Zi 字媒體

關於「相冊」類安卓惡意程序威脅信息共享通報

2021/12/25

yidianzixun

2017年6月5日至6月11日，國家互聯網應急中心通過自主監測和樣本交換形式共發現75個竊取用戶個人信息的惡意程序變種，該類病毒通過簡訊進行傳播會私自竊取用戶簡訊和通訊錄，對用戶信息安全造成嚴重的安全威脅。

01

樣本惡意行為分析

1）運行后隱藏安裝圖標，同時誘騙用戶點擊激活設備管理器功能，導致用戶無法正常卸載；

2）私自向黑客指定的手機號發送提示簡訊，"軟體安裝完畢，識別碼：IMEI號碼,型號,手機系統版本和激活成功"；

3）私自將用戶手機里已存在的所有簡訊和通訊錄上傳至指定的郵箱；

4）私自接收指定手機號碼發來簡訊控制指令，執行控制指令內容；

5）私自將用戶接收到新的簡訊轉發至指定的手機號，同時在用戶的收件箱中刪除該簡訊。

02

樣本惡意數據共享

2.1本次事件涉及惡意程序變種文件MD5信息如下：

惡意程序變種文件MD5

3A088F83589F9ACA6703516782B345C9

3A64936AB8A08FC7A8E45447615CF18E

3AAA16AE7119618FE5A75AE05A8E55CF

0EF3AEBBC0FA64399D9586B9064920DE

3A20FB1ACBF3A4B95FC3492FA233D31A

3A3020EC375A42B2A99DF8374E3214F1

3A481EC66375134E8113F0E0613BCFE3

3AAE59D5294D41F0D97F04EA47245B76

3B7B2572226FF4AED3CC84D1FBB430D2

485D018AFF698E61DBD501EC7EAE1DC4

4BB14AE9F7A7ED4C5762CCFD543A0713

507466161D64F0C3A6EEF5C274B2C294

50F394311DB295C0F05144025A9CB8AF

522D9B10AA14EB3C7ACA76E499BC7DEE

534865755215B0F9D0B5620A84A26C2B

5A522BE6F79DB3FDF083570DDB6F0C24

5C2FEB856C1687794BCFEAFB2DF4BF0E

E99BD393C9DD17750361B7104A4874FC

F773ECE133210613D6DEA8C117EF6E7F

F7C24856178FBDACC3009D728DD3AA26

97AC42D0F3299F608628CA55EC18AE61

65CDF9D2F0AEC7B624976B7DF76C9DF6

699E7882C69561E8C74AEB9B979304C9

72FB61C1274CF71A578EDED0C0032EB5

73AE1E40901B1A7E029CF20B80BD8446

8BBC56A67D859836D561D9D949224250

8C18E49FC5FDD611A7C7B4CBAFC22583

946AA2EA51943CBD2FC5AFE9A3048362

95348EFE3F9D8C675C0EEE36B64FDD2B

99F13C8D8F91E249F539294293DA5F3B

B0B2453BA378180FA0FE0AEBFFD9827C

3B2CC78E7CCF7390A8C8BBDA4CB5DD39

3B7B070FF5FC334F2822BC9FC0A4852B

4D8B7D2E9C0205B83C91F330D777E835

4F9857D322AC260CBBC419C1A3D92F29

513AD76F140DBAD960FF87A00EB07F20

7E3DD4F56B0D93C50F760AFFC76426F0

F01848DBBBE158488DCF1C7DC34675FA

F151A8CBBE2A1B1D36AE32410F27D73C

F6E4CCB6B22CB7541EC4A969CFA1A195

F986C2958ACCB437C3D82B2C4DD1054A

F9C8D4A60A875CEB6EEDFFB291908CFE

FAA5961EE3ACBCFFA449311D0BCF18BD

C64D272583561EB1DC9F8F4277C278AE

81D4A2A85779906817AAE19D25A9612D

91F53BEE9391C92785154CE4B61B63D4

96C417AC013A744B00E27B563F9835E9

9AD6D6408B5BA10EB7EF2D0EC9701A9F

9F2182D9C72EDB9DBAD61120EF90900C

A091DAE4B90FC1C0D2253382348590FA

A2D7149432BDE79D9484A3CDE5FBF4EF

A67F06E01EAF2E62A65F4877309BD805

A797BC3F38283B0F8DE32E2568E6B3C1

AD3DBC2D712B531F377A172FDEC9DF44

B5028824AAB4CE918E35AD73F43D801A

BE64C5B8D7372DBA00AA4BB0AE37758D

4BC87096A1C5A33479F1CA8B82F3C130

7895FC127BCE4D4543CC3BD3D8549F37

3B7F4D72DA1D37867B148C34D39F4522

3B9609364B303B4F4BA2325C0F758094

4D0FFE0FF4C6A8B4D66FC46E431A574D

F1C81402C9FEB699159CB2F652653BDD

A77159988C2C4E8E646A84D0FF851A5D

3A19F0245D20B04D72D4CFD340A95441

3AFAD517EBBDABCCA982EE3C593FE4D6

4BC8435C3017705E88E2C31F2C32282D

FA5F7B19BC6D921EFBA3D88AA6CE94CF

FB6355ADEA2691350B847C8E47DC870E

A70233FBDA4FC52A879A11AF63EB41B5

3B156AFC5CC7687763B5981D782551A6

3A09254350003257D1DF9C2C000E77CD

3A2192B41DE914DE5C3E3611025A185D

3A248862C7C102EB0335FF45FD3F9339

3A783F62579966B59797DB279CFD7912

3A92CF9B9218FF6E1BD762730322B709

2.2 本次事件威脅安全的郵箱賬戶MD5信息如下：

郵箱賬戶的MD5

郵箱服務商

6E6E11379E3D85C1C81D98070A4B8A5F139郵箱0E7F5D16F2D8DDCD164B919342141618139郵箱AFB26B60EAA7BA1769C0C391E1F428BD139郵箱D77156E2FDD98A79E2A586ED8773816D163郵箱E0427D8B2EBEA7EBE05910D51EE34BE6163郵箱6993BF2AA20E9D642E3285B118F90391163郵箱A0D0053AA48F947137D89342983318AD163郵箱D668A1C04CE76E64BD857C2F845A2321163郵箱C27302A0CFD29F3025CB97108FB22014163郵箱04362CA2D6793BBF90495C6A48B323F3163郵箱8237CD68CF8C7182EE2DC949670DB6A6163郵箱D9099D7CEDCA6E44F3323C57FD1379CD163郵箱6276EB7A8D4461697D72D51875510E2A163郵箱7645768464B8CCC451CDF24A97B96730163郵箱2C75E3F25437BDEAE3FACC30CF0C30F7163郵箱1C7A91195BD8A34F6F36A61B2C932AFF163郵箱6DED6E592D1892C408F4FF688640A0E3163郵箱99AAB86F0146C741C0058495E8BAC562163郵箱163郵箱60E36DA1B895E3AE5FE389357DC1ADE6163郵箱11F83C1EB64D7020F866366FFE16AB79163郵箱163郵箱17B9687C7AE09333654327A449093DB7163郵箱52ED31C9338FF4CB871B6B7DBA89A19B163郵箱163郵箱163郵箱163郵箱EE5C0FD7814DBA4A424053FA0D9E452E163郵箱87EFA71C14D4D11D4F2D685AF234D76D163郵箱38BC850F4C787B62AF1AACC436170053163郵箱163郵箱E79E621EF09E97AB3C5A547B57C4EC36189郵箱2EB6892D0436A2BDD7BAF8E2CF6C4591189郵箱87C4B9BB0D9FB584E8E5C5A735AA4D08189郵箱1CACA07DC92BF3799F168229AC3B229B189郵箱2BCFBC15DC86C282A47F03F96CCB0557189郵箱D8F95BBAF13099CD186318806FA13D2D189郵箱CF4062F35D9DAE15DA1B7D43669BCCC9189郵箱1677701D31E31912FD28BFF01CD4DB65189郵箱E3CDE5E1EA475B9A5FED6DCE2D5C5EC3189郵箱0ECD4F06B542C19B880A30E94C13B5C4189郵箱189郵箱71F0B4176872C391CD83F487C7B309A7189郵箱D4AB9A63103D582294696EB246845F7E189郵箱591B2B97D443FFEA791061546D832AF7189郵箱FC36AB0D90BBCDE41DD6F42468684323189郵箱E02D637C2132C64CDB027401CD93A157189郵箱7B52F3B840F52375D532CC3C3ED184B3189郵箱FE5BAEF2C6897161BACCDCF3B0DF3E5C189郵箱8D47BBF6C65452149B1122FFBA4C31E9189郵箱FFC1ABE7DDA71C76B2883F35711AA1BA189郵箱9E8B5FE554FEC4573E87202A5BC60208189郵箱D2DD514BEF3AC867881EEA71FFA6BA87189郵箱189郵箱6D5F67D2EBDA26B3EDAD8D4FB1D63013189郵箱7F293298F034804B24C7B3F104E191AB189郵箱D2B10F54B6059602A1ED05D240A5489721CN郵箱97E5F4A1B344F4750CB51626028EC64F21CN郵箱262E7BC2B49DFBE191597BADA4CB25C4263郵箱263郵箱263郵箱263郵箱07FD9F3381A771435E104C8D005C41D0263郵箱1A1326AA7FD516239C5333040F4E515C163VIP郵箱AC35D982A43EFE63B41B5A36E3D35AAB163VIP郵箱5CE3C2DC11F93A4F804682F14CACB23F163VIP郵箱1345E97F10CF075178B871757732A6A6163VIP郵箱A2A8FC0A8BC7B8FBE46F7169BE0805FC新浪VIP郵箱6CE6866FA342E7B7C47936AF85AC8919新浪VIP郵箱9848A991808227CCDD4E508E789B3729沃郵箱

手機號MD5

運營商

歸屬地

50EE200B9526FDDEF6D6CCF670B7858E移動廣東5BE79D03D4B8DFF0E29D5213130E8F74移動廣東E54F8B7A779BAAFC307A7DD7EB302457移動廣東9CCDB7B0C6D6FA342E3553A109F65F8A移動安徽8C495A80AC532AD805959D5C55643572聯通廣東698C2F6DC86C35DC58D652D490211929移動浙江1EE01C34AD2B011CC472B1F8B59D76E8移動廣東8C01A2ECF5DAB51CB161F5014BAC8FA8移動北京1AE5EAB8A233890090A9248106AE5E4B移動安徽FA2365BCA440244AB26DA125967F6028移動廣東2FCEFFDD14944B7153CD49E0F28540B2移動北京C28B92C4606F523436D64307678FD103移動安徽B0F707E04A411B220B9119D273A46087移動安徽CF39D5F7A229E23F359BEFDED9DC1642移動安徽244D2F78322B62F7B4C12EE18078F14D聯通廣西053AF7C322F0E8BDEFFD076B5605D6C2移動北京2A2D8ED275BBEAAD06E02EF38712B5B3移動安徽移動安徽移動安徽5B8109C7CBF23A455551BB3E81B7D6FF聯通廣西62FEE6BE4831E0790725E6DFEB5EFFEE聯通廣西50C1D2E2182A7EFD98EA06E246B9FB3A移動安徽29BFCEA742E0EEABDE13F1F2286E95C4移動廣西18974770D11410E73955738FBE40CF7F聯通廣西E80C755557FD8BBF20127137937E9211聯通廣東移動北京移動安徽01E64075CD44037F500B748E815A3134聯通遼寧移動安徽聯通廣西移動安徽D36D876D463FED8A40204235C4041315聯通廣東3C87D9E78C3C87AC34E932035C0AF249聯通江蘇28092D990901A21188C070D1270F1E2B聯通廣東聯通廣西63E0B7A05013BDB83CF2FA1A5834330D天音移動遼寧DD5F055886ED99EAA4C7F3842DF1A933聯通遼寧FB09FAD2224FC4DDBA599C56B4827481分享通信黑龍江FA50B8CEDBC287C3B4C923D0A04F2370聯通廣東4B099E0AC0685AFC13604654F5F488A7聯通遼寧天音移動遼寧聯通遼寧810F4CB8FF5376DA87D17811C8537D53聯通黑龍江CD645BCD7DDC57D0E88D9F6F625ECAE7聯通江蘇1D8AA8E095446FE9D9727B7831FBFCC9聯通山東7DE2FB2ACFE13AB11212F5C1F8B8CCD1聯通廣東A2D61038A24AB8054431D3E3045F9CD2聯通安徽A89A8F64F490219778F4CFB3F79F80A3迪信通四川5AE0B2D3FA68F1C6EFC60CDAF84A894A聯通遼寧0D345710C6F6B53AE9FEB6B845243FCA聯通遼寧A05AA6AFCC190C1AA1716899D142A1F3聯通廣西372E3F40F5963FA0AC78EAFC70B949C1聯通廣西2B1E442577F3F9DF5B4FE84F7BE90B8C聯通黑龍江聯通遼寧EA59069D199D7797410BF5A46BD84C0E聯通江蘇A90451CDD6E7A10D5F2B6F71AEC85048聯通海南486560E6C120B677AB5F42ECCE4D6E88移動廣東59D73E9C4A956C445CD1462E3CCE757A移動上海211E926D416E28866E420A7A63F027B3移動上海移動廣東25D15919AD211B8C9D7ACCD2024DDCB3聯通廣西1F39CEFFC5205746A4CE495133F58C34移動安徽AEF5A4EBAC7F65100504C772B0C42D72移動江蘇0ABD50B5446A6111150A3405C3A62227移動廣東F90966E75831D31EC8F3860FEA12BD51移動北京96E5BE0F02471735C8F30D1761A2D47A移動廣東3C24CFDBA3DBC4542A8E27D55FE0572F聯通廣東E662E3971577FF8197225A5925C3DF07聯通上海3488881E695B37644FE86086C9E9419B移動北京8283171D1C43B9677C84E9EC337C1B59聯通廣東5CC613A0EC9CAB66C1CCEB134AD63CE1聯通黑龍江EA0F40BA8FAC3DC6737FD4A2FBC14FB3聯通廣東F2DD223B4C47ECC1E2F85AE7E608EBAD聯通湖北21C80A0F9CDF958958B9A85096F794AD移動廣東D9235EC9B43A18A3BE14B046857D023D移動北京

各成員單位可在網路安全威脅信息共享平台獲取該移動互聯網惡意程序樣本信息。網路安全威脅信息共享平台地址：

網路安全威脅信息共享平台由互聯網協會反網路病毒聯盟（ANVA）主持並建設，以方便企業共享威脅信息為出發點，以建立網路安全縱深防禦體系為目標，匯總基礎電信運營企業、網路安全企業等各渠道提供的惡意程序、惡意地址、惡意手機號、惡意郵箱等網路安全威脅信息數據，建立公開透明、公平公正的信息評價體系，利於各企業獲得想要的數據，激勵企業貢獻有價值的數據，促進信息共享的發展，遏制威脅信息在網路中的泛濫。

桃園 qq 地點貓咪桃園市 taoyuan xuan 根部尾巴有大桃園旅遊景點