ScarePakage

Printable View

13 Sep. 2014, 07:34pm
Isonyx

ScarePakage

A friend brought a phone to me with what I think is the ScarePakage
ransomware.

Apparently a "friend of his" looked up animal porn on his phone.

It's running android and I kind of want to extract the source code
and take a look at how this shit works.

Anyone down to check it out w/me?
this is a rare opportunity for security enthusiasts to get experience in the wild

http://i.imgur.com/D8cBaaY.jpg
13 Sep. 2014, 08:09pm
GAMEchief

I'm not an expert, but I imagine you would need to install a virtual box to run Android and copy the entire drive over to be able to read it in an environment where said virus isn't in control.
14 Sep. 2014, 03:33am
Isonyx

I was thinking of this

Droidbox - For dynamic analysis of what the app is doing
Android Emulator - from the Android SDK (run the APK file through this)
JD-GUI - displays source code of .jars
15 Sep. 2014, 04:32am
Kingz V

There is an android x84 .iso that works with vm-ware. >.>

interesting development.
21 Sep. 2014, 04:17am
Souleater

It looks like the old moneypak virus, adapted for android. I say follow the steps that have already been given to you, but run RogueKiller once everything is copied over. I have had that virus a few times from...ya know...because of research...and RogueKiller cleared it up almost instantly.

All times are GMT. The time now is 07:18pm.