Malware Analysis Report

2024-10-18 22:10

Sample ID 231125-gqmnwahf51
Target Android Locker.zip
SHA256 3295f0d62eca860a4ccd4667f8cd778cb3235fac6c114ac12acfa829edca3a08
Tags
slocker
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3295f0d62eca860a4ccd4667f8cd778cb3235fac6c114ac12acfa829edca3a08

Threat Level: Known bad

The file Android Locker.zip was found to be: Known bad.

Malicious Activity Summary

slocker

SLocker payload

Slocker family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-11-25 06:00

Signatures

SLocker payload

Description Indicator Process Target
N/A N/A N/A N/A

Slocker family

slocker

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral18

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:02

Platform

android-x64-arm64-20231023-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:02

Platform

android-x64-arm64-20231023-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 172.217.168.226:443 tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 172.217.168.226:443 tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
N/A 224.0.0.251:5353 udp
DE 172.217.23.202:443 tcp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:02

Platform

android-x64-arm64-20231023-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:02

Platform

android-x64-arm64-20231023-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.206:443 tcp
NL 142.250.179.206:443 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:02

Platform

android-x64-arm64-20231023-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:02

Platform

android-x64-arm64-20231023-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:02

Platform

android-x64-arm64-20231023-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:04

Platform

android-x64-arm64-20231023-en

Max time kernel

85087s

Max time network

134s

Command Line

com.lololo

Signatures

N/A

Processes

com.lololo

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.251.36.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.46:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 172.217.168.234:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.168:443 ssl.google-analytics.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 142.250.27.188:5228 mtalk.google.com tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:02

Platform

android-x64-arm64-20231023-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.206:443 tcp
NL 142.250.179.206:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 142.250.27.188:5228 mtalk.google.com tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 accounts.google.com udp
DE 172.217.23.205:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:03

Platform

android-x64-arm64-20231023-en

Max time kernel

85126s

Max time network

157s

Command Line

com.gmail.heagoo.apkeditor.pro

Signatures

N/A

Processes

com.gmail.heagoo.apkeditor.pro

Network

Country Destination Domain Proto
NL 142.251.39.98:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.208.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.136:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
GB 216.58.208.110:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp

Files

/data/user/0/com.gmail.heagoo.apkeditor.pro/files/mycp

MD5 5ee00f0a2fe39b7bbfd6b9cd0bd8f88e
SHA1 326bab3a574c51c1d353939964f1b6026b2c3067
SHA256 91ce9d7824908beebeff6d3177d07e52a8f6069ba0926e084c2e6d4444053eff
SHA512 606ceabd0c004bf939b6f3e6b53993762aa4d1d727a277f7379b6be400c25e0f492af66068e3be29a4ba5de86a0098d8681c2a9932e1252285fca55286aac5c6

/data/user/0/com.gmail.heagoo.apkeditor.pro/files/bin/aaptz

MD5 35974b44dd07a688fa487da782f35113
SHA1 057784ce3f424a56738558ee62ce9074fb6c8681
SHA256 11fd748879af68a62ec09f294a2857d09d7af3b23425571746cd2ae2fc9c95e3
SHA512 a15b6e829b8a8d8363a675e5c3a0b5cb919214b2e4395d9cad448ba3ffd2fee3cbd934e5fce966d97d033f5d5ab9b09d8640de0e141faaecced3292917908a1b

Analysis: behavioral3

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.206:443 tcp
NL 142.250.179.206:443 tcp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.206:443 tcp
NL 142.250.179.206:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-11-25 06:00

Reported

2023-11-25 06:01

Platform

android-x64-arm64-20231023-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A