slocker | RANSOMWARE-main[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

RANSOMWARE-main.zip
Size

28.1MB
MD5

2d521773b5b1c2878af3d16dafd1b5c1
SHA1

3048ca91f7678dbb3607beffec06326b387f5518
SHA256

a39846bac28d35c5a1e33823c59d8e8ef5c049326ef1b6c49dda9bee7f762787
SHA512

543c840c1b94c4c3f83eaa2e6b50a4a5dcb5f86fc3312a90ad9ddca56c10ab38542bd087d672d406926fbcd5549bc2c681668caa4b5b1a9697c57ddfb79f4e82
SSDEEP

786432:ku8KzpS8+inzchUZFvENwvwww3zUnd81q:kA+E2UZFa9wSUd2q

Score

10^/10

slocker wipelock

Malware Config

Signatures

SLocker payload 1 IoCs

resource	yara_rule
static1/unpack001/RANSOMWARE-main/FIRST FOLLOWERS_src.apk	family_slocker_1

Slocker family
slocker

Wipelock Android payload 1 IoCs

resource	yara_rule
static1/unpack001/RANSOMWARE-main/vaimpier_ritik_src (3).apk	family_wipelock

Wipelock family
wipelock

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 7 IoCs

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA

Files

RANSOMWARE-main.zip
.zip
RANSOMWARE-main/FIRST FOLLOWERS_src.apk
.apk android

com.termuxhackers.id

com.termuxhackers.id.MainActivity

Activities

com.termuxhackers.id.MainActivity

android.intent.action.MAIN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SET_WALLPAPER
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_CONTACTS
android.permission.READ_SMS
android.permission.ACCESS_FINE_LOCATION
android.permission.WAKE_LOCK
android.permission.INTERNET
android.permission.REQUEST_INSTALL_PACKAGE
android.permission.CAMERA

Receivers

com.termuxhackers.id.BootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

Services
RANSOMWARE-main/LICENSE
RANSOMWARE-main/README.md
RANSOMWARE-main/WifiHacker.1.6_1.6.apk
.apk android

com.simple.apps.factory.phone.reset

com.simple.apps.factory.reset.activity.MainActivity

Activities

com.simple.apps.factory.reset.activity.MainActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE

Receivers

com.simple.apps.factory.reset.activity.MainActivity$DeviceAdmin

android.app.action.DEVICE_ADMIN_ENABLED
RANSOMWARE-main/base.apk
.apk android

com.device.security

com.device.security.activities.MainActivity

Activities

com.device.security.activities.MainActivity

android.intent.action.MAIN

Permissions

android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

Receivers

com.device.security.receiver.ActivateDeviceAdminReceiver

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLED

com.device.security.receiver.RebootReceiver

android.intent.action.BOOT_COMPLETED

Services

com.device.security.accessibility.AppAccessibilityService

android.accessibilityservice.AccessibilityService
RANSOMWARE-main/evilscreen.apk
.apk android

com.evilthreads.evilthreads

com.evilthreads.ui.LauncherActivity

Activities

com.evilthreads.ui.LauncherActivity

android.intent.action.MAIN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK

Receivers

com.candroid.bootlaces.ReschedulingReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.LOCKED_BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON

Services
RANSOMWARE-main/rans_encrypted.apk
.apk android

com.google.services

com.android.tencent.zdevs.bah.MainActivity

Activities

com.android.tencent.zdevs.bah.MainActivity

android.intent.action.MAIN

Permissions

android.permission.SET_WALLPAPER
android.permission.ACCESS_WIFI_STATE
android.permission.READ_LOGS
android.permission.READ_PHONE_STATE
android.permission.GET_TASKS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
com.android.launcher.permission.READ_SETTINGS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_CONFIGURATION
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.MODIFY_AUDIO_SETTINGS
RANSOMWARE-main/vaimpier_ritik_src (3).apk
.apk android

com.elite

com.elite.MainActivity

Activities

com.elite.UninstallAdminDevice

android.intent.action.SEND

Permissions

android.permission.GET_TASKS
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.WRITE_SMS
android.permission.READ_CONTACTS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_SETTINGS
android.permission.WAKE_LOCK

Receivers

com.elite.AdminReciever

android.app.action.DEVICE_ADMIN_ENABLED

com.elite.SMSReceiver

android.provider.Telephony.SMS_RECEIVED

com.elite.BootReceiver

android.intent.action.BOOT_COMPLETED

Services

Sharing

General

Malware Config

Signatures

Files

com.termuxhackers.id

com.termuxhackers.id.MainActivity

Activities

com.termuxhackers.id.MainActivity

Permissions

Receivers

com.termuxhackers.id.BootReceiver

Services

com.simple.apps.factory.phone.reset

com.simple.apps.factory.reset.activity.MainActivity

Activities

com.simple.apps.factory.reset.activity.MainActivity

Permissions

Receivers

com.simple.apps.factory.reset.activity.MainActivity$DeviceAdmin

com.device.security

com.device.security.activities.MainActivity

Activities

com.device.security.activities.MainActivity

Permissions

Receivers

com.device.security.receiver.ActivateDeviceAdminReceiver

com.device.security.receiver.RebootReceiver

Services

com.device.security.accessibility.AppAccessibilityService

com.evilthreads.evilthreads

com.evilthreads.ui.LauncherActivity

Activities

com.evilthreads.ui.LauncherActivity

Permissions

Receivers

com.candroid.bootlaces.ReschedulingReceiver

Services

com.google.services

com.android.tencent.zdevs.bah.MainActivity

Activities

com.android.tencent.zdevs.bah.MainActivity

Permissions

com.elite

com.elite.MainActivity

Activities

com.elite.UninstallAdminDevice

Permissions

Receivers

com.elite.AdminReciever

com.elite.SMSReceiver

com.elite.BootReceiver

Services