slocker | bad1cfd200f08fa76278dd11e6e7b28004402f58312f1771fbc124c257819285

Resubmissions

06-12-2023 18:03

231206-wne9cabd79 10

08-10-2023 00:01

231008-abc3kaba84 10

Sharing

Copy URL

Twitter E-mail

General

Target

394534c9ad058e4e99ab6d8c48dbaf12b18c823a374c58f799e01322fc414faa.apk.zip
Size

64.7MB
Sample

231008-abc3kaba84
MD5

dc95f61e756b89606f72e412445195b1
SHA1

528742bf97454af22fa040a61546e7c64a8ab322
SHA256

bad1cfd200f08fa76278dd11e6e7b28004402f58312f1771fbc124c257819285
SHA512

1f0df254e2d0bb73dc32c2a6d121de6db77dc22819af50507ed19be4500818e703d2463eb65bc2c706827304cfe02db08ae225449e98849220a276ea30fe99ae
SSDEEP

1572864:H2HYJ1BxqxbpKScUn/bJZWzlzJExjwr4X+6wT1nYIkDQ:H6+axb0J4LWzlzWSIwRVk8

Score

10^/10

Malware Config

Targets

- Target
  
  394534c9ad058e4e99ab6d8c48dbaf12b18c823a374c58f799e01322fc414faa.apk
- Size
  
  65.1MB
- MD5
  
  3a5c78dddb02bb3e9963e608aeec461c
- SHA1
  
  22d821aacefffad8934e3f07fb9fb43805493c2f
- SHA256
  
  5fb1886775252b05f43b7245efe35ab155503a525ed4c59e06b3d757692e4a82
- SHA512
  
  964d6040082ed962656bfd5218c64c65d6916aa114304d2006225100e0e6052005518acad18fbca747a7c6d36b4faba21d244a58cf4086fd24f7cbbfd4b75cc9
- SSDEEP
  
  1572864:bm1DBaMz9HrI6dVbmzlhnlqIWaOaVA3fIPXtJY:WBaiI6dVbmz3Q8DXXY
Score

8^/10

ransomware
- Requests cell location
  Uses Android APIs to to get current cell location.
- Checks Android system properties for emulator presence.
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Reads information about phone network operator.
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1
- Target
  
  www/home.html
- Size
  
  21KB
- MD5
  
  a13f0645233f0a96aeb364e3155b8a79
- SHA1
  
  8522ca6698b38cf11b90748f5400ce6f2adade4d
- SHA256
  
  3990f48c04fcf0fb202ec12dc0e168c02913f59a809c2d6d1d415cad8cce7f4c
- SHA512
  
  492fed484ffb15f3c31fc8118eaff1461ab70bed35c37e27d6880a47c9cb232abe6e590dc586a0c21636749ac9345dff7ce68dcedd3523047cb3a8ce791cb3ed
- SSDEEP
  
  384:HJYCqZs64NrboakPY4Cg2Iu9V440B76c/Y+mUNy:HJYk6CjkA4KIu440BRy
Score

1^/10
behavioral2 behavioral3
- Target
  
  www/js/app.js
- Size
  
  2KB
- MD5
  
  66dd1dcf2f09c57d715ba3604c586bc7
- SHA1
  
  12cc66b09ea6f17513b4df6f2c67bfe83f36d1fb
- SHA256
  
  975b71e186d63b09bcaa0fdd365f23891ae4e4979245245cb813cd53f575d451
- SHA512
  
  61b62ab76a6c611c6d32e07832b703328c6dd95cc1013af52ddec44fae35d51a1b99f4e581c47a4b57a66aa63e220fab75f32dfef963eed3b0dcbf47cf246402
Score

1^/10
behavioral4 behavioral5
- Target
  
  www/result.html
- Size
  
  1KB
- MD5
  
  74a09f8ed3a9429056d3e110fc1e6dc8
- SHA1
  
  a93bf4adecd5c778a69bbab23700d139023b6fff
- SHA256
  
  80ddf5a7efe5ce271e3659a2a5714eecef07539e874935675a555abae3cc35e6
- SHA512
  
  77a816f38a5ea5b5b548ec19b1d9442f18996601f9d2e2d5136077befb6e7fb6fd5a8f57bdfe4c783f06a4ed0d82fb584ef157f187e0ce9a86c4e6b6f920b69d
Score

