Wednesday, October 8, 2014

Xsser mRat Android and IOS samples

Sorry for the delay, here are the Xsser samples.

Xsser Android
File: code4hk.apk
Size: 409709
MD5:  15E5143E1C843B4836D7B6D5424FB4A5
sample credit: Shalom Bublil

Xsser (mRat) for IOS

File: xsser.0day_1.1_iphoneos-arm.deb
MD5 2ee65c7faeba0899d397f6e105cc53c3
Sample Credit: KernelMode forum and anonymous upload to Malwaredump

Dylib files from the C2 (e.g.|iLib.4.0.0.dylib|4.0.0|1033720) 


Monday, September 15, 2014

iOS AppBuyer malware - infostealer

Wei Feng Technology Group -Wei Feng Technology Group] on the source of malicious hackers discovered a rogue plug-track hacking  (CN)
Palo Alto  AppBuyer: New iOS Malware Steals Apple ID and Password to Buy Apps; 

Sample credit: Claud Xiao

File: com.archive.plist
MD5:  6EEE2BA0C18C69A71E3F879C2A46BDAA

File: updatesrv
MD5:  1C32F9F05234CAC7DD7A83E3925A3105

File: u2_88
MD5:  B4DAFC195DB19C661C25C54AEA39982B

File: u1_88
MD5:  68424FF30F6FD1DEBD3CFF1997FAB17E

File: u1
MD5:  69147A1AD05D64202B2D7BB0EA1BAB46

File: u2_80
MD5:  5F4741EBAFFD9C53473D79A1252F82CB

File: u1_80
MD5:  B88451E74C1091B9022F7199704959B0

Download. Email me if you need the password.

Sunday, August 3, 2014

Android XXshenqi SMS sender

Analysis Report: Baidu
Sample Credit - Thomas Wang

Size: 1563595
MD5:  EF819779FC4BEE6117C124FB752ABF57

File: XXshenqi.apk
Size: 2588891
MD5:  9C06E0963A3F3383CD810F5041364BFA

Download. Email me if you need the password

Wednesday, July 23, 2014

Android ScarePackage Ransomware

Research: Lookout. U.S. targeted by coercive mobile ransomware impersonating the FBI
Sample Credit: Tim Strazzere

Size: 488296
MD5:  645A60E6F4393E4B7E2AE16758DD3A11

Download. Email me if you need the password

Monday, June 23, 2014

(Another) Android Trojan Scheme Using Google Cloud Messaging - SMS Spyware

Sample credit: Federico Maggi

File: test98.apk
Size: 1051288
MD5:  D65C5EF9739ABAE77F5B13B8B562B18A

File: test99.apk
Size: 1051283
MD5:  D968FF20B7A25A79E922511101B7F7CC\

File: test97.apk
Size: 1051286
MD5:  5A7C8EB61061F86FDCDBF9118711CC53

Wednesday, June 4, 2014

Simplocker - Android File-Encrypting, TOR-enabled Ransomware

File: fd694cf5ca1dd4967ad6e8c67241114c.bin
Size: 4917678
MD5:  FD694CF5CA1DD4967AD6E8C67241114C

Research: ESET Analyzes First Android File-Encrypting, TOR-enabled Ransomware
Sample credit: Sanjay Gupta

Download. Email me if you need the password

Tuesday, May 6, 2014

Android SMS trojan - Google fake installer (downloader from Dropbox url)


Download. Email me if you need the password

IOS iphone Stealer.A - malware acting as a Substrate module

Android fake AV - Se-cure MobieAV

Android Samsapo.A

Research: ESET: Android malware worm catches unwary users
Sample credit: Steven Chen

Size: 473650
MD5:  60B4EF7037CA6A4D1EE7E3C35C8E27D7
Size: 473875
MD5:  C1F9283B7AD8457160D3C189430F2C75

Download. Email me if you need the password

Android locker from the Reveton team

MD5 fb14553de1f41e3fcdc8f68fd9eed831

Sample credit -  Kafeine

Download :

Android Fake banker


Sample credit - anonymous (thank you)

Download. Email me if you need the password

Android SMS trojan Flash fake installer

File: imauyfxuhxd.qhlsrdb-1(20140414)(2).apk
Size: 141987
MD5:  7D25D4CDBF3CFC8B6E9466729B84D348

Sample credit - anonymous

Download. Email me if you need the password

Wednesday, April 2, 2014

Oldboot.B - Android bootkit

Research: Oldboot.B:与Bootkit技术结合的木马隐藏手段的运用 Chinese version: 
English version: Oldboot.B: Bootkit technology combined with the use of a means to hide Trojans 
Author: iRiqium, Zhaorun Ze, Jiang Xuxian

Sample credit: Qing Dong

sbin/adb_server  a4c89abc46bbb34c6dd2c23caad99d61
sbin/meta_chk 6976d12388939d6cb93e28236212c8c7
init.rc 51b52552baf91d00e8f34ec052339f13

sbin/meta_chk cea6dd8a13cbce59097ad87fafb91fcd
init.rc f8f8e0b089bedbd58bea8a262229a234

sbin/agentsysline e5d27b3e64ed5e2ae6d6c063e3ddf08a
sbin/boot_tst 04c6dfa8457f1dd88258d427be089e00
init.rc eec3292341177d9e39530d0ab481ead0

Download. Email me if you need the password

Image by

Wednesday, March 26, 2014

Android CoinKrypt - bitcoin miner malware

Research: Lookout. CoinKrypt: How criminals use your phone to mine digital currency
Sample credit: Tim Strazzere

File: com.melodis.midomiMusicIdentifier.apk
Size: 8248809
MD5:  61253FAAC66F34BCF35B80FE767F136E

Size: 6026091
MD5:  738A0109AB5C37F9EFA7729EACDBE314

File: mikado.bizcalpro.apk
Size: 3330167
MD5:  BCCC62AE0129D484F0407FEDD701D211

Download. Email me if you need the password

Tuesday, March 25, 2014

iOS adware using Cydia

New iOS malware use Cydia Substrate to steal advertisement promotion fee by Claud Xiao
or in Chinese

File: spad.plist
Size: 302
MD5:  D90A9E9DD3C95E9C12CAFE48F5362781

File: spad.dylib
Size: 166976
MD5:  8099C75F8F3A7BE16A8246FD5B90185A

Additional binaries
downloaded by the adware to the victims device

File: libgad.dylib
Size: 1070048
MD5:  CE0A6550E51F3C1B1F49C39A297077E0

File: sad
Size: 31952
MD5:  E890CF2B1F9ADC4364B9A38FFFA14ABC

Download. Email me if you need the password
Download additional binaries

Thursday, March 6, 2014

Dendroid - Android spyware

Research: Lookout - Dendroid malware can take over your camera, record audio, and sneak into Google Play

Sample credit: Tim Strazzere

File: com.parental.control.v4.apk
Size: 942846
MD5:  DB01F96D5E66D82F7EB61B85EB96EF6E

File: com.parental.control.v4-dexguarded.apk
Size: 833648
MD5:  52A30B58257D338617A39643E2216D0C

Download: Email me if you need the password

Friday, February 28, 2014

Android iBanking

Research: iBanking Mobile Bot Source Code Leaked

apk files
1F68ADDF38F63FE821B237BC7BAABB3D Chase.apk
F1BC8520754D2AC4A920B3EF5C732380 bot.apk_
F06AF629D33F17938849F822930AE428 ING.apk_

Download. Email me if you need the password