FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.BankBot.11182

Added to the Dr.Web virus database: 2021-11-09

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.8970
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.0) 1####.250.179.202:443
  • TCP(TLS/1.0) mqtt-####.face####.com:443
  • TCP(TLS/1.0) 1####.251.36.10:443
  • TCP(TLS/1.0) raw.githubu####.com:443
  • TCP(TLS/1.0) www.face####.com:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.2) 1####.250.179.202:443
  • TCP(TLS/1.2) 1####.217.168.234:443
  • TCP(TLS/1.2) 1####.250.179.142:443
  • UDP 1####.250.179.202:443
DNS requests:
  • and####.google####.com
  • connect####.gst####.com
  • m####.go####.com
  • mqtt-####.face####.com
  • raw.githubu####.com
  • www.face####.com
HTTP POST requests:
  • www.face####.com:443/mobile/instagram_android_crash_logs/
File system changes:
Creates the following files:
  • /data/data/####/.cl
  • /data/data/####/1636425825000.stacktrace
  • /data/data/####/1636425877000.stacktrace
  • /data/data/####/321002469
  • /data/data/####/3794
  • /data/data/####/3806
  • /data/data/####/3814
  • /data/data/####/3843
  • /data/data/####/3872
  • /data/data/####/3889
  • /data/data/####/9f0da2b3-0499-4989-bcc4-df30ef2e4d2c-InternalEr...leted)
  • /data/data/####/ACRA-INSTALLATION
  • /data/data/####/INSTALLATION
  • /data/data/####/acra_criticaldata_store.xml
  • /data/data/####/acra_flags_store.xml
  • /data/data/####/androidx.work.workdb-journal
  • /data/data/####/classes.dex
  • /data/data/####/classes.dex;classes2.dex
  • /data/data/####/classes.dex;classes3.dex
  • /data/data/####/classes.dex;classes4.dex
  • /data/data/####/classes.dex;classes5.dex
  • /data/data/####/classes.dex;classes6.dex
  • /data/data/####/classes.dex;classes7.dex
  • /data/data/####/classes.dex;classes8.dex
  • /data/data/####/classes.dex;classes9.dex
  • /data/data/####/com.instagram.android_0ba4bdeb-30b7-36b0-7a33-5...static
  • /data/data/####/com.instagram.android_1aa9c3c3-5ed8-3f43-7e03-5...static
  • /data/data/####/com.instagram.android_204ed8ce-ae11-98d9-de5e-d...static
  • /data/data/####/com.instagram.android_34cc2cf2-fb34-941f-abde-c...static
  • /data/data/####/com.instagram.android_43156a2d-65fc-13fa-957d-2...static
  • /data/data/####/com.instagram.android_469ac0f5-0289-2b6f-e6e6-6...static
  • /data/data/####/com.instagram.android_970fbe36-0341-1636-34c7-9...static
  • /data/data/####/com.instagram.android_9c96f51e-67f4-21a5-e302-a...static
  • /data/data/####/com.instagram.android_browser_3c358554-14f8-353...static
  • /data/data/####/com.instagram.android_c337ccd8-f6d7-364b-91ac-4...static
  • /data/data/####/com.instagram.android_dd71cae6-6c4b-59ac-a193-2...static
  • /data/data/####/com.instagram.android_f480161b-c67c-4f50-d646-9...static
  • /data/data/####/com.instagram.android_f65a6294-02b1-eb89-abbd-e...static
  • /data/data/####/com.instagram.android_preferences.xml
  • /data/data/####/crash_lock
  • /data/data/####/crash_log
  • /data/data/####/d30f212e-0e18-490a-8950-c42d8c75535d-InternalEr...ktrace
  • /data/data/####/d30f212e-0e18-490a-8950-c42d8c75535d-InternalEr...leted)
  • /data/data/####/dso_deps
  • /data/data/####/dso_instance_lock
  • /data/data/####/dso_lock
  • /data/data/####/dso_manifest
  • /data/data/####/dso_state
  • /data/data/####/fbnslite_log0
  • /data/data/####/insta_crash_log
  • /data/data/####/libIGL.so
  • /data/data/####/libInstagramDasmConfigCreator-jni.so
  • /data/data/####/lib_bandwidth_estimator.so
  • /data/data/####/lib_request_measurement.so
  • /data/data/####/libaborthooks.so
  • /data/data/####/libacra.so
  • /data/data/####/libactivitythreadhookjni.so
  • /data/data/####/libanalyticsutil-jni.so
  • /data/data/####/libappstatelogger.so
  • /data/data/####/libappstatelogger2.so
  • /data/data/####/libarcore_sdk_c.so
  • /data/data/####/libard-android-async-asset-fetcher.so
  • /data/data/####/libard-shader-models-android.so
  • /data/data/####/libard-upload.so
  • /data/data/####/libardelivery-merged.so
  • /data/data/####/libarengineservicesutils.so
  • /data/data/####/libarfxgraphicsmerged.so
  • /data/data/####/libarlink.so
  • /data/data/####/libarstandalonetracking-native-android.so
  • /data/data/####/libartsmartgc.so
  • /data/data/####/libarvr_projects_viper_viper_pipeline_configura...oid.so
  • /data/data/####/libaudiograph-native.so
  • /data/data/####/libaudiopostprocessing-native.so
  • /data/data/####/libbandwidth_estimator_jni.so
  • /data/data/####/libbloks-pando-jni.so
  • /data/data/####/libbreakpad_extra.so
  • /data/data/####/libbsdiff.so
  • /data/data/####/libcamera-xplat-spars-jni.so
  • /data/data/####/libcj_moz.so
  • /data/data/####/libcommonpatchjni.so
  • /data/data/####/libcontextual-music-graph-android.so
  • /data/data/####/libcrypto.so
  • /data/data/####/libcryptopub-jni.so
  • /data/data/####/libcryptopub.so
  • /data/data/####/libdalvikdistract.so
  • /data/data/####/libdalviksmartgc.so
  • /data/data/####/libdextricksmerged.so
  • /data/data/####/libdistractutil.so
  • /data/data/####/libdouble-conversion.so
  • /data/data/####/libeffectservicehostmerged.so
  • /data/data/####/libfb_ffmpeg.so
  • /data/data/####/libfb_ffmpeg_jni.so
  • /data/data/####/libfb_mboost-lite.so
  • /data/data/####/libfb_mboost.so
  • /data/data/####/libfb_mozjpeg.so
  • /data/data/####/libfbandroid_java_com_facebook_cameracore_media...jni.so
  • /data/data/####/libfbandroid_java_com_facebook_memory_ion_libion_libion.so
  • /data/data/####/libfbandroid_native_aosp_libs_libunwindstack.so
  • /data/data/####/libfbandroid_native_messenger_jni_mcp_jni-mcpin...oid.so
  • /data/data/####/libfbaudiomerged.so
  • /data/data/####/libfbjitdalvikutils.so
  • /data/data/####/libfbjitoptionsjni.so
  • /data/data/####/libfbjitshared.so
  • /data/data/####/libfbnightwatch.so
  • /data/data/####/libfbpayptt-android.so
  • /data/data/####/libfbreact-i18nassetsmodule.so
  • /data/data/####/libfbsystrace.so
  • /data/data/####/libfilestathelper.so
  • /data/data/####/libfilters-native-android.so
  • /data/data/####/libflatbuffers.so
  • /data/data/####/libflexlayout.so
  • /data/data/####/libfmt.so
  • /data/data/####/libforker.so
  • /data/data/####/libfssync.so
  • /data/data/####/libglcommon.so
  • /data/data/####/libglprogramcompiler.so
  • /data/data/####/libgputimer-jni.so
  • /data/data/####/libhermes-crashmanager.so
  • /data/data/####/libhermes-executor.so
  • /data/data/####/libhiddenapi.so
  • /data/data/####/libhprofsanitizer.so
  • /data/data/####/libhybridlogsinkjni.so
  • /data/data/####/libig_libyuv_jni.so
  • /data/data/####/libigbitmap_runtime_for_v21.so
  • /data/data/####/libigbitmap_runtime_for_v23.so
  • /data/data/####/libigblur.so
  • /data/data/####/libimage_quality_utils.so
  • /data/data/####/libinstagram-libarlink.so-orderfile.so
  • /data/data/####/libinstagram-libcaffe2.so-orderfile.so
  • /data/data/####/libinstagram-libfb_mozjpeg.so-orderfile.so
  • /data/data/####/libinstagram-libfbjsc.so-orderfile.so
  • /data/data/####/libinstagram-libxplat_third-party_protobuf_fb-p...ile.so
  • /data/data/####/libinstagramDatabaseRedacter-jni.so
  • /data/data/####/libinstagramDatabaseSchemaDeployer-jni.so
  • /data/data/####/libinstagramTableToCqlProcRegistration-jni.so
  • /data/data/####/libionmemory.so
  • /data/data/####/libjavamemmetrics.so
  • /data/data/####/libjiagu.so
  • /data/data/####/libjniperflogger.so
  • /data/data/####/libjniuserflow.so
  • /data/data/####/libjpegutils_moz.so
  • /data/data/####/libjsijnimdcd.so
  • /data/data/####/libjsijniprofiler.so
  • /data/data/####/libliger.so
  • /data/data/####/liblimitstack.so
  • /data/data/####/liblivestreaming.so
  • /data/data/####/liblocationdataprovider.so
  • /data/data/####/liblogcat-interceptor-breakpad.so
  • /data/data/####/liblogcat-interceptor.so
  • /data/data/####/libloommerged.so
  • /data/data/####/liblyramanager.so
  • /data/data/####/libmailboxinstagrampresencejni.so
  • /data/data/####/libmailboxinstagramsearchjni.so
  • /data/data/####/libmailboxinstagramsecuremessagejni.so
  • /data/data/####/libmailboxinstagramuserjni.so
  • /data/data/####/libmapbufferjni.so
  • /data/data/####/libmapsreader.so
  • /data/data/####/libmediacodechooks_jni.so
  • /data/data/####/libmediamanagerjni.so
  • /data/data/####/libmediapipeline-iglu-merged.so
  • /data/data/####/libmediapipeline.so
  • /data/data/####/libmem_alloc_marker.so
  • /data/data/####/libmessengerarmadilloinstagram_jni.so
  • /data/data/####/libmessengermcppluginregistryintegrationjni.so
  • /data/data/####/libmessengersynctaskexecutormanagerjni.so
  • /data/data/####/libminscompiler-jni.so
  • /data/data/####/libmnscertificateverifier.so
  • /data/data/####/libmobilenetwork_jni.so
  • /data/data/####/libmsgnotificationenginejni.so
  • /data/data/####/libmsssim.so
  • /data/data/####/libmsyscryptomerged.so
  • /data/data/####/libmsysflipperjni.so
  • /data/data/####/libmsysxplatmerged.so
  • /data/data/####/libmultipeerservice.so
  • /data/data/####/libmusiceffect-native.so
  • /data/data/####/libnative_allocation_hooks_installer_jni.so
  • /data/data/####/libnative_bridge.so
  • /data/data/####/libnightwatch.so
  • /data/data/####/liboatmeal.so
  • /data/data/####/libonecamera-iglufilter-graph.so
  • /data/data/####/liborcaomnigridjni.so
  • /data/data/####/libpando-core.so
  • /data/data/####/libpando-engine.so
  • /data/data/####/libpando-graphql.so
  • /data/data/####/libpando-jni.so
  • /data/data/####/libparticipantservice.so
  • /data/data/####/libpdqhashing.so
  • /data/data/####/libperfloggerxplat_init.so
  • /data/data/####/libpgo-native-500.so
  • /data/data/####/libpgo-native-511.so
  • /data/data/####/libpgo-native-601.so
  • /data/data/####/libpgo-native-700.so
  • /data/data/####/libpgo-native-712.so
  • /data/data/####/libpgo-native-800.so
  • /data/data/####/libpgo-native-810.so
  • /data/data/####/libpgo-native-900.so
  • /data/data/####/libpl_droidsonroids_gif.so
  • /data/data/####/libplthooks.so
  • /data/data/####/libprofiloextapi.so
  • /data/data/####/libpthread_interceptor.so
  • /data/data/####/libqpljsibindingsjni.so
  • /data/data/####/libquicksand.so
  • /data/data/####/libreactnativejni.so
  • /data/data/####/libreactperfloggerjni.so
  • /data/data/####/librealtime.so
  • /data/data/####/libredexsharedmerged.so
  • /data/data/####/libregiontracking.so
  • /data/data/####/libreliability.so
  • /data/data/####/librequest_measurement_jni.so
  • /data/data/####/librestricks.so
  • /data/data/####/librtc.so
  • /data/data/####/librtmpssl.so
  • /data/data/####/libscene-understanding-recognizer-android.so
  • /data/data/####/libscrambler.so
  • /data/data/####/libsecurethreadlistchildresultsetutils.so
  • /data/data/####/libsigquit.so
  • /data/data/####/libsimplejni.so
  • /data/data/####/libsmartcapture_id.so
  • /data/data/####/libspark-qpluserflow-native.so
  • /data/data/####/libssim.so
  • /data/data/####/libstash-jni.so
  • /data/data/####/libstringregex-jni.so
  • /data/data/####/libstrings.so
  • /data/data/####/libsurfacenativemem.so
  • /data/data/####/libtarget-recognition-android.so
  • /data/data/####/libthird-party_boost_boostAndroid.so
