GroDDViewer: WipeLocker

Sample name: Angry_BirdTransformers_1.1.0

Malware Family

Erase data on SD card and block social applications

Sample description:

We can see the main process com.elite accessing directories of the SD card such as /sdcard/Pictures/, /sdcard/Musics/ and /sdcard/Documents/. It happens when the malware is deleting all files stored in the SD card. We can also see the malware using the process contacts.providers in order to retrieve the contacts for spamming every 5 seconds the SMS “Elite has hacked you.Obey or be hacked”.

File details:

  • MD5 : 4e2201cde26141715255d2421f0bcfb1
  • SHA256 : f75678b7e7fa2ed0f0d2999800f2a6a66c717ef76b33a7432f1ca3435b4831e0
  • Size : 536.1 KB
View mode
System Flow Graph
Type: Group: Socket: .txt: .db-journal: .db: .xml: .tmp: .db-mj532C8C5E: .db-shm: .dex: .db-mj59EFBE92: .db-mj35B52C12: .db-wal: .db-mj007DA18E: .sqlite: .apk: .txt: .db-journal: .db: .xml: .tmp: .db-mj532C8C5E: .db-shm: .dex: .db-mj59EFBE92: .db-mj35B52C12: .db-wal: .db-mj007DA18E: .sqlite: .apk:
Grid Layout
Nb processes:

  • Graph legend
  • process
  • file
  • socket
Interactions frequency and zoom on time intervals
Min: 0 | Max: 1000 |
Current: 0
Speed: 500