hnpl2011 wrote:I Looking for two Android.Sumzand:Attached.
384fe8649c6e11083c19fc25fe9fcd1f
6850fa8f9495d96e7355cca7f9dee89a
Thank :)
Attachments
(64.4 KiB) Downloaded 128 times
A forum for reverse engineering, OS internals and malware analysis
Keep Low. Move Fast. Kill First. Die Last. One Shot. One Kill. No Luck. Pure Skill.
http://p4r4n0id.com/
http://p4r4n0id.com/
Attached
https://www.virustotal.com/file/2c139b3 ... 355736686/
https://www.virustotal.com/file/0146c73 ... 355736690/
https://www.virustotal.com/file/c53f732 ... 355736688/
https://www.virustotal.com/file/2c139b3 ... 355736686/
https://www.virustotal.com/file/0146c73 ... 355736690/
https://www.virustotal.com/file/c53f732 ... 355736688/
Attachments
infected
(508.21 KiB) Downloaded 115 times
(508.21 KiB) Downloaded 115 times
infected
(656.21 KiB) Downloaded 125 times
(656.21 KiB) Downloaded 125 times
Hello,
I'm looking for a sample of
Trojan:Android.FinFisher
Description (german http://www.heise.de/newsticker/meldung/ ... om/related)
Thanks
I'm looking for a sample of
Trojan:Android.FinFisher
Description (german http://www.heise.de/newsticker/meldung/ ... om/related)
Thanks
Sorry for posting a new request, but the old one wasn't replied correctly
I'm looking for a sample of
Trojan: >>Android<< .FinFisher
Please NO Windows version
Thanks
I'm looking for a sample of
Trojan: >>Android<< .FinFisher
Please NO Windows version
Thanks
sorry my mistake.
https://www.virustotal.com/file/72a522d ... /analysis/
https://www.virustotal.com/file/72a522d ... 350562520/
thanks to mila
https://www.virustotal.com/file/72a522d ... /analysis/
https://www.virustotal.com/file/72a522d ... 350562520/
thanks to mila
Attachments
passwd: "infected"
(226.24 KiB) Downloaded 124 times
(226.24 KiB) Downloaded 124 times
Looking for Perkele Lite android malware sample
http://www.f-secure.com/weblog/archives/00002519.html
Warm Regards
Leeno
http://www.f-secure.com/weblog/archives/00002519.html
Warm Regards
Leeno
Currently being served up in a spam campaign, subject line of "Hot News":
http://www.infosecurity-magazine.com/vi ... um=twitter
Example URLs:
hxxp://www.ceipjuandelacosa.es/xbnawwq/yqvjsycp/qlzgqergbpcrf
hxxp://www.alive-jugo.de/txoc/ohbwwhrdifcs/wvvennwrhkhru
hxxp://www.foto-saul.de/pjppdf/pxpyoicoyas/jpkhlsvjtmto
hxxp://akgunhakan.com/xirbgex/purjevbfzyrcchm?pappeuykctexb
URLs are the start of a 3 tier redirect chain, which will redirect to hxxp://androidcloudsecurityupdate.su if an Android UAS is detected.
The next two redirects follow if the correct referrer and UAS detected:
hxxp://androidcloudsecurityupdate.su/fixup.php
hxxp://androidcloudsecurityupdate.su/fixup2.php <-- serves security.update.apk
If a non-Android UAS is used, it simply serves up generic web spam.
Decrypted config file - C2 servers:
24377710093445.su:443
tazmanski.ru:443
20/45 https://www.virustotal.com/en/file/2df2 ... /analysis/
http://www.infosecurity-magazine.com/vi ... um=twitter
Example URLs:
hxxp://www.ceipjuandelacosa.es/xbnawwq/yqvjsycp/qlzgqergbpcrf
hxxp://www.alive-jugo.de/txoc/ohbwwhrdifcs/wvvennwrhkhru
hxxp://www.foto-saul.de/pjppdf/pxpyoicoyas/jpkhlsvjtmto
hxxp://akgunhakan.com/xirbgex/purjevbfzyrcchm?pappeuykctexb
URLs are the start of a 3 tier redirect chain, which will redirect to hxxp://androidcloudsecurityupdate.su if an Android UAS is detected.
The next two redirects follow if the correct referrer and UAS detected:
hxxp://androidcloudsecurityupdate.su/fixup.php
hxxp://androidcloudsecurityupdate.su/fixup2.php <-- serves security.update.apk
If a non-Android UAS is used, it simply serves up generic web spam.
Decrypted config file - C2 servers:
24377710093445.su:443
tazmanski.ru:443
20/45 https://www.virustotal.com/en/file/2df2 ... /analysis/
Attachments
infected
(13 KiB) Downloaded 108 times
(13 KiB) Downloaded 108 times
Do you have the complete network trace in pcap format . Would appreciate help on the pcap trace for cnc communication described by you