Pages

Friday, July 8, 2011

Take a sample, leave a sample. Mobile malware mini-dump - July 8 Update


This post and all mobile malware moved to contagiominidump.blogspot.com

I frequently get requests for already published on Contagio mobile malware and also new files that might be mentioned in the media and blogs. I do not really have a large collection of mobile malware but I welcome the submissions.
Here is a folder with the most recent files I have. If you use upload feature on the blog (see below) and send more mobile malware samples, they will be added to this folder for everyone to come and use.

Download

Download files from the mobile malware mini-dump (new link)
 use infected for the password

Current list (~50+ downloads = around 200 individual files as of June, 2011). Hyperlinks lead to Virustotal
Download from the dump link above or click on "download" link if present
  1. Zitmo Android Edition (Zeus for mobile) ecbbce17053d6eaf9bf9cb7c71d0af8d  Download (thanks to anonymous, July 8, 2011)  Zitmo hits Android Axelle Apvrille- Fortinet
  2. GoldDream.A  BloodvsZombie_com.gamelio.DrawSlasher_1_1.0.1.apk b87f2f3a927bf967736ed43ca2dbfb60 (many  thanks for the sample to oren@avg-mobilation July 6,2011) Download Read more:Security Alert: New Android Malware -- GoldDream -- Found in Alternative App Markets  Xuxian Jiang
  3. GoldDream.B v1.0_com.GoldDream.pg_1_1.0.apk f66ee5b8625192d0c17c0736d208b0b (many  thanks for the sample to oren@avg-mobilation July 6,2011) Download Read more: Security Alert: New Android Malware -- GoldDream -- Found in Alternative App Markets  Xuxian Jiang
  4. DroidKungFu2 -A _com.allen.txthej_1_1.0 F438ED38B59F772E03EB2CAB97FC7685 (many  thanks for the sample to oren@avg-mobilation July 3,2011) Download  Read more: Security Alert: New DroidKungFu Variants Found in Alternative Chinese Android Markets 
  5. DroidKungFu2 -B __com.tutusw.onekeyvpn_7_1.1.6_54bc7a8fb184884a26e4cce74697d3a5 (many  thanks for the sample to oren@avg-mobilation July 3,2011) Download  Read more: Security Alert: New DroidKungFu Variants Found in Alternative Chinese Android Markets 
  6. net.maxicom.android.snake  7937c1ab615de0e71632fe9d59a259cf (with many thanks to anonymous) Download Read more: Tap Snake Game in Android Market is Actually Spy App (UPDATE)
  7. jSMSHider org.expressme.love.ui.apk 24663299e69db8bfce2094c15dfd2325 (with many thanks to Tim Strazzere from Lookout Mobile Security, June 16, 2011) Download Read more: Lookout blog: Security Alert: Malware Found Targeting Custom ROMs (jSMSHider)
  8. com.crazyapps.angry.birds.rio.unlocker-1.apk 106e27df8c0bdd78d668f9a3baab95c5 (with special thanks to Prasad Purandarear June 14, 2011) Download Read more: Google removes malicious Angry Birds apps from Android Market
  9. Basebridge A  com.keji.sendere.apk  c3b9ed157b71fba7c01be4394c12cd01 (with many thanks to ar f, June 6, 2011) Basebridge A malware  Download Read more: NetQuin. Security Alert: Fee-Deduction Malware on Android Devices Spotted in the Wild | Read AVG report Malware information: BaseBridge
  10. DroidKungFu.A _com.sansec_9_V1.0.09.apk 107af5cf71f1a0e817e36b8deb683ac2 (many  thanks for the sample to oren@avg-mobilation June 5,2011) Download Read more: Security Alert: New Sophisticated Android Malware DroidKungFu Found in Alternative Chinese App Markets   | Read AVG report Malware information: DroidKungF
  11. DroidKungFu.B -com-aijiaoyou-android-sipphone-1005-1-0-5-apk 39D140511C18EBF7384A36113D48463D (many  thanks for the sample to oren@avg-mobilation June 5,2011) Download Read more: Security Alert: New Sophisticated Android Malware DroidKungFu Found in Alternative Chinese App Markets | Read AVG report Malware information: DroidKungFu
  12. Basebridge A_com.keji.unclear_1_1.0.apk BC6C20C79AED279B409C614A92E63BB9 (many  thanks to oren@avg-mobilation June 5,2011) Basebridge A malware  Download Read more: NetQuin. Security Alert: Fee-Deduction Malware on Android Devices Spotted in the Wild
  13. Basebridge A anserverb.apk b2d359952bce1823d29e182dacac159c (many  thanks to oren@avg-mobilation June 5,2011) Basebridge A malware  Download Read more: NetQuin. Security Alert: Fee-Deduction Malware on Android Devices Spotted in the Wild | Read AVG report Malware information: BaseBridge
  14. Basebridge B anserverb_qqgame.apk 749269ccabed03a4ec48001534661b4d (many  thanks to oren@avg-mobilation June 5,2011) Basebridge B malware  Download Read more: NetQuin. Security Alert: Fee-Deduction Malware on Android Devices Spotted in the Wild| Read AVG report Malware information: BaseBridge
  15. Basebridge B QQ-tencent-qqgame-lord-24-1-1-apk  1bcda430eda6f2606d50f917d485500a (many  thanks to oren@avg-mobilation June 5,2011) Basebridge B malware  Download Read more: NetQuin. Security Alert: Fee-Deduction Malware on Android Devices Spotted in the Wild
  16. DDreamLight com.Beauty.Leg-1.apk f35ca875498685d02fb61d68a1345054 (with many thanks to Tim Strazzere from Lookout Mobile Security, May 31, 2011) Download Read more: Lookout blog: May 31 Security Alert: DroidDreamLight, New Malware from the Developers of DroidDream | Read AVG report Malware information: DroidDreamLight
  17. DDreamLight com.Beauty.Girl-1.apk a3c2d7977a6b83c7f5b59e6009496c4b (with many thanks to Tim Strazzere from Lookout Mobile Security, May 31, 2011) Download Read more: Lookout blog: May 31 Security Alert: DroidDreamLight, New Malware from the Developers of DroidDream  Read AVG report Malware information: DroidDreamLight
  18. DDreamLight com.Beauty.Breast-1.apk 3ae28cbf5a92e8e7a06db4b9ab0a55ab (with many thanks to Tim Strazzere from Lookout Mobile Security, May 31, 2011) Download Read more: Lookout blog: May 31 Security Alert: DroidDreamLight, New Malware from the Developers of DroidDream  Read AVG report Malware information: DroidDreamLight
  19. DDreamLight HotGirls3_com.japanese.hot.girl_1_1.0.apk 91d23081b8478556e8a2b2fdf28f5760 (many  thanks to oren@avg-mobilation May 31,2011) Download Read more: Lookout blog: May 31 Security Alert: DroidDreamLight, New Malware from the Developers of DroidDream Read AVG report Malware information: DroidDreamLight
  20. DDreamLight _com.electricsheep.master.paintpro_10_2.0.1.apk  70508327ed95b8d86aa7bb630aaf8446 (many  thanks to oren@avg-mobilation May 31,2011) Download Read more: Lookout blog: May 31 Security Alert: DroidDreamLight, New Malware from the Developers of DroidDream Read AVG report Malware information: DroidDreamLight
  21. Holy ***king Bible Holycolbert10.apk 60ce9b29a6b9c7ee22604ed5e08e8d8a (thanks to anonymous May 25, 2011) Download  Read more: Symantec: Android Threat Set to Trigger On the End of Days, or the Day’s End | Read AVG report Malware information: Holy F***ing
  22. classes.dex 31b08f19384c2de7e36eb2e38f53f1fb Download (thanks to anonymous May 25, 2011) Smspacm sample found on mobolism.com after users reported wallpapers mysteriously changing
  23. Andr/PJApps 927716756dd139381938d5e9fcb030cb (thanks to anonymous May 20, 2011) Download  Read more TrojanSpy:AndroidOS/Pjapps.A
  24. iCalendar acbcad45094de7e877b656db1c28ada2 Download Thanks to Anonymous May 11, 2011) Read more:  Security Alert 2011-05-11: New SMS Trojan "zsone" was Took Away from Google Market |  Read AVG Report Malware information: zsone (iMatch, iCalendar and others) 
  25. iMatch 0e51a56cc59fa3361b48cb9425a03b57 Download (thanks to Oren BarAd@AVG-Mobilation) Read more:  Security Alert 2011-05-11: New SMS Trojan "zsone" was Took Away from Google Market |  Read AVG Report Malware information: zsone (iMatch, iCalendar and others)
  26. RZStudio dbcc8df8cad771ef7bc807764fed06af  Download (thanks to Oren BarAd@AVG-Mobilation) Read more:  Security Alert 2011-05-11: New SMS Trojan "zsone" was Took Away from Google Market aWalk and Text v1.3.7android app cracked full.apk  (thanks to anonymous, April 1, 2011) Top Rated “Walk and Text” Application Pirated, Trojanized in 3rd Party App Stores|  Read AVG Report Malware information: zsone (iMatch, iCalendar and others)  
  27. 1.apk - f2f69f24b41a1d2fc7b57bf2201dbebb - (thanks to anonymous, March  31, 2011) some mystery apk,  let me know if it is malware or not
  28. DDream-444578756853741426-Super Guitar Solo_ECAD34C72D2388AAFEC0A1352BFF2DD9.apk (thanks to anonymous, March  17, 2011) DroidDream
  29. DDream-1134752205946806451-Magic Hypnotic Spira_1325CDA147E97E7652B6CA1C751714C5l.apk (thanks to anonymous, March  17, 2011) DroidDream
  30. DDream-2048136751773114389-Super Sex Positions_15C80745529B1C4A6152A895D7E4DF5F.apk (thanks to anonymous, March  17, 2011) DroidDream
  31. DDream2786141717866676174-Task Killer Pro_745513A53AF2BEFE3DC00D0341D80CA6.apk  (thanks to anonymous, March  17, 2011) DroidDream
  32. Android.Bgserv  4e70abe0ae8a557f6623995bef1d9ba7 (thanks to anonymous, March  10, 2011) SMS sender Discovered March 9, 2011 “Android Market Security Tool”,  same or similar to Fake10086 (see below) Android.Bgserv Found on Fake Google Security Patch  | Symantec Technical details
  33. Collection of Symbian malware (see MD5 list below) (thanks to anonymous, March  10, 2011
  34. Collection of Java mobile malware (see MD5 list below) (thanks to anonymous, March  7, 2011)  SMS senders Java Mobile malware
  35. Trojan.Palm.Liberty 8f01a1d11c8957f6d53010bcaa862378 (thanks to anonymous, March  7, 2011)  Classics Palm OS malware
  36. Palm:Phage F66CCEB37023F947264ECC91BE7E0130 (thanks to anonymous, March  7, 2011)  Classics Palm OS malware
  37. Trojan.Palm.Vapor  5bdc5007948e97005b48f66314163516 (thanks to anonymous, March  7, 2011)  Classics Palm OS malware
