ScarePakage

**Isonyx** · 13 Sep. 2014 07:34pm

A friend brought a phone to me with what I think is the ScarePakage
ransomware.

Apparently a "friend of his" looked up animal porn on his phone.

It's running android and I kind of want to extract the source code
and take a look at how this shit works.

Anyone down to check it out w/me?
this is a rare opportunity for security enthusiasts to get experience in the wild

http://i.imgur.com/D8cBaaY.jpg

**GAMEchief** · 13 Sep. 2014 08:09pm

I'm not an expert, but I imagine you would need to install a virtual box to run Android and copy the entire drive over to be able to read it in an environment where said virus isn't in control.

**Isonyx** · 14 Sep. 2014 03:33am

I was thinking of this

Droidbox - For dynamic analysis of what the app is doing
Android Emulator - from the Android SDK (run the APK file through this)
JD-GUI - displays source code of .jars

**Kingz V** · 15 Sep. 2014 04:32am

There is an android x84 .iso that works with vm-ware. >.>

interesting development.

**Souleater** · 21 Sep. 2014 04:17am

It looks like the old moneypak virus, adapted for android. I say follow the steps that have already been given to you, but run RogueKiller once everything is copied over. I have had that virus a few times from...ya know...because of research...and RogueKiller cleared it up almost instantly.

Thread: ScarePakage

LinkBack

Thread Tools

Search Thread

Rate This Thread

Display

ScarePakage

Posting Permissions