Clicky

Saturday, July 9, 2016

Pokemon GO with Droidjack - Android sample


Research: Proofpoint. DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found


File Info:
MD5 d350cc8222792097317608ea95b283a8
SHA1 561ae708f234f46dbdca1d7f2a38d854d9bb60df
SHA256 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4


Download. Email me if you need the password.


Sunday, July 3, 2016

Overlay banker malware locker

Marcher overlay Android trojan



Research: IBM XForce Exchange. Marcher Android Bot 

Sample credit: Marc Rivero López


Download. Email me if you need the password




File information:
fafaebe042ba9c59b2c3f65f43774cdb5369f838469e133a7c26e824f6d20cc6
b8b9868a24898c8cb39d90c6d38233efabff5b0daf67bbbb54d1e3d0751dd4cb
9d76af8c314e9904906218974c6ae6eec055932aad0292de3554bf5a86371b5b
0de832302ec11bcfda465e903fcd66b2a0bcc8c2b627b43196ef76ca02899765
fd988b737500c564d143095972b20f6a0acd5a4f16a0e10fec8c4bb776469601

MD5s
56ED9C77571C81C208BF49FEF4422E8F
58FB8F875F3C9ACF0FD0C4EE3C0A002A
5B0EA09640C86C25DD2AEE85515B8AA7
8B9044C22485A84831B14FB8E63AD349
FBF3348F3137DD673745677FFD8E91FF

Android Triada modular trojan

Saturday, July 2, 2016

Android overlay malware - credentials stealer, banker




List of files. 
MD5
035D1F3B7FB532A33DE7A8445F9FA325
036258E2C51E21C140B5838CE9BFB4F8
05131969AF2AE6CBFDDF789512F02AA2
06E74DF867E9CB5C1BAFC98165C6C248
...

Android spyware for Viber app (Beaver Gang Counter)


Research: Sophos: “Beaver Gang Counter” malware ejected from Play Store

MD5 65065b53381ebc971160a91ef81dec99
SHA-1 433293e2689e8377c890940ed77f8fb9db24a53e
SHA-256 a707cb76e566321c08b8ba8f5c89cb0cf41125468366f5b8fdad8c6fa526deb4

Download. Email me if you need the password



https://www.virustotal.com/en/file/a707cb76e566321c08b8ba8f5c89cb0cf41125468366f5b8fdad8c6fa526deb4/analysis/

Godless Android root exploit samples



Research: ‘GODLESS’ Mobile Malware Uses Multiple Exploits to Root Devices
http://documents.trendmicro.com/assets/pdf/goddless-mobile-malware-uses-multiple-exploits-to-root-devices.pdf

List of files:
MD5:
32DCA26EEE9B8BEDE8C27278A77F031B
3B1C1D476EA80BD58F3EB1BBB32C42FA
48AB87DE9DE719A08F3F70AEF4642C02
5ACEB560AC3F56956F2F4F29AD227A91
633E34627FC5068C52DF2314D0DCF735
844BA4A0564CA7FF99E5C85CAA926AD4
A5A36007625371C5C828B938796578CA
B98988B42F5E3EC92A557A1F31DF333D
BC5D697E9217FE06194E565C4E031517
F95457DC6FE0BC142D541FEA47D7CF1D
FB04E52C9C93E65F980876C767D003DC
FC27A200F241D42A46786ADEA05B0339

SHA1
44E81BE6F7242BE77582671D6A11DE7E33D19ACA
50450EA11268C09350AAB57D3DE43A4D5004B3A1
57795C32F75A02A68B9A8ACB5820EB039C083A16
5900FABBE36E71933B3C739EC62BA89AC15F5453
5D2A08D7C1F665EA3AFFA7F9607601FFAE387E8B
74A55E9EA67D5BAF90C1AD231E02F6183195E564
7809E1B6F85EE0FA7F0C2A3F1BFDC7FA668742BB
7EBDD80761813DA708BAD3325B098DAC9FA6E4F5
84C444A742B616BC95C58A85C5C483412E327C50
A3E84C4B770EF7626E71C9388A4741804DC32C15
AED8828DC00E79A468E7E28DCA923CE69F0DFB84
D57D17EB738B23023AF8A6DDAFD5CD3DE42FC705


Download. Email me if you need the password





Hummingbad - Android fraudulent ad malware campaign samples



Research: Checkpoint. From HummingBad to Worse. Hummingbad Android malware campaign.



Download. Email me if you need the password

List of files - 590 files
SHA256
005f9964b813844a6c6af354456cc7da6d23055fde896b38b04ef094acc20f09
016c6836f756c08755f4aee13d35b4bbf7310fc13a9e5715fa53f315d83d1249
01758cb79e08759d6414c9dd18ccaed4b337adf4b059165d5096dd4f5b79f673
019a0d62a989c8315ad07474027ed91665a6b18413409bd0d714c2e3bcb1558c
01b87d63826e9cf4b5c0a6e4ade6772494817f4bf9ae820b0625a54567b675b2
02308963dbc8827533d03f4274502701fb94b5190ddcbe81672f868e744a9580
02d781a16a7975e7cdd0303f85fab0490ced3e13d86af32207e229469c78ec83
031cc7ef3bf3f380e2902fb199df489d4afb56134215747b36a4da243f405001
031d2ece2d2207d522463bc2674eb6e131b3d58bc2b969d6ef3b2c2c9be5a6f0
....
open the post to see the rest

WhatsApp - Sberbank Android Banker


Research: ZScaler. Android Banker malware goes social
MD5
14F582EB7DBB6BF38FCE331C5D1042EA
19E36E76B58CD49025455AC23CE1461B
1B319EBE6083D273EE14154A1FD89742
21501127972BFBD1C4A89EC39E0AA084
39A5BB63F946F2AF6489456A1281B06D
835576FB19E60F6186F86706CF03AC45
86BF3FAE93B0AE555584860AB4311BB0
C237CF028E46FD07460C289C3FA46025

Sample credit: Shivang Desai and others


Download. Email me if you need the password





Friday, July 1, 2016

Android Xiny samples Infostealer



Research: Dr. Web: Trojan targeted dozens of games on Google Play
Lookout: LevelDropper: A takedown of autorooting malware in Google Play

Sample Credit: Tim Strazzere

List of files MD5:
174C652D7595F42211B1BD8E4CD79478
20A79956BC5BF362CBD7F91FC23A7891
66D3DF032D8C4FED2CBBF88F1293F3E6
7683D2F01BF49BED435FE7C2F171A844  (from Lookout blog)
7EBA711410F80CD405AD9FD1DC590C4A
CC881BF76890246559FC83086CFF1A73
D3F3B28C00BD903DFC270FBDF457FA1C
E75A226995CA04152B0007C96A675989

Same files in SHA1
1FACB067F3387802DE18DCC43FB9E8ABE964E479
3646C8361252876012402878B84763403928B588 (from Lookout blog)
8832D44BD531C5934A08979B1358A79C99D77C9F
8FC5DF9B9C80E4EC833DAA2A2D2B00047A6EEDE0
A49156F7F854CEE1727816D269AC5ADA5695ECA5
AC1E0BBCE00F33831735B466BF78C4487F7E2C7B
B611523D20C9B06A31207559F9E43AB1BC717327
ED1AE43A0649FB2CE6581E8FE06444FE0868AE17

Same files in SHA256
490969e1fbcb78ab7cc948a2d799fe9bc7f194930efadeb5b33f1f1118e72263
4cb55a17048352829e5d8fd02be3c334dcf92abfb8e1a697f85ef90f6dd56c3e
7f1ab172f109807c794590b14a728a15153b6644b4694c7ec431d61a8fe35ece
8e33dfacc5dc1e18d145ecdafe576c22f4dbe012e1969522e6e3f4543c51ac22
916211f649695e88dd77f7ebfef9141f25f5ad44f8f1c3052161612e8e9fa063
98e9ae7f2c0be9da1a6f2f8d472d586e7d22b1402914ea306371651d5b22b69f
b9c73175b65beb2641c85831c614ac2da9bbe6d353e3c1625785bad7e40356d4 (from Lookout blog)
db24b4e142acc6f8c81cba1a5703c6ed8b9e39817ab81a91a065e24266527f5a


Download. Email me if you need the password