Research: Fake “The Interview” app is really an Android banking trojan by Graham Cluley | December 27, 2014
Sample credit: Mario Bono
File: com.movieshow.down.apk
Size: 2236959
MD5: 0882C94E141B2B000B8805D51722F70D
Tuesday, December 30, 2014
The Interview movie app - Android banking trojan sample
Research: Fake “The Interview” app is really an Android banking trojan by Graham Cluley | December 27, 2014
Sample credit: Mario Bono
File: com.movieshow.down.apk
Size: 2236959
MD5: 0882C94E141B2B000B8805D51722F70D
Sunday, December 21, 2014
Android FBI Ransomlocker sample
Research: Emerging threats. FBI ransomlocker
File: FBI_ransomlocker_645A60E6F4393E4B7E2AE16758DD3A11
MD5: 645a60e6f4393e4b7e2ae16758dd3a11
Download. Email me if you need the password
File: FBI_ransomlocker_645A60E6F4393E4B7E2AE16758DD3A11
MD5: 645a60e6f4393e4b7e2ae16758dd3a11
Android SMS worm sample
Research: Fireeye. SMS Worm Runs Wild in Singapore
File: sms-worm_F6D3A35BE0366EB994A0425A15871F5B
Size: 2666008
MD5: F6D3A35BE0366EB994A0425A15871F5B\
Download. Email me if you need the password
Infected HTML Files (Windows malware Ramnit) in Android Apps - samples
Research: Malwarebytes: Infected HTML Files Bundled in Android Apps
| name | MD5 |
|---|---|
| air.ELA4.A0 | 0196BA842449CDEDD5C22AB5037D2022 |
| air.ELA4.A0 | 0AD96A161E350D709B216FE0046D6ADB |
| air.ELA4.A0 | 2D31F784B43F70DE1C7D935BD9FE64CE |
| air.ELA4.A0 | 5E1249EACD38108F154F4052F62AACEB |
| air.ELA4.A0 | 6331C7053A63ABA6635C4ABE741D46F8 |
| air.ELA4.A0 | 9502CE34A896C67B54DE50628F272258 |
| air.ELA4.A0 | DBAC184F71C79E1E79ACE356A37C6C67 |
| com.amd.menggambar | 759F7EC766C6203AA331E00B8FDDAF5C |
| com.amd.tebaktimnas | BE0788A38153562C63B0F711130AC054 |
| com.aviatosystems | 786339A22AED23AE699458FB2A5DB565 |
| com.aviatosystems | 929E2F4F59985E2D2517FEB730EC8750 |
| com.aviatosystems | 65D456B0FAB474457E5BA33852E227B0 |
Download. Email me if you need the password.
Torec Android BankBot.34. using Tor
Research: Dr. Web Android.BankBot.34.origin
MD5 08aaa6d38cdbb20b651a6dbb892eb000
SHA-1 6005341dc5e30898f63ba134a2c366babe986a14
SHA-256 a51af8022b684d2c3598aa44224c25ab73159ae68adec05d514918dd6b30b008
ssdeep 49152:qrn9O5dzxb4PcGe7VtepeMQlHNyW+G7KZDH0:yChxb4/enepeMQp+P0
Size 3.8 MB (3940824 bytes)
Download file bankbot34_classes.zip. Email me if you need the password (New Link)
Saturday, December 20, 2014
SMS Stealer Assassins Creed - Android infostealer
Research: ZScaler - Trojanized and Pirated Assassins Creed app
File: 3E076979644672A0EF750A4C3226F553_assassins_creed.apk
MD5: 3e076979644672a0ef750a4c3226f553
Size: 3411513
Cloud Atlas / Inception APT - Blackberry samples
Research:
Blue Coat. Inception APT Framework
Kaspersky. Cloud Atlas: RedOctober APT is back in style
File: 4e037e1e945e9ad4772430272512831c_WhatsAppUpdate.deb
MD5: 4e037e1e945e9ad4772430272512831c
Size: 1238788
File: 0FB60461D67CD4008E55FECEEDA0EE71
Size: 69888
MD5: 0FB60461D67CD4008E55FECEEDA0EE71
File: 60DAC48E555D139E29EDAEC41C85E2B4
Size: 41564
MD5: 60DAC48E555D139E29EDAEC41C85E2B4
Download. Email me if you need the password
Cloud Atlas / Inception iOS - WhatsAppUpdate.deb
Research:
Blue Coat. Inception APT Framework
Kaspersky. Cloud Atlas: RedOctober APT is back in style
File: 4e037e1e945e9ad4772430272512831c_WhatsAppUpdate.deb
MD5: 4e037e1e945e9ad4772430272512831c
Size: 1238788
Android.Cloudatlas.A / Inception APT iOS sample - targeting jailbroken devices
