Clicky

Monday, February 6, 2012

Fake SuiConFo.apk - Foncy - Android Trojan SMS

Update: February 6, 2012
File: 56033daef6a020d8e64729acb103f818
Name: FoncySMS
MD5:  56033DAEF6A020D8E64729ACB103F818
Sample Credit:  S.Guerrero February 5, 2012
Research: The Butterfly Effect of a Boundary Check by Sergei Shevchenko



Download - Password infected


Download extracted files

  • /data/data/com.android.bot/files/header01.png (ELF executable).
  • /data/data/com.android.bot/files/footer01.png (ELF executable).
  • /data/data/com.android.bot/files/border01.png (Android app - an APK File).





==========================================================================
Name:                    SuiConFo.apk
MD5:                     1a3fb120e5a4bd51cb999a43e2d06d88
Sample Credits:     many thanks to Ian French, December 8, 2011
Research:           Kaspersky: SMS Trojans: all around the world



Download  - password infected



SHA256:     213e042b3d5b489467c5a461ffdd2e38edaa0c74957f0b1a0708027e66080890
SHA1:     60483948b65c7a87fddd1342999d816dc559b5e5
MD5:     56033daef6a020d8e64729acb103f818
File size:     5.2 MB ( 5457274 bytes )
File name:     56033daef6a020d8e64729acb103f818
File type:     ZIP
Detection ratio:     18 / 43
Analysis date:     2012-02-03 00:25:01 UTC ( 3 days, 12 hours ago )
Antiy-AVL     Trojan/AndroidOS.Foncy     20120202
Avast     Android:Foncy-B [Trj]     20120202
BitDefender     Android.Trojan.Foncy.A     20120203
Emsisoft     Trojan.AndroidOS.FoncySms!IK     20120203
eTrust-Vet     Linux/IrcBot.A     20120202
F-Secure     Trojan:Android/SMSFoncy.A!mfb     20120202
Fortinet     Android/Foncy.B!tr     20120202
GData     Android.Trojan.Foncy.A     20120202
Ikarus     Trojan.AndroidOS.FoncySms     20120202
Kaspersky     HEUR:Trojan-SMS.AndroidOS.Foncy.a     20120203
Microsoft     Trojan:AndroidOS/FoncySms.A     20120202
NOD32     Android/TrojanSMS.Agent.AJ     20120203
PCTools     Android.FoncySMS     20120201
Symantec     Trojan.Gen.2     20120202
TrendMicro     AndroidOS_FONCYSMS.A     20120202
TrendMicro-HouseCall     AndroidOS_FONCYSMS.A     20120203
VBA32     -     20120202
VIPRE     Trojan.AndroidOS.FoncySms.a (v)     20120202
VirusBuster     Trojan.AndroidOS.Foncy.B




SuiConFo.apk
Submission date: 2011-12-09 03:01:39 (UTC)
Result:
6 /43 (14.0%)
Antiy-AVL     2.0.3.7     2011.12.09     Trojan/AndroidOS.Foncy
Avast     6.0.1289.0     2011.12.08     Android:Foncy-A [Trj]
Comodo     10889     2011.12.09     UnclassifiedMalware
GData     22     2011.12.09     Android:Foncy-A
Kaspersky     9.0.0.837     2011.12.08     HEUR:Trojan-SMS.AndroidOS.Foncy.a
NOD32     6691     2011.12.07     Android/TrojanSMS.Agent.Q
TrendMicro-HouseCall     9.500.0.1008     2011.12.09     -
MD5   : 1a3fb120e5a4bd51cb999a43e2d06d88

3 comments:

  1. Hey I tried to contact you to get password for CVE-2010-2883 but failed to deliver e-mail lol. I'd appreciated if you can tell me your e-mail addresses. Thanks !

    ReplyDelete
  2. It is on blog profile - top right, click on Mila - contact info there.

    ReplyDelete
  3. French computer crime investigators from OCLCTIC have charged two men in connection with money-making malware that targets Android smartphone users. They are suspected of infecting more than 2000 Android devices with the Foncy Trojan horse.

    ReplyDelete