ELF_NUKESPED.A
Trojan.AndroidOS.Manuscrypt.a (Kaspersky); Android/NukeSped.A!tr (Fortinet)
Linux, Android OS
Threat Type: Backdoor
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
Downloaded from the Internet
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes commands from a remote malicious user, effectively compromising the affected system.
TECHNICAL DETAILS
21,812 bytes
ELF
Yes
28 Mar 2017
Connects to URLs/IPs
Arrival Details
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Backdoor drops the following files:
- /data/system/dnscd.db → Encrypted file containing C&C servers.
Backdoor Routine
This Backdoor executes the following commands from a remote malicious user:
- Get file list
- Download file
- Upload file
- Execute command
- Remove file/directory
- Execute command and send result to C&C
- Send device information
- Change directory
- Switch C&C
- Terminate self-process
- Disconnect from C&C and sleep
- Send C&C list
- Download C&C list
It connects to the following URL(s) to send and receive commands from a remote malicious user:
- {BLOCKED}.{BLOCKED}.189.174:443
- {BLOCKED}.{BLOCKED}.200.107:443
- {BLOCKED}.{BLOCKED}.212.31:443
As of this writing, the said sites are inaccessible.
SOLUTION
9.850
13.982.01
21 Feb 2018
13.983.00
22 Feb 2018
Step 1
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:
Step 2
Remove unwanted apps on your Android mobile device
Did this description help? Tell us how we did.