joker | 7906d13c568ec322ccba26a3773dcafb74fb2a8bedbcec66b6bccfa9acb99993

Analysis

max time kernel
2897266s
max time network
133s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
06-10-2022 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

和平精英透视.除草防封.apk
Size

4.3MB
MD5

d8d98b10dd55cff879556ecf71b9b6ab
SHA1

ab8a576ac26b50bb468f6c040256198d7a2f8c52
SHA256

181f81bcb7dbd8f01dcb45e72faec82c435f73a8448e58365488dcaf88b7df12
SHA512

7c43c3de4953ea09f8f4fa6a44122970c35d4e6026a60faa6af841dc49445e83ac805bbb38ac1bc97a8b3e79dca0f9a8dd31ae580fc35c988556fc0d45341a4d
SSDEEP

98304:OCI+p0CazkL7DlJ5hamrjJbxDvLkM4SJDmIXfH5e:OClYE7hJ5haYJ1DvLkcJDrX0

Score

10^/10

joker infostealer trojan

Malware Config

Extracted

Family

joker

http://buwo.oss-cn-beijing.aliyuncs.com

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Checks known Qemu files. 1 IoCs

Checks for known Qemu files that exist on Android virtual device images.

description	ioc	Process
File opened for read	/sys/qemu_trace	com.jyzlhkj

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

description	ioc	Process
File opened for read	/dev/socket/qemud	com.jyzlhkj
File opened for read	/dev/qemu_pipe	com.jyzlhkj

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.jyzlhkj/.jiagu/classes.dex	4089	com.jyzlhkj
/data/data/com.jyzlhkj/.jiagu/classes.dex!classes2.dex	4089	com.jyzlhkj
/data/data/com.jyzlhkj/.jiagu/tmp.dex	4089	com.jyzlhkj
/data/data/com.jyzlhkj/.jiagu/tmp.dex	4181	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jyzlhkj/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.jyzlhkj/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.jyzlhkj/.jiagu/tmp.dex	4089	com.jyzlhkj

com.jyzlhkj
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
PID:4089
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jyzlhkj/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.jyzlhkj/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4181

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jyzlhkj/.jiagu/classes.dex

Filesize
1.6MB

MD5
8020812975f0e462a194313ce6db3619

SHA1
1d3a341b153009bb8730f2c6c0c45722201f07a7

SHA256
3a7fdb9d07a47f2d5af11b08a8ecf958da29fb4352f392b050e815ea532030c3

SHA512
691efb9640ebfd77ede81c220bf5115fe4335df547555d90a5bcd750b2c6171f1f2deb5a24f2b8094293a22e117cac43e683820b3db590ac9553d9fcfcaa3b37

Download Submit
/data/data/com.jyzlhkj/.jiagu/classes.dex!classes2.dex

Filesize
116KB

MD5
2f24e2640211bb75c19409eedb7ca3cf

SHA1
6a5e3360f17878d2a8133d4c02fe47a832a56db6

SHA256
276baf4bc626d9c2127283d2340b07ac9b8b3efe204c16eaa7251827e40fc9e5

SHA512
4612e0ee90b39264d7413afb7aa4b0359cfd4bd49928ba6fbc1fb498a9b68e65490f8c2b19aefdc304a23c66900f913af8fb09413d560918472e140b3493ca2f

Download Submit
/data/data/com.jyzlhkj/.jiagu/libjiagu.so

Filesize
682KB

MD5
299f287aa6b9bbb5d64be7725d93cdab

SHA1
4f6caa7c2b73adcd48c130e9dab5ceff2d9221ac

SHA256
f1beda015646b60d4293e1ab8a7b2ac22b28e966da0da3eb87fd1812b8442e7b

SHA512
cae7ca6015c3ed51e5f5d1dad6733201bdbcec16c95cb84e8a5947c4effa1296fc6709cce35333b6d8815d0a6323bfd5d485d2d5702fc60bc235da8f0fa1f766

Download Submit
/data/data/com.jyzlhkj/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.jyzlhkj/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.jyzlhkj/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.jyzlhkj/files/.jglogs/.cl

Filesize
32B

MD5
f645e20f7cbc0e91d6a3988eef8885cb

SHA1
bbca1ac4a0c767fd437aea16f1381b688501b652

SHA256
1361d6de61462b8f2a0faf0a1cc9bedfed61d4412da7f24fbcdb144b7fc17020

SHA512
fe49eb3bbeb74796c208123fdc8b0fc0dda3b0864c367389adddf296c2099b903c5fdea4fccef11b3f06a5dd589201f4412ea8d744b1eb5e1cbbc237c2f250bb

Download Submit
/data/data/com.jyzlhkj/files/.jglogs/.jg.ac

Filesize
72B

MD5
a6c4ca95bcec743165dfe2170b33fb5c

SHA1
96dc33947706d970974683c00fc0326a47c89e28

SHA256
b583d7e39fd60abc9ed12991962b19fad3dc8316b34a7128a039b9c6196c7cee

SHA512
42f3323bba136dcf7b13b7c27cef828d88dde504805d354d9ef3e834a4f03a69e35a46b4537848632685313468369d333029f640e714fd7a8b598908e8562cfe