  38. Symbian Cabir 11 variants (thanks to anonymous, March  7, 2011)  Symbian OS classics
  39. Doombot_1.sis 6b854f2171cca50f49d1ace2d454065a (thanks to anonymous, March 7, 2011) Classics - Symbian OS malware
  40. Mosquito.1_1.sis   799531e06e6aa19d569595d32d16f7cc (thanks to anonymous, March 7, 2011) Classics - Symbian OS malware
  41. Dust.exe  E51CC67B367AFDDE7C3C4782A4A42FE8 (thanks to anonymous, March 7, 2011)  first Pocket PC file infector 2004
  42. PMCryptic.exe 1aaf7d25100e3d53efca116cce68d89f  (thanks to anonymous, March 7, 2011) Windows CE malware - 2008
  43. Fake10086 8d574d94ba9445979723cfc810637fd84d4c06e1.apk 92A35477E104AB13DC3E6DA4155A09E2 (thanks to anonymous, March 6, 2011)  Fake10086 Security Alert 2011-03-04: Yet Another Repackaged Trojan "Fake10086" Leaks User Privacy
  44. steamy-PJAPPS.apk ffc5b89f5a4b4cda9eed89d3cad80d94  (thanks to anonymous, March 6, 2011) PJApps DroidDream variation
  45. FSCGAD_1.00.8.apk 8514c499f825ca5682a548081c2e6c61 (thanks to anonymous, March 6, 2011) Flexispy Android app, spyware to minitor calls and SMS
  46. InsideDroidDream.apk aa1f2dcdecba29a55050809aee030077 (thanks to anonymous, March 6, 2011) APK file (sqlite.db) found inside each DroidDream app
  47. MonkeyJump2.0.apk e0106a0f1e687834ad3c91e599ace1be (thanks to anonymous, March 4, 2011) Android malware with botnet-like capabilities (see another version of it below)
  48. bowlingtime droiddream d4fa864eedcf47fb7119e6b5317a4ac8 (thanks to Oren BarAd, March 4, 2011) - "DroidDream" Malware
  49. pornoplayer.apk 5b087aef1247591b1efe78032476bde7 (thanks to anonymous, March 3, 2011) “Porno Player” is a variant of the first Android Trojan - SMS trojan
  50. pornoplayer2.apk 46a53f4a6637e2807d79102a6a937c2e (thanks to anonymous, March 3, 2011) “Porno Player” is a variant of the first Android Trojan - SMS trojan
  51. SymbOS_Zitmo.A CERT.SIS  b1ce81affa43bf0e51637e702d908d55 (thanks to anonymous, March 3, 2011) Symbian malware propagated by ZeuS
  52. PMSW_V1.8_.apk 5895bcd066abf6100a37a25c0c1290a5 (thanks to anonymous, March 3, 2011) - repackaged version Android Steam Window version 1.8 (if you have the version featured by Symantec, please send) "DroidDream" Malware (i need to confirm it)
  53. myournet super.mp3ringtone.apk 63f26345ba76ef5e033ef6e5ccecd30d (thanks to anonymous submission, March 3, 2011)  "DroidDream" Malware
  54. myournet power.SuperSolo.apk ecad34c72d2388aafec0a1352bff2dd9 (thanks to anonymous submission, March 3, 2011) "DroidDream" Malware
  55. Trojan-SMS for Android FakePlayer  RUapk  fdb84ff8125b3790011b83cc85adce16 First trojan for Android
  56. SMS_Replicator_Secret.apk  615fe78f3a644cb63df8b7918fb8d503 SMS Replicator is an SMS spyware to allow an attacker to spy on the SMS
  57. SMStrojan-Tank_3d.jar  6fe6d19f61f2222421c2eda1f8c1dabe Java SMS Sender
  58. JavaMobileMalwareSMSsender.zip  7e92d280472ca426aff1c20fbeb8d2db Java SMS Sender
  59. ikeeB iphone 2a73926229457a3ec9611ec53a2e2249   6a2e406c9e084cf6eedb96addc7735ff  iPhoneOS/Ikee is the first worm to target the Apple iPhone
  60. Geinimi. 1299167838 swampy.sexpos.apk 6f347d4fb3a5577db51ef473cd81ffe5 Android malware with botnet-like capabilities

