Name: Counterclank
MD5: 3d8e1108999dc35c5b5202985547a25f
Sample Credits: with many thanks to Sanjay, January 27, 2012
Research:
Appriva: Google Android Market is infected from new Plankton (Apperhand) variant
Symantec.Android.Counterclank
Additional samples - thanks to Tim "timv"
File: com.christmasgame.balloon.apkMD5: c9a2e226cd001a3a4fab1046a10ae50d
File: com.christmasgame.deal.apkMD5: 937c84956f6b23c98649fb658138ef93
File: com.christmasgame.wildjump.apk
MD5: bbb02e438d7eaea9e9c4dd013899410c
File: com.redmicapps.puzzles.ladies2.apk
MD5: 95bcbe87750cc5dc2c2d2b02505effee
File: com.redmicapps.puzzles.ladies3.apk
MD5: 3d8e1108999dc35c5b5202985547a25f
Download - password infected Download additional samples - password infected
VirusTotal
SHA256: c03940b31ca1b42fe1899c9c0714647bbfedc0da42f849cf6d026a381f84ab9e
SHA1: f51f9194839426cd6f3d53345702b9554a4fe86d
MD5: 3d8e1108999dc35c5b5202985547a25f
File name: com.redmicapps.puzzles.ladies3_v1.02.apk
Detection ratio: 4 / 42
Analysis date: 2012-01-28 05:06:24 UTC ( 3 minutes ago )
Kaspersky HEUR:Trojan.AndroidOS.Plangton 20120128
NOD32 a variant of Android/Plankton.G 20120127
PCTools Android.Counterclank 20120128
Symantec Android.Counterclank 20120128
https://www.virustotal.com/file/dcb07963bc45514aae762c3236cc1fa2e69a6e4a86d3c22d8dd57e9d03bae1fe/analysis/
SHA256: dcb07963bc45514aae762c3236cc1fa2e69a6e4a86d3c22d8dd57e9d03bae1fe
SHA1: 3fc1f28131fe9204014fcc10ddb7b1150396f01e
MD5: c9a2e226cd001a3a4fab1046a10ae50d
File size: 1.4 MB ( 1475968 bytes )
File name: BallonGame.virus
Detection ratio: 11 / 43
Analysis date: 2012-02-01 21:27:17 UTC ( 1 day, 6 hours ago )
ClamAV Andr.Plangton-12 20120201
Comodo UnclassifiedMalware 20120201
DrWeb Android.Plankton.7.origin 20120201
Fortinet Riskware/CounterClank!Android 20120201
Kaspersky HEUR:Trojan.AndroidOS.Plangton.a 20120201
NOD32 a variant of Android/Plankton.H 20120201
PCTools Android.Counterclank 20120201
Sophos Andr/NewyearL-B 20120201
Symantec Android.Counterclank 20120201
TrendMicro AndroidOS_PLANKTON.AB 20120201
TrendMicro-HouseCall AndroidOS_PLANKTON.AB 20120201
SHA256: 388d67fda36ebf895b99206455cc6964afee7df7c73ae91348cd2f8c2c78be7a
SHA1: 4a4fe9a24f0388fbb32cb4adc3667d775d53cf77
MD5: 937c84956f6b23c98649fb658138ef93
File size: 2.5 MB ( 2600304 bytes )
File name: Deal
https://www.virustotal.com/file/388d67fda36ebf895b99206455cc6964afee7df7c73ae91348cd2f8c2c78be7a/analysis/
Detection ratio: 14 / 43
Analysis date: 2012-02-02 02:44:10 UTC ( 1 day, 1 hour ago )
ClamAV Andr.Plangton-12
Sophos Andr/NewyearL-B
PCTools Android.Counterclank
Symantec Android.Counterclank
DrWeb Android.Plankton.7.origin
McAfee Android/Apper
McAfee-GW-Edition Android/Apper
NOD32 Android/Plankton.G
TrendMicro AndroidOS_PLANKTON.AB
TrendMicro-HouseCall AndroidOS_PLANKTON.AB
Kaspersky HEUR:Trojan.AndroidOS.Plangton.a
Fortinet Riskware/CounterClank!Android
Antiy-AVL Trojan/AndroidOS.Plangton
Comodo UnclassifiedMalware
https://www.virustotal.com/file/fc0bb164998e7a851895a0c20d33c4812d8bed2884d9788c2dc057f8e49d3d2b/analysis/
SHA256: fc0bb164998e7a851895a0c20d33c4812d8bed2884d9788c2dc057f8e49d3d2b
SHA1: d2ecd6f34e412c622dd65b8b4eafb3d886a2c2bd
MD5: bbb02e438d7eaea9e9c4dd013899410c
File size: 1.6 MB ( 1669169 bytes )
File name: Wild Man.apk
File type: ZIP
Detection ratio: 10 / 43
Analysis date: 2012-02-01 08:22:45 UTC ( 1 day, 19 hours ago )
NOD32 a variant of Android/Plankton.G
ClamAV Andr.Plangton-12
Sophos Andr/NewyearL-B
DrWeb Android.Plankton.7.origin
GData Android:Plankton-G
Avast Android:Plankton-G [Trj]
TrendMicro AndroidOS_PLANKTON.AB
TrendMicro-HouseCall AndroidOS_PLANKTON.AB
Kaspersky HEUR:Trojan.AndroidOS.Plangton.a
Comodo UnclassifiedMalware
https://www.virustotal.com/file/e7d1ebcd217935fbb443c67280afe697b72cd1ce042e4fa780b38c08a881221f/analysis/
SHA256: e7d1ebcd217935fbb443c67280afe697b72cd1ce042e4fa780b38c08a881221f
SHA1: 3d29ed9827564d5200467d7d17b51e870717b7f5
MD5: 95bcbe87750cc5dc2c2d2b02505effee
File size: 4.5 MB ( 4727853 bytes )
File name: Sexy Ladies-2.apk
File type: ZIP
Detection ratio: 9 / 43
Analysis date: 2012-02-02 02:40:17 UTC
| ClamAV | Andr.Plangton-12 | |||||
| Sophos | Andr/NewyearL-B | |||||
| DrWeb | Android.Plankton.7 | |||||
| Fortinet | Android/NewyearL.B | |||||
| NOD32 | Android/Plankton.G | |||||
| TrendMicro | AndroidOS_PLANKTON.P | |||||
| TrendMicro-HouseCall | AndroidOS_PLANKTON.P | |||||
| Kaspersky | HEUR:Trojan.AndroidOS.Plangton.a | |||||
| Comodo | UnclassifiedMalware |
https://www.virustotal.com/file/c03940b31ca1b42fe1899c9c0714647bbfedc0da42f849cf6d026a381f84ab9e/analysis/
SHA256: c03940b31ca1b42fe1899c9c0714647bbfedc0da42f849cf6d026a381f84ab9e
SHA1: f51f9194839426cd6f3d53345702b9554a4fe86d
MD5: 3d8e1108999dc35c5b5202985547a25f
File size: 4.6 MB ( 4818527 bytes )
File name: f51f9194839426cd6f3d53345702b9554a4fe86d
File type: ZIP
Detection ratio: 17 / 43
Analysis date: 2012-02-01 11:35:16 UTC ( 1 day, 17 hours ago )
ClamAV Andr.Plangton-12
Sophos Andr/NewyearL-B
PCTools Android.Counterclank
Symantec Android.Counterclank
Ikarus Android.Plankton
Emsisoft Android.Plankton!IK
DrWeb Android.Plankton.7
McAfee Android/Apper
McAfee-GW-Edition Android/Apper
NOD32 Android/Plankton.G
TrendMicro AndroidOS_PLANKTON.U
TrendMicro-HouseCall AndroidOS_PLANKTON.U
Kaspersky HEUR:Trojan.AndroidOS.Plangton.a
Avast Other:Malware-gen
GData Other:Malware-gen
Fortinet Riskware/CounterClank!Android
Comodo UnclassifiedMalware
1) The download link is wrong - it points only to the 5th sample.
ReplyDelete2) The first and the third sample are still available from the Android Market:
https://market.android.com/developer?pub=Ogre+Games
2nd download item says counterclank-pup and it is a folder with 5 samples in it.
DeleteThis is a better research on it. And it is dated earlier than the Symantec one.
ReplyDeletehttp://www.appriva.com/blog/android-security.php/google-android-market-is-infected
added Appriva. thank you
Delete