Clicky

Sunday, October 23, 2011

RogueSPPush - SMS-Trojan


Name:                 RogueSPPush
File Name:          1314935990854.apk
 MD5:                  56CD8AC9ADFC0E38496939385AA510FA
Research:           New Rogue Android App -- RogueSPPush -- Found in Alternative Android Markets By Xuxian Jiang -Aug 2011
Sample Credits:    with  many thanks to MasterMRZ , October  23, 2011







Read more »
0 comments Labels:

Legacy Native (LeNa) - DroidKungFu variant


Name:                   Legacy Native (LeNa)
MD5:                     com.safesys.myvpn.apk 1F5628300EF2A477E39E226FEE73CE51
MD5:                     com.safesys.onekeyvpn.apk EC056818D38D18CB940A64BF89714DF2
Sample Credits:     many thanks to Armando, October 21, 2011
Research:               Lookout Security Alert: Legacy Makes Another Appearance, Meet Legacy Native (LeNa)   By Tim Strazzere



Download both samples - password infected

Read more »
0 comments Labels: , ,

Saturday, October 22, 2011

Collection of 96 mobile malware samples for Kmin, Basebridge, Geinimi, Root exploits, and PJApps


All files are sorted by types in folders and named by MD5. The list of files is below. I posted examples of what you will find in the previous 20 posts.  Enjoy

Download Android-Malware_SortedTYPE-MD5.zip (password infected)
 
MALWARE TYPE (number of samples)
BASEBRIDGE (3)
YZHC (2)
ROOT EXPLOIT (7)
PJAPPS (16)
GEINIMI (28)
KMIN (40)


Sample credit: Thank to anonymous, Oct. 22, 2011

Read more »
3 comments Labels: , , , , ,

Root Exploit - Z4Mod Root


Name:               Z4mod
MD5:                 30587d7e5ac828f8b1eaf476d4b19bd2
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011



Read more »
0 comments Labels: , ,

Geinimi - OPDA CacheMate v2.5.9


Name:                Geinimi  - OPDA CacheMate v2.5.9
MD5:                 8b12ccdc8a69cf2d6a7e6c00f698aaa6
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: , ,

Root Exploit - Universal Androot


File Name:            corner23.android.universal androot.apk

MD5:                    4e26a200ab149819dcdcf273f5ab171a
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Read more »
0 comments Labels: ,

Geinimi - Android SPL meter


File Name:              com.splGUI.splMeter.apk

MD5:                      08e4a73f0f352c3accc03ea9d4e9467f
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: , ,

Geinimi - com.feasy.jewels.Gel


File name:          com.feasy.jewels.Bears

MD5:                543e9d86dd28005342a3313bdc588009
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Read more »
0 comments Labels: , ,

Geinimi - Banking Trojan www.ipay.com.cn


MD5:                    3374d6322542d6aec9d319df335215e5
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Read more »
0 comments Labels: , ,

Geinimi - Armored Strike


Name:                Armored Strike
File Name:         com.requiem.armoredStrike.apk
 MD5:                 5d27c7d0c5630f4c7a8b7a8f45512f09
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Read more »
0 comments Labels: , ,

Geinimi - MetroXing Chinese metro maps

 
Name:              com.etagmedia.metro.apk   Beijing, Guangzhou, Shanghai, Shenzhen  - metro maps
MD5:              54fad8426e03a05279223173ec7d2fe2
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: , ,

PJApps.A - Mail/FTP app

    
MD5:                      de759e9fdb3ec577d753ff240fc91a13
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011




Read more »
0 comments Labels: , ,

Geinimi - Kosenkov Protector


Name:               com.kosenkov.protector.
MD5:                404fd6f9113870d1b6e63dcd23cfe206
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011
Read more »
0 comments Labels: , ,

PJApps - Fingerprint Screensaver


Name:               Fingerprint Screensaver 
MD5:                 722da6cdfa8bac482c9c6be105b0ff2a
File Name:        com.jiubang.screenguru.apk
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011

Read more »
0 comments Labels: ,

Geinimi - Shopper 's Paradise

 
Name:               com.sgg.sp.ShoppersParadise.apk
MD5:                ea80ae4c4a17e8608e0fc7d6e34bf37e
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Read more »
0 comments Labels: , ,

Root Exploit - ITFUNZ Lotoor

 
Name:               ITFUNZ 
MD5:          951c8a2efbe2acafeb351525d5bd52e2
MD5:          81614d2c1175ee32a6967d13630be8a9
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download 951c8a2efbe2acafeb351525d5bd52e2 (password infected)
Download  81614d2c1175ee32a6967d13630be8a9 (password infected)

or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: , ,

PJApps.A - Mediaplayer - SMS-Trojan

 
Name:                Mediaplayer (goes under different names)
MD5:                c05d4ff1a80f18ba9d8a86afd88bc05d
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011  
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



some other related apps might be here

http://www.webgameboy.com/HTC-T5252/xiazai-14864.html

Related research: Cryptography for mobile malware obfuscation Axelle Apvrille


Read more »
0 comments Labels: , ,

Kmin - Wallpaper Changer- Infostealer


MD5:          
   231696ffdf8d00c9d09af7fb85b4991d
MD5:                 be63349846165811da4e3444c5d15dea
MD5:                  2289293578008531755462e4e88afc17

