Android Xiny samples Infostealer

Research: Dr. Web: Trojan targeted dozens of games on Google Play
Lookout: LevelDropper: A takedown of autorooting malware in Google Play

Sample Credit: Tim Strazzere

List of files MD5:

174C652D7595F42211B1BD8E4CD79478

20A79956BC5BF362CBD7F91FC23A7891

66D3DF032D8C4FED2CBBF88F1293F3E6

7683D2F01BF49BED435FE7C2F171A844  (from Lookout blog)

7EBA711410F80CD405AD9FD1DC590C4A

CC881BF76890246559FC83086CFF1A73

D3F3B28C00BD903DFC270FBDF457FA1C

E75A226995CA04152B0007C96A675989

Same files in SHA1

1FACB067F3387802DE18DCC43FB9E8ABE964E479

3646C8361252876012402878B84763403928B588 (from Lookout blog)

8832D44BD531C5934A08979B1358A79C99D77C9F

8FC5DF9B9C80E4EC833DAA2A2D2B00047A6EEDE0

A49156F7F854CEE1727816D269AC5ADA5695ECA5

AC1E0BBCE00F33831735B466BF78C4487F7E2C7B

B611523D20C9B06A31207559F9E43AB1BC717327

ED1AE43A0649FB2CE6581E8FE06444FE0868AE17

Same files in SHA256

490969e1fbcb78ab7cc948a2d799fe9bc7f194930efadeb5b33f1f1118e72263

4cb55a17048352829e5d8fd02be3c334dcf92abfb8e1a697f85ef90f6dd56c3e

7f1ab172f109807c794590b14a728a15153b6644b4694c7ec431d61a8fe35ece

8e33dfacc5dc1e18d145ecdafe576c22f4dbe012e1969522e6e3f4543c51ac22

916211f649695e88dd77f7ebfef9141f25f5ad44f8f1c3052161612e8e9fa063

98e9ae7f2c0be9da1a6f2f8d472d586e7d22b1402914ea306371651d5b22b69f

b9c73175b65beb2641c85831c614ac2da9bbe6d353e3c1625785bad7e40356d4 (from Lookout blog)

db24b4e142acc6f8c81cba1a5703c6ed8b9e39817ab81a91a065e24266527f5a

Download. Email me if you need the password

SocialPath - Android infostealer sample

Research: Jan 6, 2015  Lookout. The privacy tool that wasn’t: SocialPath malware pretends to protect your data, then steals it

Sample credit: AVL Team

MD5 78835947CCA21BA42110A4F206A7A486




Download. Email me if you need the password (new link)

Android Tetus - Infostealer

File: com.stephbriggs5.batteryimprove-2.apk
Size: 293777
MD5:  6408DF6ABA4C7F1803C2AAC8F17C4CA3


File: 85CE55DC130F214B0567987EDFF77DC0
Size: 274999
MD5:  85CE55DC130F214B0567987EDFF77DC0


File: com.droidmojo.awesomejokes.apk
Size: 268360
MD5:  01772AEFE0230C3669E21D79FC920D2E



File: 65C75AF5DE2628BD6215BB99DD76D3AC
MD5:  65c75af5de2628bd6215bb99dd76d3ac
Size: 277644

Research: Symantec. Android Tetus

When the Trojan is executed, it registers an SMS observer to record SMS messages and send them to the following command-and-control (C&C) server:
[http://]android.tetulus.com

The Trojan may delete some SMS messages from the device.

It may also register an SMS receiver to send SMS messages without the user's consent.

The Trojan may send a list of all installed apps on the device to the following remote location:
[http://]fast.app-engines.com

Download. Email me if you need the password

Geinimi - OPDA CacheMate v2.5.9

Name:                Geinimi  - OPDA CacheMate v2.5.9
MD5:                 8b12ccdc8a69cf2d6a7e6c00f698aaa6
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011

Geinimi - Android SPL meter

File Name:              com.splGUI.splMeter.apk

MD5:                      08e4a73f0f352c3accc03ea9d4e9467f
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Geinimi - com.feasy.jewels.Gel

File name:          com.feasy.jewels.Bears

MD5:                543e9d86dd28005342a3313bdc588009
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Geinimi - Banking Trojan www.ipay.com.cn

MD5:                    3374d6322542d6aec9d319df335215e5
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Geinimi - Armored Strike

Name:                Armored Strike
File Name:         com.requiem.armoredStrike.apk
MD5:                 5d27c7d0c5630f4c7a8b7a8f45512f09
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Geinimi - MetroXing Chinese metro maps

