Clicky

Monday, October 17, 2011

Android anserverbot malware Anserver.apk + payload b.apk


Name:                   Payload of the Android anserverbot malware - b.apk and 002f537027830303e2205dd0a6106cb1b79fa704(AnserverBot).apk
File Name:            b.apk decoded from  from http://blog.sina.com.cn/s/blog_8440ab780100t0nf.html
MD5:                    
164A147B663248558E4B6A287A429139
Sample Credits:     many thanks to Madalina Baltatu October 17, 2011
Research:             
NetQuin A Technical Analysis of the AnserverBot Trojan

Download b.apk  (pass infected)

Download Anserverbot.apk  pass infected

b.apk
Submission date:2011-10-17 20:10:13 (UTC)
Current status:finished
Result:7/ 42 (16.7%)
Avast    6.0.1289.0    2011.10.17    Android:BaseBridge-I
Emsisoft    5.1.0.11    2011.10.17    Trojan.AndroidOS.Anserver!IK
F-Secure    9.0.16440.0    2011.10.17    Trojan:Android/BaseBridge.A!mfb
GData    22    2011.10.17    Android:BaseBridge-I
Ikarus    T3.1.1.107.0    2011.10.17    Trojan.AndroidOS.Anserver
Microsoft    1.7702    2011.10.17    Trojan:AndroidOS/Anserver.A
Sophos    4.70.0    2011.10.17    Andr/Ansver-A
MD5   : 164a147b663248558e4b6a287a429139

3 comments:

  1. The Answerbot.apk sample is corrupted. It is much smaller than it should be. Check its SHA1 and you'll see that it's different from what the file name suggests.

    ReplyDelete
  2. I fixed it, please try again. Thank you M

    ReplyDelete
  3. It is indeed fixed now, thanks.

    ReplyDelete