Locked Slocker Ransomware Source Code

[Diabl0]

The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom. After laying low for a few years, it had a sudden resurgence last May. This particular SLocker variant is notable for being an Android file-encrypting ransomware, and the first mobile ransomware to capitalize on the success of the previous WannaCry outbreak.

 

This is the hidden content, please

• Sign In
• or
• Sign Up

 

How the Ransomware Encrypts Files

 

When the ransomware is installed, it will check whether it has been run before. If it is not, it will generate a random number and store it in SharedPreferences, which is where persistent application data is saved. Then it will locate the device’s external storage directory and start a new thread.

The thread will first go through the external storage directory to find files that meet specific requirements:

 

The lowercase paths for target files must not contain “/.”, “android”, “com.” and “miad”.

With the external storage as the root directory, target files should be in directories whose directory level is smaller than 3 or the lowercase file paths contain “baidunetdisk”, “download” or “dcim”.

File name must contain “.” and the byte length of the encrypted file name should be less than 251

The file must be larger than 10 KB and smaller than 50 MB

The ransomware avoids encrypting system files, focuses on downloaded files and pictures, and will only encrypt files that have suffixes (text files, pictures, videos). When a file that meets all the requirements is found, the thread will use ExecutorService (a way for Java to run asynchronous tasks) to run a new task.

 

This is the hidden content, please

• Sign In
• or
• Sign Up

 

NOTE: This link is a decompiled version of this ransomware and NOT the original.

Download Link:

[HIDE-THANKS]

Link:https://www.sendspace.com/file/mit7z0

[/HIDE-THANKS]