Research:
Blue Coat. Inception APT Framework
Kaspersky. Cloud Atlas: RedOctober APT is back in style
Sample Credit: Claud Xiao
File: iPhoneOS_Cloudatlas_a_ e30b70974bb05ea1cbf7279e71bddb81
MD5: e30b70974bb05ea1cbf7279e71bddb81
Size: 1166720
Download. Email me if you need the password
DroidJack RAT - Androrat - Android - Sample
Research: Symantec: DroidJack RAT: A tale of how budding entrepreneurism can turn to cybercrime
Sample credit: Paul Burbage and Fran
File: SandroRat.apk
Size: 215839
MD5: 3BCCA99E4D99B4CF733D8EBB79D35782
Download. Email me if you need the passwordWednesday, December 17, 2014
Coolpad Android Devices - CoolReaper files / samples
Research: CoolReaper Revealed: A Backdoor in Coolpad Android Devices by
Claud Xiao and Ryan Olson
Report download : https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-cool-reaper.pdf
Sample Credit: Claud XiaoDownload the files listed below (email me if you need the password) - 825MB zip
List of included files (2,825 Files 1.4 GB):
Thursday, December 4, 2014
Deathring, preloaded Android malware sample
Research: Lookout. DeathRing: Pre-loaded malware hits smartphones for the second time in 2014
Sample credit: Tim Strazzere
File: com.android.Materialflow.apk
Size: 95024
MD5: 1E799AC26231D64DD496353FB78A5C46
Download. Email me if you need the password
Thursday, November 20, 2014
Notcompatible.C Android sample
Research: Lookout: The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks
Whitepaper NOTCOMPATIBLE.C A Sophisticated Mobile Threat that Puts Protected Networks at Risk
Sample credit: Tim Strazzere
File: com.security.patch.apk
Size: 64808
MD5: FEACE958B47C2249C6AB8DDF804CDCB6
Wednesday, November 19, 2014
Android Appinventor Trojan Bankers
Research: Securelist Fabio Assolini Brazilian Trojan Bankers – now on your Android Play Store!
Sample credit: Fabio Assolini
appinventor.ai_funayamajogos.BancodoBrasil_5.72.apkSize: 1802104
MD5: A18AC7C62C5EFD161039DB29BFDAA8EF
File: appinventor.ai_funayamajogos.Caixa_1.3.2.apkSize: 1410959
MD5: 00C79B15E024D1B32075E0114475F1E2
Wednesday, November 5, 2014
Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples
PART II
Wirelurker for Windows (WinLurker)Research: Palo Alto Claud Xiao: Wirelurker for Windows
Sample credit: Claud Xiao
Part I
Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X MalwarePalo Alto |Claud Xiao - blog post Wirelurker
Wirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector
Sample credit: Claud Xiao
Download
Download Part I
Download Part II
Email me if you need the password
List of files
Part II
s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd
apps.ipa 54d27da968c05d463ad3168285ec6097
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a
zlib1.dll c7d4d685a0af2a09cbc21cb474358595
│ apps.ipa
│ σ╛«σìÜ 3.4.1.dmg
│
└───WhatsAppMessenger 2.11.7
libiconv-2_.dll
libxml2.dll
libz_.dll
mfc100u.dll
msvcr100.dll
WhatsAppMessenger 2.11.7.exe
zlib1.dll
使用说明.txt
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a
zlib1.dll c7d4d685a0af2a09cbc21cb474358595
│ apps.ipa
│ σ╛«σìÜ 3.4.1.dmg
│
└───WhatsAppMessenger 2.11.7
libiconv-2_.dll
libxml2.dll
libz_.dll
mfc100u.dll
msvcr100.dll
WhatsAppMessenger 2.11.7.exe
zlib1.dll
使用说明.txt
Part I
List of hashes
BikeBaron 15e8728b410bfffde8d54651a6efd162
CleanApp c9841e34da270d94b35ae3f724160d5e
com.apple.MailServiceAgentHelper dca13b4ff64bcd6876c13bbb4a22f450
