SecApk Android sample

Research: Avast. The Gray-zone of malware detection in Android OS

Sample Credit: Steven Chen

File: com.fdhgkjhrtjkjbx.model.apk
Size: 2514506
MD5:  3D7E04E37DB833F47D08975E27C69A9C

Download. Email me if you need the password

MobiDash Android Adware samples

Research: Avast. Apps on Google Play Pose As Games and Infect Millions of Users with Adware

Sample Credit: Mario Bono

 8C524CB2AE42F7F01FCBAF0B1FAC9FCC
788FC58A662D815C3B2B49FAFDB8BDCA
2CC4C6FBD486903ACF783FEFC018411E

Download. Email me if you need the password

DSEncrypt Android sample

Research: Fireye. What are you doing? – DSEncrypt Malware
Sample Credit: Claud Xiao

Size: 1794848
MD5:  568D40CCD7B91951715AC4079A860128


Download. Email me if you need the password

Android Hideicon malware samples

Research: CheetaMobile. Hideicon malware hits Google Play

Sample credit: Tim Vidas


File: com.onlygoodcompass.wedoourbest.apk
Size: 4218889
MD5:  AACD2F0E1ADE197A45D3AF3814E4A6CE

File: com.keloidscaretissue.QuxiFlashlisht.apk
Size: 6111068
MD5:  71D09D5FC4AC84EB806CFA84594DF13E

File: com.keloidscaretissue.Quxicompass.apk
Size: 7626975
MD5:  31EDF48A0F9377CE11B8E1957AD678C8

File: com.keloidscaretissue.puzzle2048.apk
Size: 5318883
MD5:  F7CA6BB3336A1452FE965D6FC0B248DC

File: com.flashlightcompass.wedoourbest.apk
Size: 4689773
MD5:  8CBB1BD7DC44CBBE068947FD2C3BFD03

Download. Email me if you need the password

Android PoisonCake sample

Research:  AVLTeam: PoisonCake In the ROM (English Version)

Sample Credit: Baron Pan

File: dm
Size: 379256
MD5:  8A54A619B7B00B1103826630D2A08EF5

http://blog.avlyun.com/

Download. Email me if you need the password

The Interview movie app - Android banking trojan sample

Research: Fake “The Interview” app is really an Android banking trojan by Graham Cluley | December 27, 2014

Sample credit: Mario Bono

File: com.movieshow.down.apk
Size: 2236959
MD5:  0882C94E141B2B000B8805D51722F70D

Download. Email me if you need the password

Android FBI Ransomlocker sample

Research: Emerging threats. FBI ransomlocker

File: FBI_ransomlocker_645A60E6F4393E4B7E2AE16758DD3A11
MD5:  645a60e6f4393e4b7e2ae16758dd3a11

Download. Email me if you need the password

Android SMS worm sample

Research: Fireeye. SMS Worm Runs Wild in Singapore


File: sms-worm_F6D3A35BE0366EB994A0425A15871F5B
Size: 2666008
MD5:  F6D3A35BE0366EB994A0425A15871F5B\

Download. Email me if you need the password

Infected HTML Files (Windows malware) in Android Apps - samples

Research: Malwarebytes: Infected HTML Files Bundled in Android Apps

name	MD5
air.ELA4.A0	0196BA842449CDEDD5C22AB5037D2022
air.ELA4.A0	0AD96A161E350D709B216FE0046D6ADB
air.ELA4.A0	2D31F784B43F70DE1C7D935BD9FE64CE
air.ELA4.A0	5E1249EACD38108F154F4052F62AACEB
air.ELA4.A0	6331C7053A63ABA6635C4ABE741D46F8
air.ELA4.A0	9502CE34A896C67B54DE50628F272258
air.ELA4.A0	DBAC184F71C79E1E79ACE356A37C6C67
com.amd.menggambar	759F7EC766C6203AA331E00B8FDDAF5C
com.amd.tebaktimnas	BE0788A38153562C63B0F711130AC054
com.aviatosystems	786339A22AED23AE699458FB2A5DB565
com.aviatosystems	929E2F4F59985E2D2517FEB730EC8750
com.aviatosystems	65D456B0FAB474457E5BA33852E227B0

Download. Email me if you need the password.

Android BankBot.34. using Tor

Research: Dr. Web Android.BankBot.34.origin

MD5 08aaa6d38cdbb20b651a6dbb892eb000
SHA-1 6005341dc5e30898f63ba134a2c366babe986a14
SHA-256  a51af8022b684d2c3598aa44224c25ab73159ae68adec05d514918dd6b30b008
ssdeep 49152:qrn9O5dzxb4PcGe7VtepeMQlHNyW+G7KZDH0:yChxb4/enepeMQp+P0
Size 3.8 MB (3940824 bytes)


Download file bankbot34_classes.zip. Email me if you need the password (New Link)

Assassins Creed - Android infostealer

Research: ZScaler - Trojanized and Pirated Assassins Creed app 

File: 3E076979644672A0EF750A4C3226F553_assassins_creed.apk
MD5:  3e076979644672a0ef750a4c3226f553
Size: 3411513