1^/10
behavioral6 behavioral7
- Target
  
  a.alipayobjects.com/am/log/httpblock/1.2.js
- Size
  
  2KB
- MD5
  
  ce404ec713367ce24de9819369a0f378
- SHA1
  
  e75e636aabcde80fa25397f935f1603a5c9dd11d
- SHA256
  
  be2a758ca71c7feca8b7cdd354d199c31385e8e3d293c9cf54b1a5a95766b950
- SHA512
  
  eaf0a03d2f4fe0555dd1dd8a6a357a6c403daef9e873513ebb58c78c5c4b13f4547cc25d2c57ad72b7d1f7183db326f9dbe8511c55b5dcfcc412a08fff8f10d3
Score

1^/10
behavioral8 behavioral9
- Target
  
  a.alipayobjects.com/amui/zepto/1.1.3/zepto.js
- Size
  
  24KB
- MD5
  
  54c9c5d40126e729d3eb1db81420c3d2
- SHA1
  
  cbee54076e1f1dce5f418d62e13cd12500a6ff2f
- SHA256
  
  9cfb903afa8a5c82d8f8f96369229337a2be8c1c980dd908168b7555f69a2e31
- SHA512
  
  ed72c4274d3d029e7334907f40d368feb3060c062823a182cdb84158b6936c8d7bf6bf8fedcec889c67a3641a658a79da6be5e11d7bea653bbdd6f5ca51cfa68
- SSDEEP
  
  384:OFofTTMy+kMr9n4w9g2pxBA+vWWsFJPYq26nfQeJsB9ZuZ1:fF+kmTwRjTf5Qq
Score

1^/10
behavioral10 behavioral11
- Target
  
  a.alipayobjects.com/anima-yocto/1.1.10/index.js
- Size
  
  24KB
- MD5
  
  b079587ed08b28f65ea02cfafc30da93
- SHA1
  
  72e4aa95142ee562bf88c218fac5c5c0c3490c6a
- SHA256
  
  5a7ac79b4074e1102c4cd88c92e2aae14001f2b7f6f9c49f78eb743746ff06ee
- SHA512
  
  22f60fb052775ca7505697c72e6be6c6d333f107a0687f4e7dc89b2a4d70491d4b42e11465053c1d4ad13cb819fe8a4e7180876e7c2b81b53d6d1816985890ff
- SSDEEP
  
  384:/XMb3ZQzIMVU1p6SyTk4IMAGp5bb/Nz30WdJGz5UMfLo7TojFdL:0b3Zjw46FWGTRhW5pIUjL
Score

1^/10
behavioral12 behavioral13
- Target
  
  a.alipayobjects.com/g/am/share/1.0.7/1.0.7.js
- Size
  
  6KB
- MD5
  
  724fb13d7d7de898b7f5f48c4a32e231
- SHA1
  
  6f1b0b476a71fe8da9485c82b9615829613eaf54
- SHA256
  
  79a28dcf712ea5ea006a3ef50871e4d39a2af3aedd79779ae32d722170abea32
- SHA512
  
  2b50f64d2019a7c84eb486c85134b4acd09ee6843df63115d0caa114e6cf2255d8e3a4d368ba36f392d009c04b08cfa2be4bbcf6312bb5cf6fd463ba0a9d82ae
- SSDEEP
  
  192:qCgdnaGQ8zHLT+KI+R+wC7gZg3ZsFesmSbsNp4GeWtVUMa:idngu6qpy0g3ZlrSbEyGeaW
Score

1^/10
behavioral14 behavioral15
- Target
  
  a.alipayobjects.com/g/animajs/mtracker/3.1.0/seed.js
- Size
  
  16KB
- MD5
  
  c6a79f831594a59918126947a1c588c0
- SHA1
  
  85c673679e0a0ebf77b4c3c016685149e065279b
- SHA256
  
  538bc6da41ca34e311a3a5f8ff5ef11ebdeaa73d06d0c733df11ae69d836fef6
- SHA512
  
  a38295ee8c596642ae6996cd0735541419a5400acec27c69085055188568fd6b97331495351639e1a7be0927f96151862da61f677ae5dfb427bad7eb3eeab605
- SSDEEP
  
  384:9/Z0VoUyxo38gJ+GEWM+9XmUboCmnGmUZ:NZ0WJxoMgfEb+F2Ctf
Score

1^/10
behavioral16 behavioral17
- Target
  
  a.alipayobjects.com/g/component/antbridge/1.1.4/antbridge.min.js
- Size
  
  8KB
- MD5
  
  eb6165b605c97bd6f377edcbdc19044f
- SHA1
  
  b2afcf6281e4b105552e4c5e404d67793b315847
- SHA256
  
  2bce6ad4bf23a67d798b667b22c641e5f410362f6d9902864f0f74b3e1a52a7c
- SHA512
  
  6efd5afdde5bb445442e55c67893e4820162f77435e6cbacb12c1b096f9d6ae6884b58161d31fdef33ba54328a2aab086fd008642851988af29cd7c47ef855f9
- SSDEEP
  
  96:orhAZY2yITdQGulkazMiPCLXFlp+yzKdYPTk7R3nX/DfbMFpv50layg0JOC0a67B:orDjITdQGulkaz4rY74uaygUXmZi1S
Score

1^/10
behavioral18 behavioral19
- Target
  
  a.alipayobjects.com/g/h5-lib/alipayjsapi/3.0.5/alipayjsapi.inc.min.js
- Size
  
  41KB
- MD5
  
  eb42ad3902c103582135979914ddc66e
- SHA1
  
  72cc4418055c088356ecefc123aeb783abcf6a14
- SHA256
  
  b6c5bfc59fe7a788b5dde6ba0be1533d7ae5b1d3aa6415b16e45e3096320b857
- SHA512
  
  6ca66d02ad6dc2f4bf81f23305366220e3f7e912cd676608dee1b20ebd25ec847a9a7a4134ffcbeb6545e7d4519c4fbd08077a766a0ac8fdcff75d06f4b882ea
- SSDEEP
  
  384:mpL/5lYhcYWACVXg5bnzDC7sjYDjuBzpXUmjqLVPqbNavl/E+kWmU98fQQlrN:QeuKjaEThpXmKNG2H/
Score

1^/10
behavioral20 behavioral21
- Target
  
  a.alipayobjects.com/g/h5-lib/alipayjsapi/3.0.5/alipayjsapi.min.js
- Size
  
  35KB
- MD5
  
  40759f52547365ba7f6db26a22d17785
- SHA1
  
  93b1a9310a3290b83754a00722d0955fabf60fc1
- SHA256
  
  98fc8a119e6e90917f8a3b2f8208b168f2afe11cc6c2d49ac02a690c707386c5
- SHA512
  
  da0fe9dfb4acbe705f4b36caa8ea3ead9c792fd544514779b761aa4e6a9345310f158c8a783491481d879f86026899dd8408cd30ad6ed7ec769366c080bbfa14
- SSDEEP
  
  384:m9sLez9Yjv4oMGCIr3dSSQtlDjOuBGuOwaZ+Qyo21VO3Bv+D+kL0t9ApQI6rr:Fejol3dSr8u0ud4y23xaLJC
Score

1^/10
behavioral22 behavioral23
- Target
  
  a.alipayobjects.com/g/h5-lib/bizlog/1.2.12/bizlog.js
- Size
  
  13KB
- MD5
  
  da143da8d7953ab8c4b2d6044accab9b
- SHA1
  
  bc1a3a96c2ce934814b60687ad2b2361846821a0
- SHA256
  
  40c0c7de135812a4124d0e9882587a847d21c289ca934965671f58c1e6e65081
- SHA512
  
  a215a789b2ea5228b639915332ec86c6c3584a58de6152bf4ff563630db13d24563898166aed903dc40b7084f85a74a07c35cd827ea4e321cf6253d92e19bce7
- SSDEEP
  
