Clicky

Tuesday, June 2, 2015

AndroidOS.Wroba.x / HijackRAT - Android sample

A variant of

Research: Fireeye: The Service You Can’t Refuse: A Secluded HijackRAT 2014

Sample Credit: SUVsoft

MD5:  a21fab634dc788cdd462d506458af1e4
Size: 403974

Installed apps:
com.ahnlab.v3mobileplus
-----
com.android.internal.telephony.ITelephony
com.epost.psf.sdsi
com.estsoft.alyac.ui
com.hanabank.ebk.channel.android.hananbank
com.ibk.neobanking
com.kbstar.kbbank
com.kftc.kjbsmb
com.sc.danb.scbankapp
com.shinhan.sbanking
com.smg.spbs
com.wooribank.pib.smart

 
Download. Email me if you need the password. 





SHA256: af8962bf88f629876ce9fb28a3ba64140ffc7265938234b0bf637d8c88d32370
File name: 13178EDIM.apk
Detection ratio: 21 / 57
Analysis date: 2015-06-02 17:13:13 UTC ( 10 hours, 15 minutes ago )
Antivirus Result Update
F-Secure Trojan:Android/Fakeinst.MQ 20150602
Baidu-International Trojan.Win32.Agent.AaA 20150602
Ikarus Trojan.AndroidOS.Saho 20150602
NANO-Antivirus Trojan.Android.Agent.djyobe 20150602
Kaspersky HEUR:Trojan-Banker.AndroidOS.Wroba.x 20150602
Cyren AndroidOS/FakeBanker.G.gen!Eldorado 20150602
Avast Android:Banker-FI [Trj] 20150602
Avira ANDROID/Dropper.Agent.PAS.Gen 20150602
CAT-QuickHeal Android.Wroba.A 20150602
Emsisoft Android.Trojan.FakeInst.MV (B) 20150602
Ad-Aware Android.Trojan.FakeInst.MV 20150602
Arcabit Android.Trojan.FakeInst.MV 20150602
BitDefender Android.Trojan.FakeInst.MV 20150602
GData Android.Trojan.FakeInst.MV 20150602
MicroWorld-eScan Android.Trojan.FakeInst.MV 20150602
Tencent Android.Trojan.Dropper.Liqh 20150602
DrWeb Android.BankBot.39.origin 20150602
AhnLab-V3 Android-Trojan/Mqt.b457 20150602
Sophos Andr/SmsThief-A 20150602
Alibaba A.H.Fak.AhnLabPlus 20150602
ESET-NOD32 a variant of Android/Saho.B 20150602

No comments:

Post a Comment