Download. Email me if you need the password

Cloud Atlas / Inception APT - Blackberry samples

Research:
Blue Coat. Inception APT Framework
Kaspersky.  Cloud Atlas: RedOctober APT is back in style

File: 4e037e1e945e9ad4772430272512831c_WhatsAppUpdate.deb

MD5:  4e037e1e945e9ad4772430272512831c

Size: 1238788

File: 0FB60461D67CD4008E55FECEEDA0EE71
Size: 69888
MD5:  0FB60461D67CD4008E55FECEEDA0EE71

File: 60DAC48E555D139E29EDAEC41C85E2B4
Size: 41564
MD5:  60DAC48E555D139E29EDAEC41C85E2B4

Download. Email me if you need the password

Cloud Atlas / Inception iOS - WhatsAppUpdate.deb

Research:
Blue Coat. Inception APT Framework
Kaspersky.  Cloud Atlas: RedOctober APT is back in style

File: 4e037e1e945e9ad4772430272512831c_WhatsAppUpdate.deb

MD5:  4e037e1e945e9ad4772430272512831c

Size: 1238788

Download. Email me if you need the password

Android.Cloudatlas.A / Inception APT iOS sample - targeting jailbroken devices

Research:
Blue Coat. Inception APT Framework
Kaspersky.  Cloud Atlas: RedOctober APT is back in style

iOS malware targeting jailbroken devices

Sample Credit: Claud Xiao

File: iPhoneOS_Cloudatlas_a_ e30b70974bb05ea1cbf7279e71bddb81
MD5:  e30b70974bb05ea1cbf7279e71bddb81
Size: 1166720

Download. Email me if you need the password

DroidJack RAT - Androrat - Android - Sample

Research: Symantec: DroidJack RAT: A tale of how budding entrepreneurism can turn to cybercrime

Sample credit: Paul Burbage and Fran

File: SandroRat.apk
Size: 215839
MD5:  3BCCA99E4D99B4CF733D8EBB79D35782


Download. Email me if you need the password

Coolpad Android Devices - CoolReaper files / samples

Research: CoolReaper Revealed: A Backdoor in Coolpad Android Devices by
 Claud Xiao and Ryan Olson

Report download : https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-cool-reaper.pdf

Sample Credit:  Claud Xiao

Download the files listed below (email me if you need the password) - 825MB zip









List of included files (2,825 Files 1.4 GB):

Deathring, preloaded Android malware sample

Research: Lookout. DeathRing: Pre-loaded malware hits smartphones for the second time in 2014

Sample credit: Tim Strazzere

File: com.android.Materialflow.apk
Size: 95024
MD5:  1E799AC26231D64DD496353FB78A5C46


Download. Email me if you need the password

Notcompatible.C Android sample

Research: Lookout: The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks

Whitepaper NOTCOMPATIBLE.C A Sophisticated Mobile Threat that Puts Protected Networks at Risk

Sample credit: Tim Strazzere

File: com.security.patch.apk
Size: 64808
MD5:  FEACE958B47C2249C6AB8DDF804CDCB6

Download. Email me if you need the password

Android Appinventor Trojan Bankers

Research: Securelist Fabio Assolini  Brazilian Trojan Bankers – now on your Android Play Store!
Sample credit: Fabio Assolini


appinventor.ai_funayamajogos.BancodoBrasil_5.72.apk
Size: 1802104
MD5:  A18AC7C62C5EFD161039DB29BFDAA8EF



File: appinventor.ai_funayamajogos.Caixa_1.3.2.apk
Size: 1410959
MD5:  00C79B15E024D1B32075E0114475F1E2

Download. Email me if you need the password.

Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples

PART II

Wirelurker for Windows (WinLurker)

Research: Palo Alto Claud Xiao: Wirelurker for Windows

Sample credit: Claud Xiao



Part I
Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X Malware

Palo Alto |Claud Xiao - blog post Wirelurker

Wirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector

Sample credit: Claud Xiao

Download

Download Part I
Download Part II

Email me if you need the password

List of files

Part II

s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd

apps.ipa 54d27da968c05d463ad3168285ec6097
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a

zlib1.dll c7d4d685a0af2a09cbc21cb474358595

│   apps.ipa
│   σ╛«σìÜ 3.4.1.dmg
│
└───WhatsAppMessenger 2.11.7
            libiconv-2_.dll
            libxml2.dll
            libz_.dll
            mfc100u.dll
            msvcr100.dll
            WhatsAppMessenger 2.11.7.exe
            zlib1.dll
            使用说明.txt