com.apple.appstore.PluginHelper c4264b9607a68de8b9bbbe30436f5f28
com.apple.appstore.plughelper.plist 94a933c449948514a3ce634663f9ccf8
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.itunesupdate.plist 83317c311caa225b17ac14d3d504387d
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.MailServiceAgentHelper.plist e6e6a7845b4e00806da7d5e264eed72b
com.apple.periodic-dd-mm-yy.plist bda470f4568dae8cb12344a346a181d9
com.apple.systemkeychain-helper.plist fd7b1215f03ed1221065ee4508d41de3
com.apple.watchproc.plist af772d9cca45a13ca323f90e7d874c2c
FontMap1.cfg 204b4836a9944d0f19d6df8af3c009d5
foundation 0ff51cd5fe0f88f02213d6612b007a45
globalupdate 9037cf29ed485dae11e22955724a00e7
globalupdate 9037cf29ed485dae11e22955724a00e7
itunesupdate a8dfbd54da805d3c52afc521ab7b354b
libcrypto.1.0.0.dylib 4c5384d667215098badb4e850890127b
libcrypto.1.0.0.dylib 3b533eeb80ee14191893e9a73c017445
libiconv.2.dylib 94f9882f5db1883e7295b44c440eb44c
libiconv.2.dylib fac8ef9dabdb92806ea9b1fde43ad746
libimobiledevice.4.dylib c596adb32c143430240abbf5aff02bc0
libimobiledevice.4.dylib 5b0412e19ec0af5ce375b8ab5a0bc5db
libiodb.dylib bc3aa0142fb15ea65de7833d65a70e36
liblzma.5.dylib 5bdfd2a20123e0893ef59bd813b24105
liblzma.5.dylib 9ebf9c0d25e418c8d0bed2a335aac8bf
libplist.2.dylib 903cbde833c91b197283698b2400fc9b
libplist.2.dylib 109a09389abef9a9388de08f7021b4cf
libssl.1.0.0.dylib 49b937c9ff30a68a0f663828be7ea704
libssl.1.0.0.dylib ab09435c0358b102a5d08f34aae3c244
libusbmuxd.2.dylib e8e0663c7c9d843e0030b15e59eb6f52
libusbmuxd.2.dylib 9efb552097cf4a408ea3bab4aa2bc957
libxml2.2.dylib 34f14463f28d11bd0299f0d7a3985718
libxml2.2.dylib 95506f9240efb416443fcd6d82a024b9
libz.1.dylib 28ef588ba7919f751ae40719cf5cffc6
libz.1.dylib f2b19c7a58e303f0a159a44d08c6df63
libzip.2.dylib 2a42736c8eae3a4915bced2c6df50397
machook 5b43df4fac4cac52412126a6c604853c
machook ecb429951985837513fdf854e49d0682
periodicdate aa6fe189baa355a65e6aafac1e765f41
pphelper 2b79534f22a89f73d4bb45848659b59b
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102
start.sh 3fa4e5fec53dfc9fc88ced651aa858c6
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097
watch.sh 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c
start.sh 9adfd4344092826ca39bbc441a9eb96f
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102
start.sh 3fa4e5fec53dfc9fc88ced651aa858c6
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097
watch.sh 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c
start.sh 9adfd4344092826ca39bbc441a9eb96f
File listing
├───databases
│ foundation
│
├───dropped
│ ├───version_A
│ │ │ com.apple.globalupdate.plist
│ │ │ com.apple.machook_damon.plist
│ │ │ globalupdate
│ │ │ machook
│ │ │ sfbase.dylib
│ │ │ watch.sh
│ │ │
│ │ ├───dylib
│ │ │ libcrypto.1.0.0.dylib
│ │ │ libiconv.2.dylib
│ │ │ libimobiledevice.4.dylib
│ │ │ liblzma.5.dylib
│ │ │ libplist.2.dylib
│ │ │ libssl.1.0.0.dylib
│ │ │ libusbmuxd.2.dylib
│ │ │ libxml2.2.dylib
│ │ │ libz.1.dylib
│ │ │
│ │ ├───log
│ │ └───update
│ ├───version_B
│ │ com.apple.globalupdate.plist
│ │ com.apple.itunesupdate.plist
│ │ com.apple.machook_damon.plist
│ │ com.apple.watchproc.plist
│ │ globalupdate
│ │ itunesupdate
│ │ machook
│ │ start
│ │ WatchProc
│ │
│ └───version_C
│ │ com.apple.appstore.plughelper.plist
│ │ com.apple.appstore.PluginHelper
│ │ com.apple.MailServiceAgentHelper
│ │ com.apple.MailServiceAgentHelper.plist
│ │ com.apple.periodic-dd-mm-yy.plist