    Upload

    Upload files to the mobile malware mini-dump
    use infected' for the password
    add a few words describing what it is.. I will review the folder for spam or junk. Please do not upload junk just to test the functionality of the box. Trust me, it works. Thank you. - Mila

    Please see this presentation by Jaime Blasco - very interesting


    Automated Scans


    The virustotal details are posted for easier searching by the virus name. Use  your browser "Find on page" search (Ctrl+F) to locate any item from the boxes below.
    tr.apk ecbbce17053d6eaf9bf9cb7c71d0af8d Zitmo
    AntivirusVersionLast updateResult
    BitDefender7.22011.07.08Android.Trojan.SmsSpy.B
    Emsisoft5.1.0.82011.07.08Android!IK
    F-Secure9.0.16440.02011.07.08Trojan:Android/SmsSpy.B
    GData222011.07.08Android.Trojan.SmsSpy.B
    IkarusT3.1.1.104.02011.07.08Android
    Kaspersky9.0.0.8372011.07.08Trojan-Spy.AndroidOS.Smser.a
    NOD3262772011.07.08Android/Spy.SmsSpy.B
    Sophos4.67.02011.07.08Andr/SMSRep-B
    TrendMicro9.200.0.10122011.07.08AndroidOS_SMSREP.B
    TrendMicro-HouseCall9.200.0.10122011.07.08AndroidOS_SMSREP.B
    MD5: ecbbce17053d6eaf9bf9cb7c71d0af8d
    SHA1: c9368c3edbcfa0bf443e060f093c300796b14673
    SHA256: f6239ba0487ffcf4d09255dba781440d2600d3c509e66018e6a5724912df34a9
    File size: 19865 bytes
    Scan date: 2011-07-08 16:40:44 (UTC)


    _com.allen.txthej_1_1.0.apk f438ed38b59f772e03eb2cab97fc7685
    Submission date: 2011-07-04 01:36:16 (UTC)
    http://www.virustotal.com/file-scan/report.html?id=80612fe193401626268553c54a865e67b76311e782005ede2ba7a87a5d637420-1309743376
    Result: 1/ 42 (2.4%)
    F-Secure 9.0.16440.0 2011.07.04 Trojan:Android/DroidKungFu.B
    MD5   : f438ed38b59f772e03eb2cab97fc7685

    snake.apk 7937c1ab615de0e71632fe9d59a259cf
    Submission date: 2010-08-31 10:56:15 (UTC)
    http://www.virustotal.com/file-scan/report.html?id=6953fb1a1245c4bfaba98fd799a6222fde3567b7bf7380aca2a7ecf006c8c678-1283252175
    Result: 13 /43 (30.2%)
    Comodo 5921 2010.08.31 UnclassifiedMalware
    Emsisoft 5.0.0.37 2010.08.31 Riskware.Monitor.AndroidOS!IK
    eTrust-Vet 36.1.7828 2010.08.31 AndroidOS/TapSnake.A
    F-Secure 9.0.15370.0 2010.08.31 Trojan:Android/Tapsnake.A
    Ikarus T3.1.1.88.0 2010.08.31 not-a-virus:Monitor.AndroidOS
    Kaspersky 7.0.0.125 2010.08.31 not-a-virus:Monitor.AndroidOS.Tapsnake.a
    Microsoft 1.6103 2010.08.31 TrojanSpy:AndroidOS/Tapsnake.A
    Panda 10.0.2.7 2010.08.30 Android/TapSnake.A
    PCTools 7.0.3.5 2010.08.31 AndroidOS.Tapsnake
    Sophos 4.56.0 2010.08.31 Troj/TapSnake-A
    Symantec 20101.1.1.7 2010.08.31 AndroidOS.Tapsnake
    TrendMicro 9.120.0.1004 2010.08.31 AndroidOS_DROISNAKE.A
    TrendMicro-HouseCall 9.120.0.1004 2010.08.31 AndroidOS_DROISNAKE.A
    MD5   : 7937c1ab615de0e71632fe9d59a259cf

    org.expressme.love.ui.apk
    :24663299e69db8bfce2094c15dfd2325
    Submission date: 2011-06-16 17:01:48 (UTC)
    Result: 4/ 41 (9.8%)
    DrWeb 5.0.2.03300 2011.06.16 Android.SmsHider.1
    Kaspersky 9.0.0.837 2011.06.16 Backdoor.AndroidOS.Xsider.b
    TrendMicro 9.200.0.1012 2011.06.16 AndroidOS_SPYBAT.A
    TrendMicro-HouseCall 9.200.0.1012 2011.06.16 AndroidOS_SPYBAT.A
    MD5   : 24663299e69db8bfce2094c15dfd2325


