slocker | 51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

Target

virusX.zip
Size

32.5MB
Sample

250114-f9l11szpgq
MD5

a58b72237a14d709c6eea04b73049210
SHA1

786a2d070ea75d7fd858ebd93869063fedd6d705
SHA256

51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5
SHA512

978b868d4ce591570f722d167e14f2b6533d3b341bdaac1048fb3d1196ad26b2009269514d29b5aeb12aa75697ae556ebd3c88af1ed4ea00f8c83289fff7a9b9
SSDEEP

786432:xDWCPFc6LHxrdAxglUJMtJg9GzAl8g5lf/F9M6GvHzn9:sUzjxrdAxxJM+l8g5lDM6Gj9

Score

10^/10

Malware Config

Targets

- Target
  
  e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10.apk
- Size
  
  3.5MB
- MD5
  
  990bf5a2e9a7c90c75c9c07bf4a5e634
- SHA1
  
  ade24475ee8a9a2a0eec43772bbc02aeacb5926c
- SHA256
  
  e8947bc9fb2bd597daba3064d5fab275d8df2beac92f301063f22fe276dcbc10
- SHA512
  
  40419371a8dd596e8930e298e0d5470efd168a6d1a8425b8aa6eeb4e495cbc49580f234ac4278117600e2ff516ebdd867e6d395d67c80ce56660d1c8ca9ec92f
- SSDEEP
  
  98304:8mRW7NIyWHAt/2qcPf7K+KjXZKBEjzZST:8R7Wgt/GPjKPFK2XC
Score

7^/10

collection credential_access discovery evasion impact persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Acquires the wake lock

Makes use of the framework's foreground persistence service

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2