│ │ com.apple.systemkeychain-helper.plist
│ │ periodicdate
│ │ stty5.11.pl
│ │ systemkeychain-helper
│ │
│ └───manpath.d
│ libcrypto.1.0.0.dylib
│ libiconv.2.dylib
│ libimobiledevice.4.dylib
│ libiodb.dylib
│ liblzma.5.dylib
│ libplist.2.dylib
│ libssl.1.0.0.dylib
│ libusbmuxd.2.dylib
│ libxml2.2.dylib
│ libz.1.dylib
│ libzip.2.dylib
│
├───iOS
│ sfbase.dylib
│ sfbase_v4000.dylib
│ sfbase_v4001.dylib
│ start
│ stty5.11.pl
│
├───IPAs
│ 7b9e685e89b8c7e11f554b05cdd6819a
│ pphelper
│
├───original
│ BikeBaron
│ CleanApp
│ FontMap1.cfg
│ start.sh
│
└───update
start.sh
update
Thursday, October 30, 2014
Android icon vulnerability - malware sample
Research: Cheetah Mobile: Android icon vulnerability can cause serious system-level crashes
The malware uses a very large icon which overloads the system’s capabilities and causes some important processes to crash, such as the Settings and Launcher.
Sample credit: Weuzhu Liu
File: d.apk
Size: 12245344
MD5: DD23039E2C18F2CD1CA2604478E8CD00
Android ransomware samples Koler. C
2c82604a5b8cd48e841f4a37173df1b0
b31ce7e8e63fb9eb78b8ac934ad5a2ec
6b0fa323d01fb7c363c9fcb9948812a1
153626fae2eaa8ae6ef4727958104ee7
3eea7a9bdeba1c6de34dc79de831784c
691f71c3cae19547df2a879789cc0b34
f60e6b977a4de0ec194c77cb12ef1101
Samples credit: Mario Bono
Download. Email me if you need the password
SMS worm Selfmite
Research: Adaptive Mobile Take Two: Selfmite.b Hits the Road
Sample Credit: Charlie Bronson
1bf7a3639bf81e2260547fe5e04f864c
Download. Email me if you need the password
Wednesday, October 29, 2014
Android WipeLocker.A
File: Angry_BirdTransformers_1.1.0.apk
Size: 548938
MD5: 4E2201CDE26141715255D2421F0BCFB1
Sample credit: İbrahim BALİÇ
Download. Email me if you need the password
Android Chathook ptrace
Research: http://blog.csdn.net/androidsecurity/article/details/27504615
88870ad3c7bd42cfe1d728b4a4ccc104
Sample credit: Thomas Wang
Download. Email me if you need the password
Wednesday, October 8, 2014
Xsser mRat Android and IOS samples
Sorry for the delay, here are the Xsser samples.
Xsser Android
File: code4hk.apk
Size: 409709
MD5: 15E5143E1C843B4836D7B6D5424FB4A5
sample credit: Shalom Bublil
Xsser (mRat) for IOS
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/iPh~InfoStl-O/detailed-analysis.aspx
File: xsser.0day_1.1_iphoneos-arm.deb
MD5 2ee65c7faeba0899d397f6e105cc53c3
Sample Credit: KernelMode forum and anonymous upload to Malwaredump
Dylib files from the C2 (e.g. http://www.xsser.com/upload/Lib/iLib.4.0.0.dylib|iLib.4.0.0.dylib|4.0.0|1033720)
FAB47459D191C09406DD15D90AF403CB_iLib.2.0.0.dylib
2CBA795AFF750259A2FC447CDD6EA1C7_iLib.3.0.0.dylib
CFC300B52BF0A4F09FE3E8F9B3459862_iLib.4.0.0.dylib
Monday, September 15, 2014
iOS AppBuyer malware - infostealer
Research:
Wei Feng Technology Group -Wei Feng Technology Group] on the source of malicious hackers discovered a rogue plug-track hacking (CN)
Palo Alto AppBuyer: New iOS Malware Steals Apple ID and Password to Buy Apps;
Sample credit: Claud Xiao
File: com.archive.plist
MD5: 6EEE2BA0C18C69A71E3F879C2A46BDAA
File: updatesrv
MD5: 1C32F9F05234CAC7DD7A83E3925A3105
File: u2_88
MD5: B4DAFC195DB19C661C25C54AEA39982B
File: u1_88
MD5: 68424FF30F6FD1DEBD3CFF1997FAB17E
File: u1
MD5: 69147A1AD05D64202B2D7BB0EA1BAB46
File: u2_80
MD5: 5F4741EBAFFD9C53473D79A1252F82CB
File: u1_80
MD5: B88451E74C1091B9022F7199704959B0
Download. Email me if you need the password.
Sunday, August 3, 2014
Android XXshenqi SMS sender
Research:
Analysis Report: Baidu http://safe.baidu.com/2014-08/xxshenqi.html
News: http://finance.chinanews.com/it/2014/08-03/6452953.shtml
Sample Credit - Thomas Wang
File: com.android.Trogoogle.apk
Size: 1563595
MD5: EF819779FC4BEE6117C124FB752ABF57
File: XXshenqi.apk
Size: 2588891
MD5: 9C06E0963A3F3383CD810F5041364BFA
Download. Email me if you need the password
Wednesday, July 23, 2014
Android ScarePackage Ransomware
Research: Lookout. U.S. targeted by coercive mobile ransomware impersonating the FBI
Sample Credit: Tim Strazzere
File: com.android.locker.apk
Size: 488296
MD5: 645A60E6F4393E4B7E2AE16758DD3A11
Download. Email me if you need the passwordMonday, June 23, 2014
(Another) Android Trojan Scheme Using Google Cloud Messaging - SMS Spyware
Research: Andrototal - (Another) Android Trojan Scheme Using Google Cloud Messaging
Sample credit: Federico Maggi
File: test98.apk
Size: 1051288
MD5: D65C5EF9739ABAE77F5B13B8B562B18A
File: test99.apk
Size: 1051283
MD5: D968FF20B7A25A79E922511101B7F7CC\
File: test97.apk
Size: 1051286
MD5: 5A7C8EB61061F86FDCDBF9118711CC53
Wednesday, June 4, 2014
Simplocker - Android File-Encrypting, TOR-enabled Ransomware
File: fd694cf5ca1dd4967ad6e8c67241114c.bin
Size: 4917678
MD5: FD694CF5CA1DD4967AD6E8C67241114C
Research: ESET Analyzes First Android File-Encrypting, TOR-enabled Ransomware
Sample credit: Sanjay Gupta
Download. Email me if you need the password
Saturday, May 10, 2014
Android Koler - Cryptolocker/Ransomware (sample #2, Reveton team)
Please see the previous post with another sample here:
http://contagiominidump.blogspot.com/2014/05/android-locker-from-reveton-team.html (Posted by Kafeine)
File: koler.apk
Size: 316715
MD5: 67BDE6039310B4BB9CCD9FCF2A721A45
Research/News:
Avast: Fake government ransomware holding Android devices hostage
手机毒霸:敲诈者安卓病毒(Cryptolocker)正横扫美国
Sample credit: Yu Liang
Download. Email me if you need the password
http://contagiominidump.blogspot.com/2014/05/android-locker-from-reveton-team.html (Posted by Kafeine)
File: koler.apk
Size: 316715
MD5: 67BDE6039310B4BB9CCD9FCF2A721A45
Research/News:
Avast: Fake government ransomware holding Android devices hostage
手机毒霸:敲诈者安卓病毒(Cryptolocker)正横扫美国
Sample credit: Yu Liang
Download. Email me if you need the passwordAndroid Monitor spyware - HGSpy.A / QlySpy.a
File: com.exp.tele.apk
Size: 721665
MD5: 3709F87D2B6FF0BD7937112974DC1143
Sample credit: Steven Chen
Research:
Download. Email me if you need the password
Forsafe report
http://www.foresafe.com/
Size: 721665
MD5: 3709F87D2B6FF0BD7937112974DC1143
Sample credit: Steven Chen
Research:
Download. Email me if you need the passwordForsafe report
http://www.foresafe.com/
Ijinshan Fireeye:
Tuesday, May 6, 2014
IOS iphone Stealer.A - malware acting as a Substrate module
Research: iOS Malware Campaign "Unflod Baby Panda" sektioneins.de\
http://www.reddit.com/r/jailbreak/comments/23b7qs/what_is_unflod_its_a_mobile_substrate_addon_that/
http://www.reddit.com/r/jailbreak/comments/23bdwr/beware_unfloddylib_sends_apple_id_and_password_to/
Download. Email me if you need the password
