Clicky

Wednesday, October 8, 2014

Xsser mRat Android and IOS samples


Sorry for the delay, here are the Xsser samples.

Xsser Android
File: code4hk.apk
Size: 409709
MD5:  15E5143E1C843B4836D7B6D5424FB4A5
sample credit: Shalom Bublil


Xsser (mRat) for IOS
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/iPh~InfoStl-O/detailed-analysis.aspx

File: xsser.0day_1.1_iphoneos-arm.deb
MD5 2ee65c7faeba0899d397f6e105cc53c3
Sample Credit: KernelMode forum and anonymous upload to Malwaredump

Dylib files from the C2 (e.g. http://www.xsser.com/upload/Lib/iLib.4.0.0.dylib|iLib.4.0.0.dylib|4.0.0|1033720) 

FAB47459D191C09406DD15D90AF403CB_iLib.2.0.0.dylib
2CBA795AFF750259A2FC447CDD6EA1C7_iLib.3.0.0.dylib
CFC300B52BF0A4F09FE3E8F9B3459862_iLib.4.0.0.dylib








SHA256: fe1df17ab903979223e5eb514ffe24f72d540ad26f959201133f30a1346870df
File name: code4hk.apk
MD5:  15E5143E1C843B4836D7B6D5424FB4A5
Detection ratio: 24 / 55
Antivirus Result Update
Qihoo-360 Win32/Trojan.1d7 20141008
Baidu-International Trojan.AndroidOS.Ftikser.ayI 20141008
Ikarus Trojan-Spy.AndroidOS.Code4HK 20141008
K7GW Trojan ( 004aead21 ) 20141007
F-Secure Spyware:Android/Code4hk.A 20141008
Kaspersky HEUR:Trojan-Spy.AndroidOS.Ftikser.a 20141008
AegisLab Ftikser 20141008
Tencent Dos.Trojan-spy.Ftikser.Eadx 20141008
McAfee Artemis!15E5143E1C84 20141008
Cyren AndroidOS/GenBl.B9484AE3!Olympus 20141008
Avast Android:Code4hk-A [Trj] 20141008
Fortinet Android/Xsser.A!tr.spy 20141008
AVG Android/Xsser 20141008
ESET-NOD32 Android/Agent.AE 20141008
Avira Android/Agent.A.1448 20141008
Kingsoft Android.Troj.Code4hk.z.(kcloud) 20141008
Emsisoft Android.Spyware.Code4hk.A (B) 20141008
Ad-Aware Android.Spyware.Code4hk.A 20141008
BitDefender Android.Spyware.Code4hk.A 20141008
GData Android.Spyware.Code4hk.A 20141008
MicroWorld-eScan Android.Spyware.Code4hk.A 20141008
Symantec Android.Fitikser 20141008
AhnLab-V3 Android-Malicious/Code4hk 20141007
Sophos Andr/Ftikser-A 20141008


https://www.virustotal.com/en/file/d79b8552213bc21512fb557853ea0dee3c8e63a5108b8c294ad9c3307030ea49/analysis/
SHA256: d79b8552213bc21512fb557853ea0dee3c8e63a5108b8c294ad9c3307030ea49
File name: i (3)
Detection ratio: 15 / 54
Analysis date: 2014-10-08 13:24:01 UTC ( 15 hours, 34 minutes ago )
AVG IOS/Xsser.A 20141008
Ad-Aware MAC.IOS.Xsser.B 20141008
BitDefender MAC.IOS.Xsser.B 20141008
Comodo UnclassifiedMalware 20141008
ESET-NOD32 iOS/Krysaser.A 20141008
Emsisoft MAC.IOS.Xsser.B (B) 20141008
F-Secure Backdoor:iPhoneOS/Xsser.A 20141008
Fortinet iOS/Xsser.A!tr.spy 20141008
GData MAC.IOS.Xsser.B 20141008
Ikarus Trojan.iOS.Krysaser 20141008
McAfee IOS/Xsser 20141008
McAfee-GW-Edition IOS/Xsser 20141007
Sophos iPh/InfoStl-O 20141008
Symantec iOS.Fitikser 20141008
nProtect MAC.IOS.Xsser.B



https://www.virustotal.com/en/file/98c522be70612d5b7b030d21a7002003081ed1d9fe2589a2d7c64c7af9e7673e/analysis/
SHA256: 98c522be70612d5b7b030d21a7002003081ed1d9fe2589a2d7c64c7af9e7673e
File name: iLib.2.0.0.dylib
Detection ratio: 6 / 53
Analysis date: 2014-10-03 01:48:52 UTC ( 6 days, 3 hours ago )
ClamAV IOS.Rat.Xsser 20141003
ESET-NOD32 a variant of iOS/Krysaser.A 20141003
Ikarus Trojan.iOS.Krysaser 20141003
Kaspersky Trojan-Spy.IphoneOS.Ftikser.a 20141003
Sophos iPh/InfoStl-N 20141003
Symantec iOS.Fitikser 20141003



No comments:

Post a Comment