  192:C/g70KWsKBIMz5LM3vkeEccB7PUATUMXEpFnIYRBWQocvva4F0LxwwZ2:C/guBBM3seENdTUMCRRBLa4eLx5Z2
Score

1^/10
behavioral24 behavioral25
- Target
  
  a.alipayobjects.com/g/h5-lib/hook_alert/1.0.2/hook_alert.js
- Size
  
  1KB
- MD5
  
  06fac113a5fb1170805d3c91749a6222
- SHA1
  
  f7488c108c24f90188808496f480f56a64567192
- SHA256
  
  fa5a6a34d461e22949c56922278ec0bbefd2c7e595a7a8bde9aa1ddaaf3d75ab
- SHA512
  
  d97cc6241c4b9e78d710fba2c267a94c3a91c1a54fb2e3ef7cdfd739fafdb848614d587a3187d7bece72548a33a40a1eb0a0e7a4e6c219baee9dbc45ec3a7247
Score

1^/10
behavioral26 behavioral27
- Target
  
  a.alipayobjects.com/g/h5-lib/protobuf/1.0.0/protobuf.min.js
- Size
  
  64KB
- MD5
  
  b3514abe9c9bf668d3185160b0632e0f
- SHA1
  
  ebe1e020d6d349dbd61c9b31656c30faa79d09df
- SHA256
  
  9fbd15b27f01c41a399c2ccede3487f7dc336cd87dd4d3a9089704b0b8f6595f
- SHA512
  
  9f7997a168f634032838939bdbb28e6ea9002c6c14165e19949ebd3dd1c616762f2281e0e12c9b73223582e4c4b3cbb5fe1523a5fd511da36d2b36a05d5e2e32
- SSDEEP
  
  768:jqy1toOG28PhQOiA7bFehHu7GQRqIsE5jp8peguDSlaC2JEd6vZ05stTODT7SEa2:H3SPh9bbFetvE5j5gu3EzpaeiW3
Score

1^/10
behavioral28 behavioral29
- Target
  
  a.alipayobjects.com/g/h5-lib/vue/2.1.6/vue.min.js
- Size
  
  69KB
- MD5
  
  d728355b9fdf7e321210519492f2e97c
- SHA1
  
  b52147f6143972c1ce9e814dbd34b89716d5a026
- SHA256
  
  59c243cb1a6f14b3071c0ee442ebdb139916811c15df3ba459d8ef6d351c5e1f
- SHA512
  
  14fa6d177a22e2e6799b3217232a87bd9373b57adf8d00c5eb258e75c35050c9b84149f2f03f971a9ae0d55b392591b422d71635f2742107664f80e67d2235bb
- SSDEEP
  
  768:Hj/rLJOYC9+RcbPnG9Bg+cz6LwuQZwiLICUb8r9rrMaq+zLnJUQWftSg9ZJuS72:HbvJp33gZ6LwuoJ9rrLRUQWFpJuS72
Score

1^/10
behavioral30 behavioral31
- Target
  
  a.alipayobjects.com/g/luna/luna-offline/1.0.0/index.js
- Size
  
  27KB
- MD5
  
  16bfca61208049f7ac6a9eee500258c8
- SHA1
  
  cecc78a1e031f2132e5683ca0eb8c22bdc78c9d2
- SHA256
  
  35b122b61aeae0382c1c96ac157c0aa1496ec20bebed16b8efa20d9f150891df
- SHA512
  
  cbc04fde8b6e47a8aec8ca604a3398a125cf2ff7b337f95a81a3bab078e23941c776c8cb7c8c25fa8c03d87daa885b06c6b0d9881a3a1e02f5dca6561bde0a57
- SSDEEP
  
  384:LKYnsRQap5/adgXm/8Dy5eTBpIQVfpBLY1m9gypI2t4LSrXT3g+VaRJxLuvG+Y:2Y+Z3D2oI+hVY1mO1q94RJR+Y
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Requests cell location

Checks Android system properties for emulator presence.

Checks known Qemu files.

Checks known Qemu pipes.

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32