Clicky

Sunday, November 24, 2013

Usbcleaver - Android infostealer (from Windows PC)

Usbcleaver 283D16309A5A35A13F8FA4C5E1AE01B1
Usbcleaver C22C068EAEE7AD7FD4FD015CD50045DB

Research http://www.symantec.com/security_response/writeup.jsp?docid=2013-062010-1818-99

Functionality
When the device is connected to a Windows computer that does not have autorun disabled, the Trojan then gathers information from the computer, including:
Default gateway
DNS
Google Chrome password
Host name
IP address
Microsoft Internet Explorer password
Mozilla Firefox password
Physical address
Subnet mask
WiFi password

It then stores the above information in the following location, which a remote attacker can retrieve at a later stage:
/sdcard/usbcleaver/logs/

Download. Email me if you need the password.






https://www.virustotal.com/en/file/08db067f2a8c1d2b2f3b85643f9642d08c86dcfc98a661796dbcb52303922f33/analysis/
SHA256: 08db067f2a8c1d2b2f3b85643f9642d08c86dcfc98a661796dbcb52303922f33
File name: USB_Cleaver1.3r1.apk
Detection ratio: 27 / 47
Analysis date: 2013-10-28 09:04:56 UTC ( 3 weeks, 6 days ago )
Comodo UnclassifiedMalware 20131028
NANO-Antivirus Trojan.UsbCleaver.caikhb 20131028
Rising Trojan.UNIX.AndroidUCleaver.b 20131025
VIPRE Trojan.AndroidOS.Generic.A 20131028
TrendMicro-HouseCall TROJ_GEN.F47V0322 20131028
DrWeb Tool.UsbCleaver.1.origin 20131028
Symantec Infostealer 20131028
Kaspersky HEUR:HackTool.AndroidOS.UsbCleaver.a 20131028
Baidu-International HackTool.AndroidOS.UsbCleaver.amf 20131028
Ikarus Hacktool.AndroidOS.USBCleaver 20131028
F-Secure Hack-Tool:Android/UsbCleaver.A 20131028
McAfee Artemis!283D16309A5A 20131028
McAfee-GW-Edition Artemis!283D16309A5A 20131028
TrendMicro ANDROIDOS_USBCLEAVER.A 20131028
F-Prot AndroidOS/UsbCleaver.A 20131028
Commtouch AndroidOS/GenBl.283D1630!Olympus 20131028
Avast Android:UsbCleaver-A [PUP] 20131028
AntiVir Android/UsbCleaver.a.1 20131028
ESET-NOD32 Android/UsbCleaver.A 20131028
AVG Android/USBCleaver 20131028
Emsisoft Android.Hacktool.UsbCleaver.A (B) 20131028
MicroWorld-eScan Android.Hacktool.UsbCleaver.A 20131028
GData Android.Hacktool.UsbCleaver.A 20131028
Kingsoft Android.ADWARE.Agent.ac.(kcloud) 20130829
AhnLab-V3 Android-AppCare/UsbCleaver 20131028
Sophos Android USB Cleaver 20131028
ClamAV Andr.Spyware.USBCleaver 20131028

No comments:

Post a Comment