Clicky

Sunday, November 24, 2013

Jollyserv - Android Infostealer

Size: 438324
MD5:  2BE48FB3B8D89F64A18C459067AF3695

Research https://www.virustotal.com/en/file/31cb4d111c754077fcffaf44b5cdb220d2c12ab3e5d297e829072a79bb4cb44c/analysis/

The Trojan may then perform the following actions on the compromised device:
Send SMS messages to a premium number
Send SMS messages to all contacts
Intercept SMS messages

Next, the Trojan gathers the following information from the compromised device:
Phone number
List of running applications
Stored messages
System logs



Download. Email me if you need the password





SHA256: 31cb4d111c754077fcffaf44b5cdb220d2c12ab3e5d297e829072a79bb4cb44c
File name: xtube.apk
Detection ratio: 26 / 47
Analysis date: 2013-10-28 15:02:58 UTC ( 3 weeks, 6 days ago )

 Behavioural information
Antivirus Result Update
Comodo UnclassifiedMalware 20131028
F-Secure Trojan:Android/SmsSend.AT 20131028
VIPRE Trojan.AndroidOS.Generic.A 20131028
Kaspersky HEUR:Trojan-SMS.AndroidOS.Lijo.a 20131028
McAfee Artemis!2BE48FB3B8D8 20131028
McAfee-GW-Edition Artemis!2BE48FB3B8D8 20131028
TrendMicro-HouseCall ANDROIDOS_SMSSENDER.VTD 20131028
TrendMicro ANDROIDOS_SMSSENDER.VTD 20131028
TotalDefense AndroidOS/Tnega.JXIcWD 20131025
F-Prot AndroidOS/Agent.CQ 20131028
Commtouch AndroidOS/Agent.CQ 20131028
Ikarus AndroidOS.SMSAgent.IU 20131028
Avast Android:FakeInst-LH [Trj] 20131028
AntiVir Android/TrojanSMS.Agent.NB.Gen 20131028
ESET-NOD32 Android/TrojanSMS.Agent.NB 20131028
Fortinet Android/SMSSend.AZ 20131028
AVG Android/Generic 20131028
Emsisoft Android.Trojan.SMSSend.CL (B) 20131028
MicroWorld-eScan Android.Trojan.SMSSend.CL 20131028
BitDefender Android.Trojan.SMSSend.CL 20131028
GData Android.Trojan.SMSSend.CL 20131028
Kingsoft Android.Troj.at_jolly.a.(kcloud) 20130829
DrWeb Android.SmsSend.535.origin 20131028
CAT-QuickHeal Android.Lijo.A 20131028
AhnLab-V3 Android-Trojan/Agent 20131028
Sophos Andr/SMSSend-AZ 20131028

No comments:

Post a Comment