MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SLocker


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d
SHA3-384 hash: dcf0a36cf60bbe7c1ff15fba4818b65dd7de94b7b1e0573c2d11c070672375a938717848e8772bbc52c27aac781315af
SHA1 hash: d72ca5ca1e7dc6431c041bfc6d7e3f9bfa39959c
MD5 hash: ba03c39ba851c2cb3ac5851b5f029b9c
humanhash: fish-east-seventeen-alpha
File name:WannaLocker.apk
Download: download sample
Signature SLocker
Create hunting rule
File size:1'842'576 bytes
First seen:2024-03-25 16:50:05 UTC
Last seen:2025-05-27 08:55:16 UTC
File type: apk
MIME type:application/zip
ssdeep 49152:x7bFcxrjUIWXUZGlilIy0ywxepey0yDR5y0yzUjtP:xbFcVwXU/lOxeFDIQ
TLSH T1DB8512D3B7119E6EDD38093A06934B79AB17DD185AA797030885326D3C77AD80F98ECC
TrID 72.9% (.JAR) Java Archive (13500/1/2)
21.6% (.ZIP) ZIP compressed archive (4000/1)
5.4% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter MrMalware
Tags:android apk Ransomware signed SLocker

Code Signing Certificate

Organisation:Android
Issuer:Android
Algorithm:sha1WithRSAEncryption
Valid from:2008-02-29T01:33:46Z
Valid to:2035-07-17T01:33:46Z
Serial number: 936eacbe07f201df
Intelligence: 1796 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
4
# of downloads :
963
Origin country :
CL CL
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
android lockscreen wannacry wannalocker
Link:
https://www.filescan.io/uploads/6601ab860cf6e2f68631edfa/reports/48922805-4925-427c-b577-6cc323804df2/overview
Result
Link:
https://incinerator.cloud/#/public/report/ba03c39ba851c2cb3ac5851b5f029b9c/detail
Application Permissions
read sensitive log data (READ_LOGS)
read phone state and identity (READ_PHONE_STATE)
retrieve running applications (GET_TASKS)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)
read external storage contents (READ_EXTERNAL_STORAGE)
set wallpaper (SET_WALLPAPER)
view Wi-Fi status (ACCESS_WIFI_STATE)
full Internet access (INTERNET)
prevent phone from sleeping (WAKE_LOCK)
view network status (ACCESS_NETWORK_STATE)
change your audio settings (MODIFY_AUDIO_SETTINGS)
change your UI settings (CHANGE_CONFIGURATION)
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d
Result
Threat name:
Slocker
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1415324
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Removes its application launcher (likely to stay hidden)
Yara detected Slocker
Behaviour
Behavior Graph:
n/a
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d/
Threat name:
Android.Trojan.SLocker
Create hunting rule
Status:
Malicious
First seen:
2017-06-09 18:37:42 UTC
File Type:
Binary (Archive)
Extracted files:
340
AV detection:
20 of 38 (52.63%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eagy7ggde36gl45bdxc76gkrauobfgi4ycmwe47oxg3rwj54ffgq._file
Result
Malware family:
slocker
Create hunting rule
Score:
  10/10
Tags:
family:slocker android
Link:
https://tria.ge/reports/240325-vcbaksgb5t/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:adonunix2
Create hunting rule
Author:Tim Brown @timb_machine
Description:AD on UNIX

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments