/libpando-instagram-jni.so
  • /data/data/####/libparticipantservice.so
  • /data/data/####/libpdqhashing.so
  • /data/data/####/libperfloggerxplat_init.so
  • /data/data/####/libpgo-native-500.so
  • /data/data/####/libpgo-native-511.so
  • /data/data/####/libpgo-native-601.so
  • /data/data/####/libpgo-native-700.so
  • /data/data/####/libpgo-native-712.so
  • /data/data/####/libpgo-native-800.so
  • /data/data/####/libpgo-native-810.so
  • /data/data/####/libpgo-native-900.so
  • /data/data/####/libpl_droidsonroids_gif.so
  • /data/data/####/libplthooks.so
  • /data/data/####/libprofiloextapi.so
  • /data/data/####/libpthread_interceptor.so
  • /data/data/####/libqpljsibindingsjni.so
  • /data/data/####/libquicksand.so
  • /data/data/####/libreactnativejni.so
  • /data/data/####/libreactperfloggerjni.so
  • /data/data/####/librealtime.so
  • /data/data/####/libredexsharedmerged.so
  • /data/data/####/libregiontracking.so
  • /data/data/####/libreliability.so
  • /data/data/####/librequest_measurement_jni.so
  • /data/data/####/librestricks.so
  • /data/data/####/librtc.so
  • /data/data/####/librtmpssl.so
  • /data/data/####/libscene-understanding-recognizer-android.so
  • /data/data/####/libscrambler.so
  • /data/data/####/libsigquit.so
  • /data/data/####/libsimplejni.so
  • /data/data/####/libsmartcapture_id.so
  • /data/data/####/libspark-ocxlogger-native.so
  • /data/data/####/libspark-qpluserflow-native.so
  • /data/data/####/libssim.so
  • /data/data/####/libstash-jni.so
  • /data/data/####/libstringregex-jni.so
  • /data/data/####/libstrings.so
  • /data/data/####/libsurfacenativemem.so
  • /data/data/####/libtarget-recognition-android.so
  • /data/data/####/libthird-party_boost_boostAndroid.so
  • /data/data/####/libthird-party_boost_boost_contextAndroid.so
  • /data/data/####/libthird-party_boost_boost_randomAndroid.so
  • /data/data/####/libthird-party_brotli_brotli_decodeAndroid.so
  • /data/data/####/libthird-party_libev_libevAndroid.so
  • /data/data/####/libthird-party_libyuv_libyuvAndroid.so
  • /data/data/####/libthird-party_nghttp2_nghttp2Android.so
  • /data/data/####/libthird-party_nghttp3_nghttp3Android.so
  • /data/data/####/libthird-party_ngtcp2_ngtcp2Android.so
  • /data/data/####/libthird-party_png_pngAndroid.so
  • /data/data/####/libthird-party_webp_webpAndroid.so
  • /data/data/####/libthreadutils-jni.so
  • /data/data/####/libtimeinapp-jni.so
  • /data/data/####/libtls13_socket.so
  • /data/data/####/libturbomodulejsijni.so
  • /data/data/####/libuimanagerjni.so
  • /data/data/####/libunwindstack_stream.so
  • /data/data/####/libvmasaver.so
  • /data/data/####/libvpxJNI.so
  • /data/data/####/libwebpdecoder-native.so
  • /data/data/####/libwebpencoder-native.so
  • /data/data/####/libxplat_MobileCoreHealth_memorydebug_memorydeb...oid.so
  • /data/data/####/libxplat_ReactNative_react_jsi_HeapSnapshotAndroid.so
  • /data/data/####/libxplat_ReactNative_react_jsi_HermesExecutorFa...oid.so
  • /data/data/####/libxplat_ReactNative_react_jsi_JSITracingAndroid.so
  • /data/data/####/libxplat_ReactNative_react_module_i18nassetsmod...oid.so
  • /data/data/####/libxplat_RuntimeFeatureTracing_RuntimeFeatureTr...oid.so
  • /data/data/####/libxplat_bloks_common_commonAndroid.so
  • /data/data/####/libxplat_caffe2_fb_dynamic_pytorch_dynamic_pyto...oid.so
  • /data/data/####/libxplat_caffe2_fb_dynamic_pytorch_inference_co...oid.so
  • /data/data/####/libxplat_caffe2_fb_dynamic_pytorch_pytorch_shim...oid.so
  • /data/data/####/libxplat_caffe2_minizAndroid.so
  • /data/data/####/libxplat_common_bufferpool_bufferpoolAndroid.so
  • /data/data/####/libxplat_common_hash_murmurhashAndroid.so
  • /data/data/####/libxplat_common_integrity_clientAndroid.so
  • /data/data/####/libxplat_common_integrity_commonAndroid.so
  • /data/data/####/libxplat_flexlayout_flexlayoutAndroid.so
  • /data/data/####/libxplat_fury_FuryCXXAndroid.so
  • /data/data/####/libxplat_hermes_API_HermesAPIAndroid.so
  • /data/data/####/libxplat_hermes_API_SynthTraceAndroid.so
  • /data/data/####/libxplat_i18n_I18nAssetsProviderAndroid.so
  • /data/data/####/libxplat_js_react-native-github_ReactCommon_cxx...oid.so
  • /data/data/####/libxplat_js_react-native-github_ReactCommon_jsi...oid.so
  • /data/data/####/libxplat_js_react-native-github_ReactCommon_log...oid.so
  • /data/data/####/libxplat_js_react-native-github_ReactCommon_rea...oid.so
  • /data/data/####/libxplat_jsi_JSIDynamicAndroid.so
  • /data/data/####/libxplat_jsi_jsiAndroid.so
  • /data/data/####/libxplat_lifecycle_ScopedMemorySnapshotAndroid.so
  • /data/data/####/libxplat_mobilenetwork_commonAndroid.so
  • /data/data/####/libxplat_mobilenetwork_dnsresolverAndroid.so
  • /data/data/####/libxplat_mobilenetwork_fbdomainsAndroid.so
  • /data/data/####/libxplat_mobilenetwork_mbedtlsutilsAndroid.so
  • /data/data/####/libxplat_mobilenetwork_mobilenetworkAndroid.so
  • /data/data/####/libxplat_mobilenetwork_securetcpAndroid.so
  • /data/data/####/libxplat_mobilenetwork_tcpAndroid.so
  • /data/data/####/libxplat_mobilenetwork_third-party_mbedtls_tlsAndroid.so
  • /data/data/####/libxplat_mobilenetwork_tls_mbedAndroid.so
  • /data/data/####/libxplat_perflogger_base_baseAndroid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLC...oid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLG...oid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLM...oid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLR...oid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLS...oid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLT...oid.so
  • /data/data/####/libxplat_perflogger_c_api_c_apiAndroid.so
  • /data/data/####/libxplat_perflogger_conversions_conversionsAndroid.so
  • /data/data/####/libxplat_perflogger_hybridperflogger_hybridperf...oid.so
  • /data/data/####/libxplat_perflogger_hybriduserflow_hybriduserfl...oid.so
  • /data/data/####/libxplat_perflogger_perfloggerAndroid.so
  • /data/data/####/libxplat_perflogger_structured_data_structured_...oid.so
  • /data/data/####/libxplat_perflogger_synchronization_synchroniza...oid.so
  • /data/data/####/libxplat_perflogger_xanalytics_xanalyticsAndroid.so
  • /data/data/####/libxplat_rp_omnigrid_arlogridAndroid.so
  • /data/data/####/libxplat_rp_omnigrid_utilsAndroid.so
  • /data/data/####/libxplat_rtc_logging_file_manager_RTCFileManagerAndroid.so
  • /data/data/####/libxplat_secure_lib_secure_stringAndroid.so
  • /data/data/####/libxplat_structuredlogger_events_ArfxRenderTime...oid.so
  • /data/data/####/libxplat_structuredlogger_events_ArfxWaterfallE...oid.so
  • /data/data/####/libxplat_structuredlogger_events_HermesGcEventAndroid.so
  • /data/data/####/libxplat_structuredlogger_events_RealtimeFramew...oid.so
  • /data/data/####/libxplat_timeinappcore_timeinappcore-nonnatives...oid.so
  • /data/data/####/libxplat_whatsapp_wamedia_imgoperations_libwaim...oid.so
  • /data/data/####/libxplat_whatsapp_wamedia_libwamediacommon_libw...oid.so
  • /data/data/####/libxplat_whatsapp_wamedia_libwamediastreams_lib...oid.so
  • /data/data/####/libxplat_whatsapp_wamedia_media-detection_media...oid.so
  • /data/data/####/libxplat_whatsapp_wamedia_mp4operations_libmp4o...oid.so
  • /data/data/####/libxxhash.so
  • /data/data/####/libyoga.so
  • /data/data/####/libyogacore.so
  • /data/data/####/native_state.txt
  • /data/data/####/proc_auxv
  • /data/misc/####/primary.prof
Miscellaneous:
Uses special library to hide executable bytecode.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android