Root Exploit - ITFUNZ Lotoor

 
Name:               ITFUNZ 
MD5:          951c8a2efbe2acafeb351525d5bd52e2
MD5:          81614d2c1175ee32a6967d13630be8a9
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download 951c8a2efbe2acafeb351525d5bd52e2 (password infected)
Download  81614d2c1175ee32a6967d13630be8a9 (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

PJApps.A - Mediaplayer - SMS-Trojan

 
Name:                Mediaplayer (goes under different names)
MD5:                c05d4ff1a80f18ba9d8a86afd88bc05d
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011  

Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



some other related apps might be here

http://www.webgameboy.com/HTC-T5252/xiazai-14864.html

Related research: Cryptography for mobile malware obfuscation Axelle Apvrille

Kmin - Wallpaper Changer- Infostealer

MD5:          
   231696ffdf8d00c9d09af7fb85b4991d
MD5:                 be63349846165811da4e3444c5d15dea
MD5:                  2289293578008531755462e4e88afc17

MD5:                  8a0c4006157c766a08c313fa2143f1fe
MD5:                  3284493FB26FFCE5A1C23AF6B2383B6D
MD5:                  b5444e6c3c8376f7d2eccb974f31c7c3
MD5:                 b1c866ff733a3cb89bc101878e41523e
MD5:                  0f182524c0fe8ff999bfa3d63c9a9e97



Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011 

1. Download  231696ffdf8d00c9d09af7fb85b4991d (password infected)
2. Download be63349846165811da4e3444c5d15dea (password infected) 
3. Download 2289293578008531755462e4e88afc17 (password infected) 
4. Download 8a0c4006157c766a08c313fa2143f1fe (password infected) 
5. Download 3284493FB26FFCE5A1C23AF6B2383B6D (password infected) 
6. Download b5444e6c3c8376f7d2eccb974f31c7c3 (password infected)
7. Download  b1c866ff733a3cb89bc101878e41523e (password infected)
8. Download 0f182524c0fe8ff999bfa3d63c9a9e97 (password infected)
   

or Download an archive with all the files donated on Oct. 21. 2011


It appears data is going to http://su.5k3g.com/portal/m/c5/0.ashx

Geinimi-A BS2010

Name:             BS2010  
File Name:        com.gamevil.bs2010.BS2010
MD5:             0da3484a20c85c0489fea8f53316b53c
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Geinimi-B - GoldenMiner

 
Name:                 GoldMiner   
File Name:         com.handcn.GoldMiner.free.GoldMiner
MD5:                025a55c1bcbd3be2ca03aa314ce9a4c2
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

BaseBridge-C

 
Name:                    Basebridge - C
File Name:             com.sec.android.bridge
MD5:                    b6847521b548b806cf5e4f71b687ec26



Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Android Local Root Exploit - Lotoor - App2card

 
Name:                    Lotoor
File Name:         com.aps.hainguyen273.app2card    
MD5:                   AFD12639E21C1884D33737ABA0BC43EE
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011

PJApps.B - Girl Mahjong Android

 
Name:                    App2SD
File Name:             com.rainbow.FMaj
MD5:                      8353cad68f4d2b443b33bb2f32f2412d
MD5:                      89BB300CC1BF0B27C582327588EA7377
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download 8353cad68f4d2b443b33bb2f32f2412d (password infected)
Download 89BB300CC1BF0B27C582327588EA7377  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Kmin-B - App2SD for Android

 
Name:                    App2SD
File Name:             com.aps.hainguyen273.app2card.apk
MD5:                     9783aa70949043bb7aaa205a31b42022
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 


Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011

Battery Doctor Android scareware/infostealer

 
Name:                    Battery Doctor scareware/infostealer
File Name:             BatteryDoctor.apk
MD5:                     DF4595EE727706D2CFDB7C9A1FE9E079
Sample Credits:     many thanks to Sanjay, October 18, 2011
Research:              Sleazy Ads on Android Devices Push Bogus 'Battery Upgrade' Warnings Tom Spring, PCWorld

Download  (pass infected)

Android anserverbot malware Anserver.apk + payload b.apk

Name:                   Payload of the Android anserverbot malware - b.apk and 002f537027830303e2205dd0a6106cb1b79fa704(AnserverBot).apk
File Name:            b.apk decoded from  from http://blog.sina.com.cn/s/blog_8440ab780100t0nf.html
MD5:                     164A147B663248558E4B6A287A429139
Sample Credits:     many thanks to Madalina Baltatu October 17, 2011
Research:              NetQuin A Technical Analysis of the AnserverBot Trojan

Download b.apk  (pass infected)

Download Anserverbot.apk  pass infected

Fake Netxflix - Android trojan info stealer

Name:                    Fake NetFlix
File Name:             com.netflix.mediaclient-1w.apk
MD5:                     83C6414C9C7964F4FB88E0D2477C20E4
Sample Credits:     many thanks to Sanjay, October 13, 2011
Research:              Symantec blog: Will Your Next TV Manual Ask You to Run a Scan Instead of Adjusting the Antenna?

