Clicky

Tuesday, September 4, 2012

Loozfon - Japanese Android infostealer


File: AndroidLoozfon
Size: 544646
MD5:  157985FF7FCF1CA30F5B026D1B897F1F

File: Loozfon.apk
Size: 42913
MD5:  04C9E05D0F626CC3F47DC0BC9B65A8CF

Research: Loozfon Malware Targets Female Android Users by Symantec
Sample Credit: Sanjay

Download (password infected)






https://www.virustotal.com/file/7538030c391fec2ed59342626dd9fc6c4c07d08f153c65408ac370db1b462be8/analysis/
SHA256: 7538030c391fec2ed59342626dd9fc6c4c07d08f153c65408ac370db1b462be8
File name: 157985ff7fcf1ca30f5b026d1b897f1f.virus
Detection ratio: 5 / 42
Analysis date: 2012-09-04 08:30:02 UTC ( 17 hours, 45 minutes ago )
Microsoft Trojan:AndroidOS/Lozfoon.A 20120902
PCTools Android.Loozfon 20120902
Sophos Andr/Loozfon-A 20120902
SUPERAntiSpyware - 20120901
Symantec Android.Loozfon 20120902
TrendMicro-HouseCall TROJ_GEN.RCBH1HT 20120902

Comments
Votes
Additional information
ssdeep

12288:OJXqzSx8pXBnJParBb43WLh1/DhiygOuGcTWHoAKs5Itqqbo/aXP:qqphBJirBs3OPrh3gOuGcCIAK3OaXP
TrID

Android Package (88.8%)
ZIP compressed archive (11.1%)
ExifTool

MIMEType.................: application/zip
ZipRequiredVersion.......: 20
ZipCRC...................: 0x0e1928f1
FileType.................: ZIP
ZipCompression...........: Deflated
ZipUncompressedSize......: 1241
ZipCompressedSize........: 608
ZipFileName..............: META-INF/MANIFEST.MF
ZipBitFlag...............: 0x0808
ZipModifyDate............: 2012:07:24 15:55:03
Androguard

activities...............:

fa.lin.ero.StartActivity, fa.lin.ero.ViewActivity, fa.lin.ero.MovieActivity

AndroidVersionCode.......: 1
Package..................: fa.lin.ero
AndroidVersionName.......: 1.0
riskindicator............: 50.0
MinSdkVersion............: 4
TargetSdkVersion.........: None

permissions..............:

CALL_PHONE, INTERNET, READ_PHONE_STATE, READ_CONTACTS, ACCESS_NETWORK_STATE

2012-08-29 08:44:25 UTC ( 6 days, 17 hours ago )
Last seen by VirusTotal

Android.Loozfon
fa.lin.ero.apk
157985ff7fcf1ca30f5b026d1b897f1f.virus
loozfon.apk


https://www.virustotal.com/file/ec0e0d25aa1de4f38894fb1999d6f21535610ffba15423a02ec993fea1561c66/analysis/
SHA256: ec0e0d25aa1de4f38894fb1999d6f21535610ffba15423a02ec993fea1561c66
SHA1: c84e1b1518a91ade0cffd3d4519befc81d52c707
MD5: 04c9e05d0f626cc3f47dc0bc9b65a8cf
File size: 41.9 KB ( 42913 bytes )
File name: ll.ap.ken.apk
File type: Android
Tags: android
Detection ratio: 5 / 42
Analysis date: 2012-09-03 13:15:46 UTC ( 1 day, 13 hours ago )
Microsoft Trojan:AndroidOS/Lozfoon.A 20120901
PCTools Android.Loozfon 20120901
Sophos Andr/Loozfon-A 20120901
SUPERAntiSpyware - 20120901
Symantec Android.Loozfon 20120901
TrendMicro-HouseCall TROJ_GEN.RCBH1HU 20120901
ssdeep

768:yYrXFWLKxe7X+Fu9JjRv6Xf3ApD+X7aFkuznFOceZtGT/qb:yYbgLKxe7wuDt6XSyLaFzFuXUqb
TrID

Android Package (63.3%)
Java Archive (28.7%)
ZIP compressed archive (7.9%)
ExifTool

MIMEType.................: application/zip
ZipRequiredVersion.......: 20
ZipCRC...................: 0x4cbfe1af
FileType.................: ZIP
ZipCompression...........: Deflated
ZipUncompressedSize......: 952
ZipCompressedSize........: 408
ZipFileName..............: res/layout/main.xml
ZipBitFlag...............: 0x0808
ZipModifyDate............: 2012:07:06 12:39:26
Androguard

activities...............: ll.ap.ken.LlApKenActivity
AndroidVersionCode.......: 1
Package..................: ll.ap.ken
AndroidVersionName.......: 1.0
riskindicator............: 50.0
MinSdkVersion............: 4
TargetSdkVersion.........: None

permissions..............:

CALL_PHONE, INTERNET, READ_PHONE_STATE, READ_CONTACTS, ACCESS_NETWORK_STATE

First seen by VirusTotal

2012-08-29 08:44:22 UTC ( 6 days, 17 hours ago )
Last seen by VirusTotal

ll.ap.ken.apk
Loozfon
Loozfon.apk




No comments:

Post a Comment