slocker | 51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5 | Triage

Resubmissions

14-01-2025 05:44

250114-gfjt8szrbn 10

14-01-2025 05:43

250114-ge4g9aykgt 10

14-01-2025 05:39

250114-gctj9szqep 10

14-01-2025 05:35

250114-f993vazqak 10

14-01-2025 05:34

250114-f9l11szpgq 10

14-01-2025 05:31

250114-f76yeayjcw 10

14-01-2025 05:30

250114-f68evayjas 10

14-01-2025 05:29

250114-f6m4xazpcq 10

14-01-2025 05:27

250114-f5p7wazpbm 10

Sharing

General

Target

virusX.zip
Size

32.5MB
Sample

250114-f6m4xazpcq
MD5

a58b72237a14d709c6eea04b73049210
SHA1

786a2d070ea75d7fd858ebd93869063fedd6d705
SHA256

51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5
SHA512

978b868d4ce591570f722d167e14f2b6533d3b341bdaac1048fb3d1196ad26b2009269514d29b5aeb12aa75697ae556ebd3c88af1ed4ea00f8c83289fff7a9b9
SSDEEP

786432:xDWCPFc6LHxrdAxglUJMtJg9GzAl8g5lf/F9M6GvHzn9:sUzjxrdAxxJM+l8g5lDM6Gj9

Score

10^/10

slocker wipelock android collection credential_access discovery evasion impact persistence

Malware Config

Targets

- Target
  
  Undead_Defense_Tycoon_Script.apk
- Size
  
  3.2MB
- MD5
  
  fc35546a7395a68b6440de033afa789d
- SHA1
  
  4afc8724e58084164148b7ce518ede8b203dce3c
- SHA256
  
  c1b81966fa17c4e7d5137f13b2f4d04704c97d66a54d57dcfc1f42ad1f4029e7
- SHA512
  
  ae32d9e7d7403a6ab0429da69fe4f803001a077327a0f103ccc9bcb90b17973ef10be8dc2cbf1909549a04f1eff5e85c81c2dfc2d99ba7fa93369efa47beca6c
- SSDEEP
  
  98304:BaqBN1el9eL+FB8Y2nzDNWbVAneM/EjF+894S:oqX1nk52n05AehERS
Score

7^/10

collection credential_access discovery evasion impact persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

slockerwipelock

behavioral1

collectioncredential_accessdiscoveryevasionimpactpersistence