slocker | WannaLocker[.]zip

General

Target

WannaLocker.zip
Size

3.3MB
MD5

7bb99eaa4f3592073fb39d8ab70cc262
SHA1

0c66c06e60261a6c66e13e37067c5c869569e62b
SHA256

428b206615925e6f67a74cdc7619ae0f4effad8a295c67f85a29983847aac3d7
SHA512

1623b1428fec4b5397ac3d63ef60086627d7b2abfd9eb6de05671c4704dbf360dc7cdd3894e5754daf8b5816fea0b920823a44ee27e733d4a0f74db8bdca9ec5
SSDEEP

98304:BGFp6CkcBG3Dn63zhnrHbPcnJCtkxaEWc:8VBOT+ln7gJ

Score

10^/10

slocker

Malware Config

Signatures

SLocker payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d.apk	family_slocker_2
static1/unpack001/36f40d5a11d886a2280c57859cd5f22de2d78c87dcdb52ea601089745eeee494.apk	family_slocker_2

Slocker family
slocker

Requests dangerous framework permissions 3 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

WannaLocker.zip
.zip

Password: infected
200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d.apk
.apk android

com.android.tencent.zdevs.bah

com.android.tencent.zdevs.bah.MainActivity

Activities

com.android.tencent.zdevs.bah.MainActivity

android.intent.action.MAIN

Permissions

android.permission.SET_WALLPAPER
android.permission.ACCESS_WIFI_STATE
android.permission.READ_LOGS
android.permission.READ_PHONE_STATE
android.permission.GET_TASKS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
com.android.launcher.permission.READ_SETTINGS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_CONFIGURATION
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.MODIFY_AUDIO_SETTINGS
36f40d5a11d886a2280c57859cd5f22de2d78c87dcdb52ea601089745eeee494.apk
.apk android

com.android.tencent.zdevs.bah

com.android.tencent.zdevs.bah.MainActivity

Activities

com.android.tencent.zdevs.bah.MainActivity

android.intent.action.MAIN

Permissions

android.permission.SET_WALLPAPER
android.permission.ACCESS_WIFI_STATE
android.permission.READ_LOGS
android.permission.READ_PHONE_STATE
android.permission.GET_TASKS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
com.android.launcher.permission.READ_SETTINGS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_CONFIGURATION
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.MODIFY_AUDIO_SETTINGS

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.android.tencent.zdevs.bah

com.android.tencent.zdevs.bah.MainActivity

Activities

com.android.tencent.zdevs.bah.MainActivity

Permissions

com.android.tencent.zdevs.bah

com.android.tencent.zdevs.bah.MainActivity

Activities

com.android.tencent.zdevs.bah.MainActivity

Permissions