 
Name:              com.etagmedia.metro.apk   Beijing, Guangzhou, Shanghai, Shenzhen  - metro maps
MD5:              54fad8426e03a05279223173ec7d2fe2
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011

PJApps.A - Mail/FTP app

    
MD5:                      de759e9fdb3ec577d753ff240fc91a13
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Geinimi - Kosenkov Protector

Name:               com.kosenkov.protector.
MD5:                404fd6f9113870d1b6e63dcd23cfe206
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011

PJApps - Fingerprint Screensaver

Name:               Fingerprint Screensaver 
MD5:                 722da6cdfa8bac482c9c6be105b0ff2a
File Name:        com.jiubang.screenguru.apk
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011

Geinimi - Shopper 's Paradise

 
Name:               com.sgg.sp.ShoppersParadise.apk
MD5:                ea80ae4c4a17e8608e0fc7d6e34bf37e
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Kmin - Wallpaper Changer- Infostealer

MD5:          
   231696ffdf8d00c9d09af7fb85b4991d
MD5:                 be63349846165811da4e3444c5d15dea
MD5:                  2289293578008531755462e4e88afc17

MD5:                  8a0c4006157c766a08c313fa2143f1fe
MD5:                  3284493FB26FFCE5A1C23AF6B2383B6D
MD5:                  b5444e6c3c8376f7d2eccb974f31c7c3
MD5:                 b1c866ff733a3cb89bc101878e41523e
MD5:                  0f182524c0fe8ff999bfa3d63c9a9e97



Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011 

1. Download  231696ffdf8d00c9d09af7fb85b4991d (password infected)
2. Download be63349846165811da4e3444c5d15dea (password infected) 
3. Download 2289293578008531755462e4e88afc17 (password infected) 
4. Download 8a0c4006157c766a08c313fa2143f1fe (password infected) 
5. Download 3284493FB26FFCE5A1C23AF6B2383B6D (password infected) 
6. Download b5444e6c3c8376f7d2eccb974f31c7c3 (password infected)
7. Download  b1c866ff733a3cb89bc101878e41523e (password infected)
8. Download 0f182524c0fe8ff999bfa3d63c9a9e97 (password infected)
   

or Download an archive with all the files donated on Oct. 21. 2011


It appears data is going to http://su.5k3g.com/portal/m/c5/0.ashx

Geinimi-A BS2010

Name:             BS2010  
File Name:        com.gamevil.bs2010.BS2010
MD5:             0da3484a20c85c0489fea8f53316b53c
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Geinimi-B - GoldenMiner

 
Name:                 GoldMiner   
File Name:         com.handcn.GoldMiner.free.GoldMiner
MD5:                025a55c1bcbd3be2ca03aa314ce9a4c2
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Fake Netxflix - Android trojan info stealer

Name:                    Fake NetFlix
File Name:             com.netflix.mediaclient-1w.apk
MD5:                     83C6414C9C7964F4FB88E0D2477C20E4
Sample Credits:     many thanks to Sanjay, October 13, 2011
Research:              Symantec blog: Will Your Next TV Manual Ask You to Run a Scan Instead of Adjusting the Antenna?

Download  (password infected)

Gone in 60 seconds - Android spyware

Name:                    Gone in 60 seconds
File Name:             
com.gone60-1.apk
com.gone602-1.apk
com.gone603-1.apk
com.gone604-1.apk
com.gone605-1.apk
MD5:                     
859CC9082B8475FE6102CD03D1DF10E5
8D4018A73A35E079ABA1D0FD8A06E522
CB236442CF93A47BC15E3F312F097992
F259DEAAB9A14ECD4AA4107BE9BDA6FD
B99BA24A35C7A49E65D41FFC6B1282BE
Sample Credits:     many thanks to Jason Ross, Sept.29, 2011
Research:            
All data stored on your smartphone ….. gone in 60 seconds by Vlad Constantin ILIE, BitDefender Malware Researcher

AVG Malware information: Gone in 60 Seconds

Download  (pass infected)

Spyeye for Android

Name:                    Spyeye for Android
File Name:             spitmo_cfa9edb8c9648ae2757a85e6066f6515_simseg.apk
MD5:                      cfa9edb8c9648ae2757a85e6066f6515
Sample Credits:     many thanks to evilcry, September 14, 2011
 First SpyEye Attack on Android Mobile

Research:

• First SpyEye Attack on Android Mobile Trusteer
• Malware Analysis: ZitMo Trojan for AndroidOS by Dhawal Desai, Kindsight Security Labs
•  Clash of the Titans 2 – The Rematch: Zitmo (Zeus) v Spitmo (SpyEye)

Download  (pass infected)