Android fake AV - Se-cure MobieAV
Research: VisualThreat Security Lab Uncovers "Se-Cure Mobile AV": a new suspicious Android Fake A
Sample credit: Wei Yan
16BD4B23B55F0ADE6DF16D8C6DCF502C
Download. Email me if you need the password
Sample credit: Wei Yan
16BD4B23B55F0ADE6DF16D8C6DCF502C
Download. Email me if you need the password
Android Samsapo.A
Sample credit: Steven Chen
Size: 473650
MD5: 60B4EF7037CA6A4D1EE7E3C35C8E27D7
Size: 473875
MD5: C1F9283B7AD8457160D3C189430F2C75
Android locker from the Reveton team
MD5 fb14553de1f41e3fcdc8f68fd9eed831
hone_Police_Ransom.apk
Sample credit - Kafeine
Download : http://malware.dontneedcoffee.com/2014/05/police-locker-available-for-your.html?m=1
hone_Police_Ransom.apk
Sample credit - Kafeine
Download : http://malware.dontneedcoffee.com/2014/05/police-locker-available-for-your.html?m=1Android Fake banker
MD57276e76298c50d2ee78271cf5114a176
a15b704743f53d3edb9cdd1182ca78d1
aac4d15741abe0ee9b4afe78be090599
Sample credit - anonymous (thank you)
Download. Email me if you need the password
Android SMS trojan Flash fake installer
File: imauyfxuhxd.qhlsrdb-1(20140414)(2).apk
Size: 141987
MD5: 7D25D4CDBF3CFC8B6E9466729B84D348
Sample credit - anonymous
Download. Email me if you need the password
Size: 141987
MD5: 7D25D4CDBF3CFC8B6E9466729B84D348
Sample credit - anonymous
Download. Email me if you need the password
Wednesday, April 2, 2014
Oldboot.B - Android bootkit
Research: Oldboot.B:与Bootkit技术结合的木马隐藏手段的运用 Chinese version:
English version: Oldboot.B: Bootkit technology combined with the use of a means to hide Trojans
Author: iRiqium, Zhaorun Ze, Jiang Xuxian
Sample credit: Qing Dong
phone1
sbin/adb_server a4c89abc46bbb34c6dd2c23caad99d61
sbin/meta_chk 6976d12388939d6cb93e28236212c8c7
init.rc 51b52552baf91d00e8f34ec052339f13
phone2
sbin/meta_chk cea6dd8a13cbce59097ad87fafb91fcd
init.rc f8f8e0b089bedbd58bea8a262229a234
phone3
sbin/agentsysline e5d27b3e64ed5e2ae6d6c063e3ddf08a
sbin/boot_tst 04c6dfa8457f1dd88258d427be089e00
init.rc eec3292341177d9e39530d0ab481ead0
Download. Email me if you need the password (new link)
Image by 360.cn
Wednesday, March 26, 2014
Android CoinKrypt - bitcoin miner malware
Research: Lookout. CoinKrypt: How criminals use your phone to mine digital currency
https://github.com/strazzere/android-scripts/blob/master/Decoders/MuchSad/dogekrypt.java
Sample credit: Tim Strazzere
File: com.melodis.midomiMusicIdentifier.apk
Size: 8248809
MD5: 61253FAAC66F34BCF35B80FE767F136E
File: com.ventel.android.radardroid2.apk
Size: 6026091
MD5: 738A0109AB5C37F9EFA7729EACDBE314
File: mikado.bizcalpro.apk
Size: 3330167
MD5: BCCC62AE0129D484F0407FEDD701D211
Tuesday, March 25, 2014
iOS adware using Cydia
Research:
New iOS malware use Cydia Substrate to steal advertisement promotion fee by Claud Xiao
or in Chinese http://bbs.pediy.com/showthread.php?p=1270415
1)
File: spad.plist
Size: 302
MD5: D90A9E9DD3C95E9C12CAFE48F5362781
File: spad.dylib
Size: 166976
MD5: 8099C75F8F3A7BE16A8246FD5B90185A
2)
Additional binaries
downloaded by the adware to the victims device
File: libgad.dylib
Size: 1070048
MD5: CE0A6550E51F3C1B1F49C39A297077E0
File: sad
Size: 31952
MD5: E890CF2B1F9ADC4364B9A38FFFA14ABC
Download additional binaries
Thursday, March 6, 2014
Dendroid - Android spyware
Research: Lookout - Dendroid malware can take over your camera, record audio, and sneak into Google Play
Sample credit: Tim Strazzere
File: com.parental.control.v4.apk
Size: 942846
MD5: DB01F96D5E66D82F7EB61B85EB96EF6E
File: com.parental.control.v4-dexguarded.apk
Size: 833648
MD5: 52A30B58257D338617A39643E2216D0C
Download: Email me if you need the password
Sample credit: Tim Strazzere
File: com.parental.control.v4.apk
Size: 942846
MD5: DB01F96D5E66D82F7EB61B85EB96EF6E
File: com.parental.control.v4-dexguarded.apk
Size: 833648
MD5: 52A30B58257D338617A39643E2216D0C
Friday, February 28, 2014
Android iBanking
Research: iBanking Mobile Bot Source Code Leaked
apk files
1F68ADDF38F63FE821B237BC7BAABB3D Chase.apk
009E60205B8FBC780A2DD3083CDD61CB
D1059B52B6127B758581EB86247BC34F
E1B86054468D6AC1274188C0C579CCAF_
F1BC8520754D2AC4A920B3EF5C732380 bot.apk_
F06AF629D33F17938849F822930AE428 ING.apk_
Download. Email me if you need the password
apk files
1F68ADDF38F63FE821B237BC7BAABB3D Chase.apk
009E60205B8FBC780A2DD3083CDD61CB
D1059B52B6127B758581EB86247BC34F
E1B86054468D6AC1274188C0C579CCAF_
F1BC8520754D2AC4A920B3EF5C732380 bot.apk_
F06AF629D33F17938849F822930AE428 ING.apk_
Droidpak - Android targeting Windows malware
Research: Kaspersky -
df4045aa9cb62699bd2ae12f860f2ed1.exe_
577a8c571e2dd610247ecfa0fb3c6cb3_install.exe_
04e8ff68ead683e52b53e174d08eddf4_Voip.dll_
df4045aa9cb62699bd2ae12f860f2ed1.exe_
577a8c571e2dd610247ecfa0fb3c6cb3_install.exe_
04e8ff68ead683e52b53e174d08eddf4_Voip.dll_
Thursday, February 27, 2014
Android Tor Trojan
Research: Kaspersky: The first Tor Trojan for Android
File: video.mp4.apk
Size: 4885996
MD5:
58FED8B5B549BE7ECBFBC6C63B84A728
apk URL
http:// sexnine .ru /download/video.mp4.apk
Tuesday, February 4, 2014
Android.FakeRegSMS.B (Steganography) - Feb 2012
Research: http://forensics.spreitzenbarth.de/2012/02/03/detailed-analysis-of-android-fakeregsms-b/
MD5: 41ca3efde1fb6228a3ea13db67bd0722
Size: 65207
Download (email me if you need the password)
----------------
Wednesday, January 29, 2014
Android AVPass
Research: Baidu Security Labs http://blog.csdn.net/androidsecurity/article/details/18816557
Sample Credit: Tom:Pan
Size: 203000
MD5: CCC01FD6D875B95E2AF5F270AAF8E842
Download. Email me if you need the password.
Android Airpush, /StopSMS.B, Minimob
Sample credit Tachion
08061663E638B5AC1D780CAACBE9FAD8 GlamorousSmoke.apk
2C3B92FFE8123611AE9D9BED000C99F7 3dtimeclockticks.apk
4FD1194F8127439609319CDBE244C0A7 _BlueArt.apk
58E73A03025BA95337C952223F18F479 _lordssacredheavenlycross.apk
8F7A41A921FC15F4FD47A33E476D7B3B SkullLighter.apk
B0E22A785041229A644F015472E738BA_ghostiderfireflamessremixFAMOUS3DAPPS.apk
CE7B9B2242A71BBEAC0B2839B1063013 NoiseDetectorNonG.apk
D67A07E3DE88C0130420588FD158B967 eyeseeyouSAMSUNG.apk
DE5BFA8715DAC2E29E206C19CA98F2F4 JingleBellNonG.apk
FB9FEFFB1FEF13C4A5E42ACE20183912 SaveTenDollar.apk
Download all. Email me if you need the password.
Subscribe to:
Posts (Atom)