Clicky

Monday, December 17, 2012

SpamSoldier - SMS Botnet sample


File: kim.apk
Size: 493987
MD5:  28668EE9168E4EA28DBB34A43E54411A


Research:
Security Alert: SpamSoldier. Lookout
Android Trojan Used To Create Simple SMS Spam Botnet. Cloudmark

Sample Credit: Tim Strazzere. Lookout security

Download kim.apk and the pcap file (email me if you need the password)







GET /command.php?action=recv HTTP/1.1
User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.0.4; sdk Build/MR1)
Host: l0rdzs0ldierz.com
Connection: Keep-Alive
Accept-Encoding: gzip

HTTP/1.1 200 OK
Date: Tue, 04 Dec 2012 19:23:35 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: PHPSESSID=5o6a8r69sf7ovb73j2ipu52gh1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 1334
Connection: close
Content-Type: text/html; charset=UTF-8
msg:You've just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at http://holyoffers.com can claim it!
#6626353560
#4197046101
#4109490615
#1845512434


Virustotal 

No comments:

Post a Comment