Download  (password infected)

Jimm ICQ SMS-Trojan pushed by malicious QR codes

 Russian internet lanscape is fertile not only for windows malware but also for mobile.
There are plenty of SMS trojan variants lurking on sites offering their 'versions' of popular software. A quick search for phone freeware brought a bunch of java and apk sms senders and questionable apps.
Here is one for example http://www.virustotal.com/file-scan/report.html?id=c8263e24046f2902e9c8639a89c2f3da5bbdba4055028b5cc9291143994726e5-1317426885
 I will post all the harvested sms senders in one post after this


Name:                    Jimm ICQ for Android and other phones (jar)
File Name:   
         
File: jimm.apk
MD5:  37A46AEC9AA86831FAA3DDB6B05A05F8
 File: jimm2s.jar
MD5:  B409DB1963DE4287FEB542377B0FE3A1

Sample Credits:     many thanks to anonymous, Sept 30, 2011
Research:              Malicious QR Codes Pushing Android Malware by Denis - Kaspersky Lab

Download  (pass infected)

Ikee iPhone worm

 Adding IkeeD to IkeeB sample we already had. See both below

Name:                   Ikee
File Name:            
Duh - iKeeB
poc-bbot - IkeeD
 
MD5:                    
2a73926229457a3ec9611ec53a2e2249 - IKeeB
24663299e69db8bfce2094c15dfd2325 - IkeeD
Sample Credits:     many thanks to Alberto Ortega, sept 30, 2011
Research:              
An Analysis of the iKee.B (Duh) iphone Botnet Phillip Porras, Hassen Saidi, and Vinod Yegneswaran - SRI
Microsoft June 2010 Backdoor:iPhoneOS/Ikee.D

Download iKeeB and iKeeD (pass infected)

Gone in 60 seconds - Android spyware

Name:                    Gone in 60 seconds
File Name:             
com.gone60-1.apk
com.gone602-1.apk
com.gone603-1.apk
com.gone604-1.apk
com.gone605-1.apk
MD5:                     
859CC9082B8475FE6102CD03D1DF10E5
8D4018A73A35E079ABA1D0FD8A06E522
CB236442CF93A47BC15E3F312F097992
F259DEAAB9A14ECD4AA4107BE9BDA6FD
B99BA24A35C7A49E65D41FFC6B1282BE
Sample Credits:     many thanks to Jason Ross, Sept.29, 2011
Research:            
All data stored on your smartphone ….. gone in 60 seconds by Vlad Constantin ILIE, BitDefender Malware Researcher

AVG Malware information: Gone in 60 Seconds

Download  (pass infected)

Show me your Kung-Fu. Reversing/Forensic Android by Sebastian Guerrero | Malware Intelligence

Show me your Kung-Fu. Reversing/Forensic Android

 

DroidDreamLight - new variant found in a China-based third-party app

Name:                    DroidDreamLight
File Name:             com.button.phone_91595200_0.apk
MD5:                     3D9472D792019E40605ABFA9CB22FBA5
Sample Credits:   many thanks to anonymous, Sept 22, 2011
Research:             Sep16 Massive Code Change for New DroidDreamLight Variant Trend Micro
found in this Android store

Download (pass infected)

Spyeye for Android

Name:                    Spyeye for Android
File Name:             spitmo_cfa9edb8c9648ae2757a85e6066f6515_simseg.apk
MD5:                      cfa9edb8c9648ae2757a85e6066f6515
Sample Credits:     many thanks to evilcry, September 14, 2011
 First SpyEye Attack on Android Mobile

Research:

• First SpyEye Attack on Android Mobile Trusteer
• Malware Analysis: ZitMo Trojan for AndroidOS by Dhawal Desai, Kindsight Security Labs
•  Clash of the Titans 2 – The Rematch: Zitmo (Zeus) v Spitmo (SpyEye)

Download  (pass infected)

See you soon

I will be away until Sept 17. If you would like to share a mobile
malware sample, please email it to me or if you can, use the upload  box
(this way it becomes accessible to others via this link)

DroidDeluxe - root exploit

Name:                    DroidDeluxe - root exploit
File Name:             DroidDeluxe.rar (apk components inside)
MD5:                      bbb6f9a1aad8cc8c38d4441bac4852c0
Sample Credits:     Roberto Rogunix rogunix.com
Research:              Security Alert: New Root-Capable DroidDeluxe Malware Found in Alternative Android Markets
Attribution note: Many German file names  :)

Download  (pass infected)