MD5:                  8a0c4006157c766a08c313fa2143f1fe
MD5:                  3284493FB26FFCE5A1C23AF6B2383B6D
MD5:                  b5444e6c3c8376f7d2eccb974f31c7c3
MD5:                 b1c866ff733a3cb89bc101878e41523e
MD5:                  0f182524c0fe8ff999bfa3d63c9a9e97



Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011 


  1. Download  231696ffdf8d00c9d09af7fb85b4991d (password infected)
  2. Download be63349846165811da4e3444c5d15dea (password infected) 
  3. Download 2289293578008531755462e4e88afc17 (password infected) 
  4. Download 8a0c4006157c766a08c313fa2143f1fe (password infected) 
  5. Download 3284493FB26FFCE5A1C23AF6B2383B6D (password infected) 
  6. Download b5444e6c3c8376f7d2eccb974f31c7c3 (password infected)
  7. Download  b1c866ff733a3cb89bc101878e41523e (password infected)
  8. Download 0f182524c0fe8ff999bfa3d63c9a9e97 (password infected)

or Download an archive with all the files donated on Oct. 21. 2011


It appears data is going to http://su.5k3g.com/portal/m/c5/0.ashx

Read more »
0 comments Labels: , ,

Friday, October 21, 2011

Geinimi-A BS2010


Name:             BS2010  
File Name:        com.gamevil.bs2010.BS2010
 MD5:             0da3484a20c85c0489fea8f53316b53c
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Read more »
0 comments Labels: , ,

Geinimi-B - GoldenMiner

 
Name:                 GoldMiner   
File Name:         com.handcn.GoldMiner.free.GoldMiner
 MD5:                025a55c1bcbd3be2ca03aa314ce9a4c2
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: , ,

BaseBridge-C

 
Name:                    Basebridge - C
File Name:             com.sec.android.bridge
MD5:                    b6847521b548b806cf5e4f71b687ec26



Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Read more »
0 comments Labels: ,

Android Local Root Exploit - Lotoor - App2card

 
Name:                    Lotoor
File Name:         com.aps.hainguyen273.app2card    
MD5:                   AFD12639E21C1884D33737ABA0BC43EE
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: , ,

PJApps.B - Girl Mahjong Android

 
Name:                    App2SD
File Name:             com.rainbow.FMaj
MD5:                      8353cad68f4d2b443b33bb2f32f2412d
MD5:                      89BB300CC1BF0B27C582327588EA7377
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download 8353cad68f4d2b443b33bb2f32f2412d (password infected)
Download 89BB300CC1BF0B27C582327588EA7377  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Read more »
0 comments Labels: ,

Kmin-B - App2SD for Android

 
Name:                    App2SD
File Name:             com.aps.hainguyen273.app2card.apk
MD5:                     9783aa70949043bb7aaa205a31b42022
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 


Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: ,

Wednesday, October 19, 2011

Battery Doctor Android scareware/infostealer

 
Name:                    Battery Doctor scareware/infostealer
File Name:             BatteryDoctor.apk
MD5:                     DF4595EE727706D2CFDB7C9A1FE9E079
Sample Credits:     many thanks to Sanjay, October 18, 2011
Research:              Sleazy Ads on Android Devices Push Bogus 'Battery Upgrade' Warnings Tom Spring, PCWorld

Download  (pass infected)
0 comments Labels: ,

Monday, October 17, 2011

Android anserverbot malware Anserver.apk + payload b.apk


Name:                   Payload of the Android anserverbot malware - b.apk and 002f537027830303e2205dd0a6106cb1b79fa704(AnserverBot).apk
File Name:            b.apk decoded from  from http://blog.sina.com.cn/s/blog_8440ab780100t0nf.html
MD5:                     164A147B663248558E4B6A287A429139
Sample Credits:     many thanks to Madalina Baltatu October 17, 2011
Research:              NetQuin A Technical Analysis of the AnserverBot Trojan

Download b.apk  (pass infected)

Download Anserverbot.apk  pass infected
Read more »
3 comments Labels: ,

Thursday, October 13, 2011

Fake Netxflix - Android trojan info stealer


Name:                    Fake NetFlix
File Name:             com.netflix.mediaclient-1w.apk
MD5:                     83C6414C9C7964F4FB88E0D2477C20E4
Sample Credits:     many thanks to Sanjay, October 13, 2011
Research:              Symantec blog: Will Your Next TV Manual Ask You to Run a Scan Instead of Adjusting the Antenna?

Download  (password infected)




Read more »
0 comments Labels: ,
Subscribe to: Posts (Atom)