joker | b34cfeec76b6359e849f92003e2df6d756a46a2c73ea4c334becb7b53bd9eaa8

Analysis

max time kernel
32872s
max time network
142s
platform
android_x64
resource
android-x64-arm64-20220621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220621-enlocale:en-usos:android-11-x64system
submitted
15-07-2022 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

B34CFEEC76B6359E849F92003E2DF6D756A46A2C73EA4C334BECB7B53BD9EAA8.apk
Size

14.1MB
MD5

a6c412c2e266039f2d4a8096b7013f77
SHA1

6a206b4c26f3a2ed1c4ca494a81f18577e68456e
SHA256

b34cfeec76b6359e849f92003e2df6d756a46a2c73ea4c334becb7b53bd9eaa8
SHA512

0096e8950b2633c8bd8133fbc11ad93af72426da55e03159793d881d3746f8212cd5cc74ad4ca3a36e64618ae90c401add350194af85accdd9d9fed83421a509

Score

10^/10

joker banker evasion infostealer ransomware trojan

Malware Config

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.unique.input.style.my.keyboard

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.hardware	com.unique.input.style.my.keyboard

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.unique.input.style.my.keyboard/[email protected]	5443	com.unique.input.style.my.keyboard
/data/user/0/com.unique.input.style.my.keyboard/[email protected]	5443	com.unique.input.style.my.keyboard
/data/user/0/com.unique.input.style.my.keyboard/[email protected]	5443	com.unique.input.style.my.keyboard

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.unique.input.style.my.keyboard

Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.unique.input.style.my.keyboard

com.unique.input.style.my.keyboard
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5443

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.unique.input.style.my.keyboard/[email protected]

Filesize
3.1MB

MD5
89aba4158b15972255111334d97da393

SHA1
bd03a312d840b648d73e24d9ba3b4a5150f9ac7e

SHA256
75d3518c3f1477c90dff3bfcf5d9706887492ab22f51c3fb49f93dda2d6934ce

SHA512
b354927389832d3027a2686e5a85a94fa9042b5151eeaff9fddb0fb8cb0bed6267e9fa7bd6edf010ecbe51058c9c656f6568e82bd7f845ca62d0e1bbc86a53af

Download Submit
/data/user/0/com.unique.input.style.my.keyboard/[email protected]

Filesize
10KB

MD5
1771e0fe2fb13c8732eebaf59fa8a09e

SHA1
8dbbfa21ed6b4ec50597b5e9c2b37b7e5e907ebc

SHA256
60894302b8c073f3c813e7d50ba32a67fddd02c1e857692cec5ef83df7a118a0

SHA512
9bd4907fb083aea5a3abe44892b6e0c7912dae4469cb224c153a08641ada37ba73cae31cae261940cf3d6e8c1772ca9fe39257a5f3b67e3297873dbbad9a7176

Download Submit
/data/user/0/com.unique.input.style.my.keyboard/[email protected]

Filesize
20KB

MD5
21a76ea438006556bfdce47d7e0f2d4e

SHA1
d41a92ac7ca463067003a4929467c4b50270ce24

SHA256
838ae3037c72673861ee6d32edb66f6c2e18c5e12ee7cd03e6063c475aa3b3da

SHA512
ceb8b862dc63301022c2742f3dc5956224e9e016455dd911668d8a8cff1ad55a074fd53555f3a9064b8aad96c7d72c3467c54f5b26db5260a8292af5d9e429f5

Download Submit
/data/user/0/com.unique.input.style.my.keyboard/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/com.unique.input.style.my.keyboard/shared_prefs/com.facebook.sdk.appEventPreferences.xml

Filesize
160B

MD5
e4a9f15349bfb189e40218add039c114

SHA1
fe8e18a610f7633ea55e6319894ce908204b0c6a

SHA256
671fe76c7217e30a70b8b4c82550d0c4ee8c0134e4c1f00bdac684110eab37ce

SHA512
f7626ab807a874722dae4d84bc72f3f8e5c72d0992096ac518bce97fd73cc54434b30e12e1d3c2fa7bdc4156ea04ba8b970440dc41cec3ffe751847dbf1dd9f7

Download Submit
/data/user/0/com.unique.input.style.my.keyboard/shared_prefs/com.google.android.gms.measurement.prefs.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit