Clicky

Wednesday, October 29, 2014

Android Chathook ptrace


Research: http://blog.csdn.net/androidsecurity/article/details/27504615

88870ad3c7bd42cfe1d728b4a4ccc104

Sample credit: Thomas Wang


Download. Email me if you need the password




Read more »
0 comments Labels:

Wednesday, October 8, 2014

Xsser mRat Android and IOS samples


Sorry for the delay, here are the Xsser samples.

Xsser Android
File: code4hk.apk
Size: 409709
MD5:  15E5143E1C843B4836D7B6D5424FB4A5
sample credit: Shalom Bublil


Xsser (mRat) for IOS
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/iPh~InfoStl-O/detailed-analysis.aspx

File: xsser.0day_1.1_iphoneos-arm.deb
MD5 2ee65c7faeba0899d397f6e105cc53c3
Sample Credit: KernelMode forum and anonymous upload to Malwaredump

Dylib files from the C2 (e.g. http://www.xsser.com/upload/Lib/iLib.4.0.0.dylib|iLib.4.0.0.dylib|4.0.0|1033720) 

FAB47459D191C09406DD15D90AF403CB_iLib.2.0.0.dylib
2CBA795AFF750259A2FC447CDD6EA1C7_iLib.3.0.0.dylib
CFC300B52BF0A4F09FE3E8F9B3459862_iLib.4.0.0.dylib







Read more »
0 comments Labels: ,

Monday, September 15, 2014

iOS AppBuyer malware - infostealer


Research:
Wei Feng Technology Group -Wei Feng Technology Group] on the source of malicious hackers discovered a rogue plug-track hacking  (CN)
Palo Alto  AppBuyer: New iOS Malware Steals Apple ID and Password to Buy Apps; 


Sample credit: Claud Xiao

File: com.archive.plist
MD5:  6EEE2BA0C18C69A71E3F879C2A46BDAA

File: updatesrv
MD5:  1C32F9F05234CAC7DD7A83E3925A3105

File: u2_88
MD5:  B4DAFC195DB19C661C25C54AEA39982B

File: u1_88
MD5:  68424FF30F6FD1DEBD3CFF1997FAB17E

File: u1
MD5:  69147A1AD05D64202B2D7BB0EA1BAB46

File: u2_80
MD5:  5F4741EBAFFD9C53473D79A1252F82CB

File: u1_80
MD5:  B88451E74C1091B9022F7199704959B0


Download. Email me if you need the password.



Read more »
0 comments Labels:

Sunday, August 3, 2014

Android XXshenqi SMS sender


Research:
Analysis Report: Baidu  http://safe.baidu.com/2014-08/xxshenqi.html
News: http://finance.chinanews.com/it/2014/08-03/6452953.shtml
Sample Credit - Thomas Wang


File: com.android.Trogoogle.apk
Size: 1563595
MD5:  EF819779FC4BEE6117C124FB752ABF57

File: XXshenqi.apk
Size: 2588891
MD5:  9C06E0963A3F3383CD810F5041364BFA

Download. Email me if you need the password





Read more »
0 comments

Wednesday, July 23, 2014

Android ScarePackage Ransomware


Research: Lookout. U.S. targeted by coercive mobile ransomware impersonating the FBI
Sample Credit: Tim Strazzere

File: com.android.locker.apk
Size: 488296
MD5:  645A60E6F4393E4B7E2AE16758DD3A11


Download. Email me if you need the password





Read more »
1 comments Labels:

Monday, June 23, 2014

(Another) Android Trojan Scheme Using Google Cloud Messaging - SMS Spyware



Sample credit: Federico Maggi

File: test98.apk
Size: 1051288
MD5:  D65C5EF9739ABAE77F5B13B8B562B18A

File: test99.apk
Size: 1051283
MD5:  D968FF20B7A25A79E922511101B7F7CC\

File: test97.apk
Size: 1051286
MD5:  5A7C8EB61061F86FDCDBF9118711CC53





Read more »
0 comments Labels:

Wednesday, June 4, 2014

Simplocker - Android File-Encrypting, TOR-enabled Ransomware


File: fd694cf5ca1dd4967ad6e8c67241114c.bin
Size: 4917678
MD5:  FD694CF5CA1DD4967AD6E8C67241114C

Research: ESET Analyzes First Android File-Encrypting, TOR-enabled Ransomware
Sample credit: Sanjay Gupta


Download. Email me if you need the password




Read more »
0 comments Labels: ,

Saturday, May 10, 2014

Android Koler - Cryptolocker/Ransomware (sample #2, Reveton team)

Please see the previous post with another sample here:
http://contagiominidump.blogspot.com/2014/05/android-locker-from-reveton-team.html (Posted by Kafeine)

File: koler.apk
Size: 316715
MD5:  67BDE6039310B4BB9CCD9FCF2A721A45

Research/News:
Avast: Fake government ransomware holding Android devices hostage
手机毒霸:敲诈者安卓病毒(Cryptolocker)正横扫美国  

Sample credit: Yu Liang

Download. Email me if you need the password




Read more »
0 comments Labels: , ,

Android Monitor spyware - HGSpy.A / QlySpy.a

Read more »
1 comments Labels: , ,

Tuesday, May 6, 2014

Android SMS trojan - Google fake installer (downloader from Dropbox url)


憑證.apk
67235B16BC2FAB6836847EA51703E298
Download. Email me if you need the password


Read more »
0 comments

IOS iphone Stealer.A - malware acting as a Substrate module

Read more »
0 comments Labels:

Android fake AV - Se-cure MobieAV

Read more »
0 comments Labels: ,

Android Samsapo.A


Research: ESET: Android malware worm catches unwary users
Sample credit: Steven Chen

Size: 473650
MD5:  60B4EF7037CA6A4D1EE7E3C35C8E27D7
Size: 473875
MD5:  C1F9283B7AD8457160D3C189430F2C75

Download. Email me if you need the password






Read more »
0 comments Labels: ,

Android locker from the Reveton team

MD5 fb14553de1f41e3fcdc8f68fd9eed831
hone_Police_Ransom.apk

Sample credit -  Kafeine

Download : http://malware.dontneedcoffee.com/2014/05/police-locker-available-for-your.html?m=1



Read more »
0 comments Labels: ,

Android Fake banker

MD5
7276e76298c50d2ee78271cf5114a176
a15b704743f53d3edb9cdd1182ca78d1
aac4d15741abe0ee9b4afe78be090599

 Sample credit - anonymous (thank you)



 Download. Email me if you need the password


Read more »
0 comments Labels:

Android SMS trojan Flash fake installer

File: imauyfxuhxd.qhlsrdb-1(20140414)(2).apk
Size: 141987
MD5:  7D25D4CDBF3CFC8B6E9466729B84D348

Sample credit - anonymous




Download. Email me if you need the password



Read more »
0 comments Labels:

Wednesday, April 2, 2014

Oldboot.B - Android bootkit



Research: Oldboot.B:与Bootkit技术结合的木马隐藏手段的运用 Chinese version: 
English version: Oldboot.B: Bootkit technology combined with the use of a means to hide Trojans 
Author: iRiqium, Zhaorun Ze, Jiang Xuxian

Sample credit: Qing Dong

phone1
sbin/adb_server  a4c89abc46bbb34c6dd2c23caad99d61
sbin/meta_chk 6976d12388939d6cb93e28236212c8c7
init.rc 51b52552baf91d00e8f34ec052339f13

phone2
sbin/meta_chk cea6dd8a13cbce59097ad87fafb91fcd
init.rc f8f8e0b089bedbd58bea8a262229a234

phone3
sbin/agentsysline e5d27b3e64ed5e2ae6d6c063e3ddf08a
sbin/boot_tst 04c6dfa8457f1dd88258d427be089e00
init.rc eec3292341177d9e39530d0ab481ead0


 Download. Email me if you need the password (new link)

Image by 360.cn

0 comments Labels: ,

Wednesday, March 26, 2014

Android CoinKrypt - bitcoin miner malware


Research: Lookout. CoinKrypt: How criminals use your phone to mine digital currency
https://github.com/strazzere/android-scripts/blob/master/Decoders/MuchSad/dogekrypt.java
Sample credit: Tim Strazzere


File: com.melodis.midomiMusicIdentifier.apk
Size: 8248809
MD5:  61253FAAC66F34BCF35B80FE767F136E

File: com.ventel.android.radardroid2.apk
Size: 6026091
MD5:  738A0109AB5C37F9EFA7729EACDBE314

File: mikado.bizcalpro.apk
Size: 3330167
MD5:  BCCC62AE0129D484F0407FEDD701D211

Download. Email me if you need the password
0 comments Labels:

Tuesday, March 25, 2014

iOS adware using Cydia


Research: 
New iOS malware use Cydia Substrate to steal advertisement promotion fee by Claud Xiao
or in Chinese http://bbs.pediy.com/showthread.php?p=1270415

1)
File: spad.plist
Size: 302
MD5:  D90A9E9DD3C95E9C12CAFE48F5362781

File: spad.dylib
Size: 166976
MD5:  8099C75F8F3A7BE16A8246FD5B90185A

2) 
Additional binaries
downloaded by the adware to the victims device

File: libgad.dylib
Size: 1070048
MD5:  CE0A6550E51F3C1B1F49C39A297077E0

File: sad
Size: 31952
MD5:  E890CF2B1F9ADC4364B9A38FFFA14ABC


Download. Email me if you need the password
Download additional binaries

0 comments Labels:

Thursday, March 6, 2014

Dendroid - Android spyware

Research: Lookout - Dendroid malware can take over your camera, record audio, and sneak into Google Play

Sample credit: Tim Strazzere

File: com.parental.control.v4.apk
Size: 942846
MD5:  DB01F96D5E66D82F7EB61B85EB96EF6E

File: com.parental.control.v4-dexguarded.apk
Size: 833648
MD5:  52A30B58257D338617A39643E2216D0C

Download: Email me if you need the password




Read more »
0 comments Labels:
Subscribe to: Posts (Atom)