slocker | hxxps://www[.]mediafire[.]com/file/uut7jo6m92glu7t/tiktok[.]apk/file

Analysis

max time kernel
298s
max time network
312s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
26/07/2024, 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/uut7jo6m92glu7t/tiktok.apk/file

Score

10^/10

slocker ransomware

Malware Config

Signatures

SLocker
SLocker is an Android ransomware that locks victim screens and encrypts files.
ransomware slocker

SLocker payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-5.dat	family_slocker_1

Requests dangerous framework permissions 7 IoCs

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4324

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

files/dom-0.html

Filesize
17KB

MD5
a9fc5ee9473aecad51b1440523f03a39

SHA1
aeecc415a1c52e2457138f6bb237dda50dee0b40

SHA256
6f9d6d5abbe029dd63263748ad46512889479a21891e403de9cc6d8c72959ae7

SHA512
222aa1a9bfbe998030f2af06a3b1b0c4ec4f6ac93801c1a422b449c3942e8ccc23fe4351453cc8252d4816d72473d78afedd5b33e2c4bb42cc95370a00cfd6b3

Download Submit
files/dom-1.html

Filesize
319KB

MD5
1335c351bf36193d364de30056207aa0

SHA1
78668edb9da525f9fcc59b5e5b6c0f34f9680652

SHA256
0914fa07767812cb1c48ae028b2fdb7915620317db6b85bee531b71c9ab9c378

SHA512
9b31a1746e2b41ba379ca06380f0c1cdf7a0d78e79deda5f4dceacd7807fa5d70a2b3edb8a5753b6daf99c70f800e4f774a6033b7b70d78ba65c3a97062453f0

Download Submit
/storage/emulated/0/Download/.pending-1722622037-tiktok.apk

Filesize
2.7MB

MD5
7cc805be68b2392cbc8d9b643b6f1a35

SHA1
d808a8aee11a2335e09ceb2744b60a00544f0b71

SHA256
3ad6a04700902fdc4dcf1fcdaa39490335319860c6777b9efa32a58cda8dcc77

SHA512
3f6c825a2f3aa40d1d8caef0220b2fe40166efd864a26a63df5573f489fc073aa7d1dcf50b4c41a53e31f3c7397fb171f46603168e261558601df28e8503b81c

Download Submit
/storage/emulated/0/Download/.pending-1722622037-tiktok.apk (deleted)

Filesize
512KB

MD5
59071590099d21dd439896592338bf95

SHA1
6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c

SHA256
07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541

SHA512
eedb6cadbceb2c991fc6f68dccb80463b3f660c5358acd7d705398ae2e3df2b4327f0f6c6746486848bd2992b379776483a98063ae96edb45877bb0314874668

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads