slocker | xxx_unsigned[.]apk | Triage

Resubmissions

14-01-2025 09:20

250114-la1b9atpg1 10

14-01-2025 09:18

250114-k9v15stpex 10

14-01-2025 09:16

250114-k8yewawlam 10

10-12-2023 02:18

231210-crra8sbeeq 10

10-12-2023 02:18

231210-crcsvadba7 10

06-12-2023 18:03

231206-wm5gvagb21 10

11-11-2023 01:06

231111-bglsbsdf38 10

Sharing

General

Target

xxx_unsigned.apk
Size

2.7MB
MD5

05c184df98be48c355316c4080924c5d
SHA1

6daf6e2f00a39132cd48e66a86670a03f10c8b13
SHA256

88b86662dd1653845985544299fd8cc732f49c72d63c86ea3ffb7bb3b3249138
SHA512

2f19f9a5dbb122a629bfee89d63e0c997abe28152ee60aee5d48d469c369b72f052f2335d3d7341032a3490004345dc916261fe7aaf66dc192732409e122b077
SSDEEP

49152:qkPc5T3jBJjM2M7xZkkPc5T3j6JjM2M7xZkaPc5T3jOJjM2M7xZkdPc5T3jbJjMY:qkPK3Hjkx1PK38jkxFPK3gjkx2PK3pjZ

Score

10^/10

slocker

Malware Config

Signatures

SLocker payload 1 IoCs

resource	yara_rule
sample	family_slocker_1

Slocker family
slocker

Requests dangerous framework permissions 7 IoCs

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA

Files

xxx_unsigned.apk
.apk android

com.popmods.exploit

com.popmods.exploit.MainActivity

Activities

com.popmods.exploit.MainActivity

android.intent.action.MAIN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SET_WALLPAPER
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_CONTACTS
android.permission.READ_SMS
android.permission.ACCESS_FINE_LOCATION
android.permission.WAKE_LOCK
android.permission.INTERNET
android.permission.REQUEST_INSTALL_PACKAGE
android.permission.CAMERA

Receivers

com.popmods.exploit.BootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

Services

Android Permissions

xxx_unsigned.apk

Permissions

android.permission.SYSTEM_ALERT_WINDOW

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.SET_WALLPAPER

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_CONTACTS

android.permission.READ_SMS

android.permission.ACCESS_FINE_LOCATION

android.permission.WAKE_LOCK

android.permission.INTERNET

android.permission.REQUEST_INSTALL_PACKAGE

android.permission.CAMERA