  • /data/data/####/libthird-party_boost_boost_contextAndroid.so
  • /data/data/####/libthird-party_boost_boost_randomAndroid.so
  • /data/data/####/libthird-party_brotli_brotli_decodeAndroid.so
  • /data/data/####/libthird-party_libev_libevAndroid.so
  • /data/data/####/libthird-party_libyuv_libyuvAndroid.so
  • /data/data/####/libthird-party_nghttp2_nghttp2Android.so
  • /data/data/####/libthird-party_nghttp3_nghttp3Android.so
  • /data/data/####/libthird-party_ngtcp2_ngtcp2Android.so
  • /data/data/####/libthird-party_png_pngAndroid.so
  • /data/data/####/libthird-party_webp_webpAndroid.so
  • /data/data/####/libthreadutils-jni.so
  • /data/data/####/libtimeinapp-jni.so
  • /data/data/####/libtls13_socket.so
  • /data/data/####/libturbomodulejsijni.so
  • /data/data/####/libuimanagerjni.so
  • /data/data/####/libunwindstack_stream.so
  • /data/data/####/libwebpdecoder-native.so
  • /data/data/####/libwebpencoder-native.so
  • /data/data/####/libxplat_MobileCoreHealth_memorydebug_memorydeb...oid.so
  • /data/data/####/libxplat_ReactNative_react_jsi_HeapSnapshotAndroid.so
  • /data/data/####/libxplat_ReactNative_react_jsi_HermesExecutorFa...oid.so
  • /data/data/####/libxplat_ReactNative_react_jsi_JSITracingAndroid.so
  • /data/data/####/libxplat_ReactNative_react_module_i18nassetsmod...oid.so
  • /data/data/####/libxplat_bloks_common_commonAndroid.so
  • /data/data/####/libxplat_caffe2_fb_dynamic_pytorch_dynamic_pyto...oid.so
  • /data/data/####/libxplat_caffe2_fb_dynamic_pytorch_inference_co...oid.so
  • /data/data/####/libxplat_caffe2_fb_dynamic_pytorch_pytorch_shim...oid.so
  • /data/data/####/libxplat_caffe2_minizAndroid.so
  • /data/data/####/libxplat_common_bufferpool_bufferpoolAndroid.so
  • /data/data/####/libxplat_common_integrity_clientAndroid.so
  • /data/data/####/libxplat_common_integrity_commonAndroid.so
  • /data/data/####/libxplat_flexlayout_flexlayoutAndroid.so
  • /data/data/####/libxplat_fury_FuryCXXAndroid.so
  • /data/data/####/libxplat_hermes_API_HermesAPIAndroid.so
  • /data/data/####/libxplat_hermes_API_SynthTraceAndroid.so
  • /data/data/####/libxplat_i18n_I18nAssetsProviderAndroid.so
  • /data/data/####/libxplat_instagram_msys_feature_aggregation_Das...oid.so
  • /data/data/####/libxplat_instagram_msys_feature_aggregation_Ins...oid.so
  • /data/data/####/libxplat_instagram_msys_feature_aggregation_ins...oid.so
  • /data/data/####/libxplat_instagram_msys_instagram_notification_...oid.so
  • /data/data/####/libxplat_instagram_msys_notifications_plugins_I...oid.so
  • /data/data/####/libxplat_instagram_msys_presence_IGPresenceStor...oid.so
  • /data/data/####/libxplat_instagram_msys_presence_MessengerInsta...oid.so
  • /data/data/####/libxplat_instagram_msys_search_InstagramSearchC...oid.so
  • /data/data/####/libxplat_instagram_msys_search_MessengerInstagr...oid.so
  • /data/data/####/libxplat_instagram_msys_secure_IGSecureMessageS...oid.so
  • /data/data/####/libxplat_instagram_msys_secure_InstagramSecureM...oid.so
  • /data/data/####/libxplat_instagram_msys_secure_MessengerInstagr...oid.so
  • /data/data/####/libxplat_instagram_msys_user_IGUserStoredProced...oid.so
  • /data/data/####/libxplat_instagram_msys_user_InstagramUserCQLAndroid.so
  • /data/data/####/libxplat_instagram_msys_user_MessengerInstagram...oid.so
  • /data/data/####/libxplat_js_react-native-github_ReactCommon_cxx...oid.so
  • /data/data/####/libxplat_js_react-native-github_ReactCommon_jsi...oid.so
  • /data/data/####/libxplat_js_react-native-github_ReactCommon_log...oid.so
  • /data/data/####/libxplat_js_react-native-github_ReactCommon_rea...oid.so
  • /data/data/####/libxplat_jsi_JSIDynamicAndroid.so
  • /data/data/####/libxplat_jsi_jsiAndroid.so
  • /data/data/####/libxplat_lifecycle_ScopedMemorySnapshotAndroid.so
