A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #27781  by Blaze
 Fri Jan 29, 2016 2:20 pm
LockDroid. (~PornDroid spinoff)

See also:
http://www.symantec.com/connect/blogs/a ... inistrator

Would be great if Symantec could provide some more (f)actual information.

Claims to be from the Ministry of Internal Affairs of the Russian Federation. Some samples attached.
Image
You do not have the required permissions to view the files attached to this post.
 #28022  by Xylitol
 Mon Mar 14, 2016 5:31 pm
gmbot
http://www.ibtimes.co.uk/google-android ... in-1545345
Archive leak: https://www.virustotal.com/en/file/c542 ... 459365791/

• dns: 1 ›› ip: 88.198.116.209 - adress: BIG-ASSMOVS.TK
• dns: 1 ›› ip: 88.198.116.209 - adress: FACEBOOK-VIDEO-DOWNLOAD.GQ
• dns: 1 ›› ip: 88.198.116.209 - adress: MOVIESEX.CF

https://www.virustotal.com/en/file/cab0 ... 457975774/
https://www.virustotal.com/en/file/3d22 ... 457976274/
https://www.virustotal.com/en/file/58a7 ... 458069950/
You do not have the required permissions to view the files attached to this post.
 #28157  by ajohnston9
 Wed Mar 30, 2016 5:21 pm
[quote="boni11"]Detail analysis of MazarBOT - locking and erasing the device.
Analysis of new MazarBOT stealing credit cards in Italy.

I've gone through the binary of this bot and can elaborate a bit more:

It seems to go through and exfiltrate vital information from the phone: IMEI, Phone number, installed apps, etc. In addition, it uploads every new text message to its C&C server (running as a hidden service). It appears that it can also take commands sent to it via pinging the C&C server or possibly via text.

There are now multiple variants of this particular virus, all with similar tricks to get a user to install it.
 #28373  by Mosh
 Fri Apr 22, 2016 10:04 pm
A new image for this Ransomware:

MD5: 825da14a0a6a4528b3fcf6e656a3f463
SHA1: e5bdd38eb212354a484fd8ba1702de97238b04d4
SHA256: 0daee2e56a7a79e15dcb804a211453718c844f8d7688b87337dcfb8f1063722f

Image
You do not have the required permissions to view the files attached to this post.
 #28471  by geoffreyvdb
 Tue May 10, 2016 11:52 am
You do not have the required permissions to view the files attached to this post.
  • 1
  • 7
  • 8
  • 9
  • 10
  • 11