    com.crazyapps.angry.birds.rio.unlocker-1.apk 106e27df8c0bdd78d668f9a3baab95c5

    Emsisoft 5.1.0.8 2011.06.14 Trojan.AndroidOS!IK
    Ikarus T3.1.1.104.0 2011.06.15 Trojan.AndroidOS
    Microsoft 1.6903 2011.06.13 Trojan:AndroidOS/Plankton.A
    NOD32 6208 2011.06.15 Android/Plankton.A
    Sophos 4.66.0 2011.06.15 Andr/Plankton-A
    TrendMicro 9.200.0.1012 2011.06.14 AndroidOS_ABRUNLOCKR.A
    TrendMicro-HouseCall 9.200.0.1012 2011.06.15 AndroidOS_ABRUNLOCKR.A
    MD5   : 106e27df8c0bdd78d668f9a3baab95c5

     com.keji.sendere.apk c3b9ed157b71fba7c01be4394c12cd01
    Submission date: 2011-06-06 10:47:08 (UTC)
    http://www.virustotal.com/file-scan/report.html?id=2ff8e74ffed70aacb6029f34fc2a68a7d778a0c169c808cf007bd4aa662b4a55-1307357228
    Result: 22/ 43 (51.2%)
    AntiVir 7.11.9.36 2011.06.06 EXP/Linux.Lotoor.G
    Antiy-AVL 2.0.3.7 2011.06.06 Exploit/Linux.Lotoor
    BitDefender 7.2 2011.06.06 Exploit.Android.Lotoor.C
    DrWeb 5.0.2.03300 2011.06.06 Android.BackDoor.1
    Emsisoft 5.1.0.5 2011.06.06 Exploit.Linux.Lotoor!IK
    F-Secure 9.0.16440.0 2011.06.06 Exploit:Linux/DroidRooter.B
    Fortinet 4.2.257.0 2011.06.06 ELF/Lotoor.G!exploit
    GData 22 2011.06.06 Exploit.Android.Lotoor.C
    Ikarus T3.1.1.104.0 2011.06.06 Exploit.Linux.Lotoor
    Kaspersky 9.0.0.837 2011.06.06 Exploit.Linux.Lotoor.g
    McAfee 5.400.0.1158 2011.06.06 Exploit-Android-Lotoor
    McAfee-GW-Edition 2010.1D 2011.06.06 Exploit-Android-Lotoor
    Microsoft 1.6903 2011.06.06 Exploit:Unix/Lotoor
    NOD32 6183 2011.06.06 Android/Exploit.RageCage.A
    nProtect 2011-06-06.01 2011.06.06 Exploit.Android.Lotoor.C
    Panda 10.0.3.5 2011.06.05 Trj/Lotoor.A
    Sophos 4.66.0 2011.06.06 Android Local Root Exploit
    TrendMicro 9.200.0.1012 2011.06.06 AndroidOS_LOTOOR.A
    TrendMicro-HouseCall 9.200.0.1012 2011.06.06 AndroidOS_LOTOOR.A
    VBA32 3.12.16.0 2011.06.06 Exploit.Linux.Lotoor.g
    VIPRE 9500 2011.06.06 Exploit.Linux.Lotoor (v)
    VirusBuster 14.0.68.0 2011.06.05 Exploit.Linux.Lotoor.A
    Additional informationShow all
    MD5   : c3b9ed157b71fba7c01be4394c12cd01



    DroidKungFu.B -com-aijiaoyou-android-sipphone-1005-1-0-5-apk 39d140511c18ebf7384a36113d48463d
    0/42  http://www.virustotal.com/file-scan/report.html?id=7513c6a11b88b87f528b88624d1b198b5bcc325864b328e32cc0d790b0bfc1c4-1307284301

2 comments:

  1. When I try to install 1.apk, I get a parse error.

    ReplyDelete
  2. Excellent compilation! I'm starting to analyse Android malware and this is perfect for me

    ReplyDelete