slocker | covidSlocker[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

covidSlocker.zip
Size

445KB
MD5

6fbb4920967953ad0c2dbc42a0acac75
SHA1

e6250e5f4382b88bd19a22af94690318804535a0
SHA256

46c2805313ef1acf682a39dec6e8b79cc82d31cc755b074d2e7f2cb9992922a0
SHA512

52d8c9ffc445172204ee3f62e1792f445233145475e01b540df2914d944bb14bcf5dd839107896429ba1eee6b1c6d77ba53258167f6188b932fcf758f622714f
SSDEEP

12288:+bNc5EeNiVwoqWCek/GLI/UEL5jzMk1xRtw:+u5BjWCeqGLdiRzMatw

Score

10^/10

slocker

Malware Config

Signatures

SLocker payload 4 IoCs

Processes:

resource	yara_rule
static1/unpack001/1dfc2e6f96727ab1bb37bc5ac303dc62	family_slocker_1
static1/unpack001/698aa564ba543d8b0bb247471554672b	family_slocker_1
static1/unpack001/6e3d57271a1c0e8e79c88d15f3897bab	family_slocker_1
static1/unpack001/8fc2e3254eabdfceee843c6bc3367f6c	family_slocker_1

Slocker family
slocker

Requests dangerous framework permissions 1 IoCs

Processes:

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Files

covidSlocker.zip
.zip

Password: infected
1dfc2e6f96727ab1bb37bc5ac303dc62
.apk android

com.lololo

.MainActivity

Activities

.MainActivity

android.intent.action.MAIN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SET_WALLPAPER

Receivers

.BootReceiver

android.intent.action.BOOT_COMPLETED

Services
698aa564ba543d8b0bb247471554672b
.apk android

com.lololo

com.lololo.MainActivity

Activities

com.lololo.MainActivity

android.intent.action.MAIN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SET_WALLPAPER

Receivers

com.lololo.BootReceiver

android.intent.action.BOOT_COMPLETED

Services
6e3d57271a1c0e8e79c88d15f3897bab
.apk android

com.lololo

.MainActivity

Activities

.MainActivity

android.intent.action.MAIN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SET_WALLPAPER

Receivers

.BootReceiver

android.intent.action.BOOT_COMPLETED

Services
8fc2e3254eabdfceee843c6bc3367f6c
.apk android

com.lololo

.MainActivity

Activities

.MainActivity

android.intent.action.MAIN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SET_WALLPAPER

Receivers

.BootReceiver

android.intent.action.BOOT_COMPLETED

Services

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.lololo

.MainActivity

Activities

.MainActivity

Permissions

Receivers

.BootReceiver

Services

com.lololo

com.lololo.MainActivity

Activities

com.lololo.MainActivity

Permissions

Receivers

com.lololo.BootReceiver

Services

com.lololo

.MainActivity

Activities

.MainActivity

Permissions

Receivers

.BootReceiver

Services

com.lololo

.MainActivity

Activities

.MainActivity

Permissions

Receivers

.BootReceiver

Services