Part I
List of hashes 

BikeBaron 15e8728b410bfffde8d54651a6efd162
CleanApp c9841e34da270d94b35ae3f724160d5e
com.apple.MailServiceAgentHelper dca13b4ff64bcd6876c13bbb4a22f450
com.apple.appstore.PluginHelper c4264b9607a68de8b9bbbe30436f5f28
com.apple.appstore.plughelper.plist 94a933c449948514a3ce634663f9ccf8
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.itunesupdate.plist 83317c311caa225b17ac14d3d504387d
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.MailServiceAgentHelper.plist e6e6a7845b4e00806da7d5e264eed72b
com.apple.periodic-dd-mm-yy.plist bda470f4568dae8cb12344a346a181d9
com.apple.systemkeychain-helper.plist fd7b1215f03ed1221065ee4508d41de3
com.apple.watchproc.plist af772d9cca45a13ca323f90e7d874c2c
FontMap1.cfg 204b4836a9944d0f19d6df8af3c009d5
foundation 0ff51cd5fe0f88f02213d6612b007a45
globalupdate 9037cf29ed485dae11e22955724a00e7
globalupdate 9037cf29ed485dae11e22955724a00e7
itunesupdate a8dfbd54da805d3c52afc521ab7b354b
libcrypto.1.0.0.dylib 4c5384d667215098badb4e850890127b
libcrypto.1.0.0.dylib 3b533eeb80ee14191893e9a73c017445
libiconv.2.dylib 94f9882f5db1883e7295b44c440eb44c
libiconv.2.dylib fac8ef9dabdb92806ea9b1fde43ad746
libimobiledevice.4.dylib c596adb32c143430240abbf5aff02bc0
libimobiledevice.4.dylib 5b0412e19ec0af5ce375b8ab5a0bc5db
libiodb.dylib bc3aa0142fb15ea65de7833d65a70e36
liblzma.5.dylib 5bdfd2a20123e0893ef59bd813b24105
liblzma.5.dylib 9ebf9c0d25e418c8d0bed2a335aac8bf
libplist.2.dylib 903cbde833c91b197283698b2400fc9b
libplist.2.dylib 109a09389abef9a9388de08f7021b4cf
libssl.1.0.0.dylib 49b937c9ff30a68a0f663828be7ea704
libssl.1.0.0.dylib ab09435c0358b102a5d08f34aae3c244
libusbmuxd.2.dylib e8e0663c7c9d843e0030b15e59eb6f52
libusbmuxd.2.dylib 9efb552097cf4a408ea3bab4aa2bc957
libxml2.2.dylib 34f14463f28d11bd0299f0d7a3985718
libxml2.2.dylib 95506f9240efb416443fcd6d82a024b9
libz.1.dylib 28ef588ba7919f751ae40719cf5cffc6
libz.1.dylib f2b19c7a58e303f0a159a44d08c6df63
libzip.2.dylib 2a42736c8eae3a4915bced2c6df50397
machook 5b43df4fac4cac52412126a6c604853c
machook ecb429951985837513fdf854e49d0682
periodicdate aa6fe189baa355a65e6aafac1e765f41
pphelper 2b79534f22a89f73d4bb45848659b59b
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36

sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102
start.sh 3fa4e5fec53dfc9fc88ced651aa858c6
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097
watch.sh 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c
start.sh 9adfd4344092826ca39bbc441a9eb96f

File listing

├───databases

│       foundation

│

├───dropped

│   ├───version_A

│   │   │   com.apple.globalupdate.plist

│   │   │   com.apple.machook_damon.plist

│   │   │   globalupdate

│   │   │   machook

│   │   │   sfbase.dylib

│   │   │   watch.sh

│   │   │

│   │   ├───dylib

│   │   │       libcrypto.1.0.0.dylib

│   │   │       libiconv.2.dylib

│   │   │       libimobiledevice.4.dylib

│   │   │       liblzma.5.dylib

│   │   │       libplist.2.dylib

│   │   │       libssl.1.0.0.dylib

│   │   │       libusbmuxd.2.dylib

│   │   │       libxml2.2.dylib

│   │   │       libz.1.dylib

│   │   │

│   │   ├───log

│   │   └───update

│   ├───version_B

│   │       com.apple.globalupdate.plist

│   │       com.apple.itunesupdate.plist

│   │       com.apple.machook_damon.plist

│   │       com.apple.watchproc.plist

│   │       globalupdate

│   │       itunesupdate

│   │       machook

│   │       start

│   │       WatchProc

│   │

│   └───version_C

│       │   com.apple.appstore.plughelper.plist

│       │   com.apple.appstore.PluginHelper

│       │   com.apple.MailServiceAgentHelper

│       │   com.apple.MailServiceAgentHelper.plist

│       │   com.apple.periodic-dd-mm-yy.plist

│       │   com.apple.systemkeychain-helper.plist

│       │   periodicdate

│       │   stty5.11.pl

│       │   systemkeychain-helper

│       │

│       └───manpath.d

│               libcrypto.1.0.0.dylib

│               libiconv.2.dylib

│               libimobiledevice.4.dylib

│               libiodb.dylib

│               liblzma.5.dylib

│               libplist.2.dylib

│               libssl.1.0.0.dylib

│               libusbmuxd.2.dylib

│               libxml2.2.dylib

│               libz.1.dylib

│               libzip.2.dylib

│

├───iOS

│       sfbase.dylib

│       sfbase_v4000.dylib

│       sfbase_v4001.dylib

│       start

│       stty5.11.pl

│

├───IPAs

│       7b9e685e89b8c7e11f554b05cdd6819a

│       pphelper

│

├───original

│       BikeBaron

│       CleanApp

│       FontMap1.cfg

│       start.sh

│

└───update

        start.sh

        update