  • /data/data/####/libxplat_mediamanager_MediaManagerAndroid.so
  • /data/data/####/libxplat_mobilenetwork_commonAndroid.so
  • /data/data/####/libxplat_mobilenetwork_dnsresolverAndroid.so
  • /data/data/####/libxplat_mobilenetwork_fbdomainsAndroid.so
  • /data/data/####/libxplat_mobilenetwork_mbedtlsutilsAndroid.so
  • /data/data/####/libxplat_mobilenetwork_mobilenetworkAndroid.so
  • /data/data/####/libxplat_mobilenetwork_securetcpAndroid.so
  • /data/data/####/libxplat_mobilenetwork_tcpAndroid.so
  • /data/data/####/libxplat_mobilenetwork_third-party_mbedtls_tlsAndroid.so
  • /data/data/####/libxplat_mobilenetwork_tls_mbedAndroid.so
  • /data/data/####/libxplat_notifications_extensions_NotificationE...oid.so
  • /data/data/####/libxplat_perflogger_base_baseAndroid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLC...oid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLG...oid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLM...oid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLR...oid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLS...oid.so
  • /data/data/####/libxplat_perflogger_base_generated_Modules_QPLT...oid.so
  • /data/data/####/libxplat_perflogger_c_api_c_apiAndroid.so
  • /data/data/####/libxplat_perflogger_conversions_conversionsAndroid.so
  • /data/data/####/libxplat_perflogger_hybridperflogger_hybridperf...oid.so
  • /data/data/####/libxplat_perflogger_hybriduserflow_hybriduserfl...oid.so
  • /data/data/####/libxplat_perflogger_perfloggerAndroid.so
  • /data/data/####/libxplat_perflogger_structured_data_structured_...oid.so
  • /data/data/####/libxplat_perflogger_synchronization_synchroniza...oid.so
  • /data/data/####/libxplat_perflogger_xanalytics_xanalyticsAndroid.so
  • /data/data/####/libxplat_rp_omnigrid_arlogridAndroid.so
  • /data/data/####/libxplat_rp_omnigrid_modelsAndroid.so
  • /data/data/####/libxplat_rtc_logging_file_manager_RTCFileManagerAndroid.so
  • /data/data/####/libxplat_secure_lib_secure_stringAndroid.so
  • /data/data/####/libxplat_sonar_xplat_FlipperAndroid.so
  • /data/data/####/libxplat_structuredlogger_events_ArfxRenderTime...oid.so
  • /data/data/####/libxplat_structuredlogger_events_ArfxWaterfallE...oid.so
  • /data/data/####/libxplat_structuredlogger_events_HermesGcEventAndroid.so
  • /data/data/####/libxplat_structuredlogger_events_RealtimeFramew...oid.so
  • /data/data/####/libxplat_third-party_jsoncpp_jsoncppAndroid.so
  • /data/data/####/libxplat_third-party_yajl_yajlAndroid.so
  • /data/data/####/libxplat_timeinappcore_timeinappcore-nonnatives...oid.so
  • /data/data/####/libxplat_whatsapp_wamedia_imgoperations_libwaim...oid.so
  • /data/data/####/libxplat_whatsapp_wamedia_libwamediacommon_libw...oid.so
  • /data/data/####/libxplat_whatsapp_wamedia_libwamediastreams_lib...oid.so
  • /data/data/####/libxplat_whatsapp_wamedia_media-detection_media...oid.so
  • /data/data/####/libxplat_whatsapp_wamedia_mp4operations_libmp4o...oid.so
  • /data/data/####/libxxhash.so
  • /data/data/####/libyoga.so
  • /data/data/####/libyogacore.so
  • /data/data/####/proc_auxv
  • /data/data/####/reportfile.prealloc
  • /data/data/####/rti.mqtt.address.xml
  • /data/data/####/rti.mqtt.analytics.xml
  • /data/data/####/rti.mqtt.fbns_state.xml
  • /data/data/####/rti.mqtt.ids.xml
  • /data/data/####/rti.mqtt.ids.xml.bak
  • /data/data/####/rti.mqtt.mqtt_radio_active_time.xml
  • /data/data/####/rti.mqtt.registrations.xml
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/ls -l /proc/3799/fd
  • /system/bin/ls -l /proc/5055/fd
  • logcat -t 200 -v threadtime
Uses special library to hide executable bytecode.
Gets information about network.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play