Download Submit
/data/data/com.jyzlhkj/files/.jglogs/.jg.ri

Filesize
646B

MD5
860c1892b8be6df66e094a33fdbb480e

SHA1
328227edb3d4da2a06898569d6e73d3f6a505849

SHA256
0f6d8a8056c87d07bf46e0fd30d39ff55ace56ed0ffdebf8b7f595d9e4037900

SHA512
2d982f35ba0218b5be64f3a20e97c59ef94a76c142fbeb36851697ce8ca94c442acc525914364cbd379af492fed561d1e7e5f226cd6519af92a289143a77348f

Download Submit
/data/data/com.jyzlhkj/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
af5c7119bd3e17750879070c31ea0932

SHA1
7a794cc418c07ebf75fc99a17a241e2d26d5ef5c

SHA256
a2513f8f3e27a7e756fb5860cf3615fdf220fb08e658b936905d7f5aafb096f3

SHA512
6667eed9154916f23e9459b756963c9a6ca064b5def1b3fec0b24a0a8307974efe98cf02b0a00608bfd60e585dc30aac868ea7fcec499ebbeb86fcbc969c79c7

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db

Filesize
24KB

MD5
cbb2444a850e7c03cdcfc856f38c44b5

SHA1
57345d8dbb9969d2502ac9f838ddee2993ea8afd

SHA256
36af20cb5479faa5230bf12904f4d0b58f91a0524f6cac3d87cdf83c5acf81b9

SHA512
8280fe42f4ff9dadc3e5c5df7fb1a4df73c962ed68742bc9be29c9aab2f0bd9f9e4aee65a9197283479abf7e66256c7e0b6d86da6a1e7cf1cb371524c0223b1e

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-journal

Filesize
524B

MD5
f1c4eaf2930e06ab0fd291a7dec4bdfe

SHA1
a326226c1253b5a0dbe3d1342d8963a8f5f3b3c6

SHA256
016d0a35320b167ed4f71ec32e3bd6371a716728ab7e7f611202fc58aa89a7a1

SHA512
bbc65dcd0c5465c139d21cc00b2dd073d5286c7525c5b561d7dfa61215061e4d1ea059295e44afb7a53c7baeaccc63e656577212a14c4e51d60d2c7f30f80f7c

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-wal

Filesize
32KB

MD5
fe71255dec4ace132b41db6d272213ba

SHA1
867a9e4ccf10c4bad3fc8317960e2dabd1dfd247

SHA256
592f4f9e1d8071a1ae967e3c373cb8293e3883a65b99dd8694efa6c40f3d7d49

SHA512
fb07983073b5464c6ea478d25157cf1811d99dd1959758872efb2bac4978a449fba81def49eb9de1f5417bdee9422941f1c08888f1dc569841e54b3f8630a2bf

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-wal

Filesize
8KB

MD5
2e3f259074c2ec17ceccf5fa9a8f68e7

SHA1
23d6946a59a0218349870bff0b226b9e85f9b134

SHA256
6b2c36cc051de6a776a201811402b9b3acf35f397d4dc8b105f4aa6cbfee5c0f

SHA512
e23d240056a8de2bb35366fdb837e0c620878966715658e8f5fea160558ad3a07254d0c0af147ba2732846c66ee68d3c26538c74dd8d5fff424982c8651498a1

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-wal

Filesize
4KB

MD5
c5a25da3d35bcb4fc12ec180d8a2975e

SHA1
586fd27cce2ac469a252689769c108d5316b3cfa

SHA256
2d5cb5dc7319309839d6e241a94d56fb3cc83e4b65f7544ee3d25bebef9dcc28

SHA512
53dc76e73d4402b2e3822f361beb45ef49d04cc479e965983907c4d76c3173ad4869a3bce971ba91ab53a365db827cddf54babb331fab08e0cdfa7973b2fa06f

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-wal

Filesize
8KB

MD5
b79b731594305bd473a69c7ff37ed2b7

SHA1
61ce9a349d35768e65727d5a67cecf4abd0bf980

SHA256
55726223f0b1dc981856c55721798102334e781faffd20fb6259f9b03ded9593

SHA512
6d12d74c532a377e5f3ad6a3114088bcc48cc4ed677ca3fa77625a1b6fd245ae037de7751e6b5e5484680aa13d046d84b661debb006950415b358786392b0ed7

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-wal

Filesize
8KB

MD5
921d5eecd733d6037392bb10152137d0

SHA1
a2d96b1dff261a2d8c32c8d3fe242e3f93f2a0ab

SHA256
d81eb266a615365bb49924db6e5d17797854ac79665e8629762d6b4814d30194

SHA512
f62476cecf1eb0c6d0fdef08024788a162d5974068bc60510c4422a25196491a507806eae550e204896a4ab48cfab7c1e7f53ceacdd472ef7132c0b200a960fb

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-wal

Filesize
4KB

MD5
5b308fceaf2fb7f74bf33273e50c470c

SHA1
fd5540edef443cd4f060b07d235aa2eef1952077

SHA256
62241ce0f7961516ed299dad76934d028113b7af6583df4c8c90cf7e52ab7060

SHA512
ff8e22e0dbf524dd61112810513333a6c21215fc7bc3e772240624bbcb8af4f5cab879089ec962e3163e086c722a1211d140bc6a5e6f835aeaad42d822c873c7

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-wal

Filesize
8KB

MD5
ef245d6689ffd464d5e2de8ea949b1fa

SHA1
868807f0258b5ee8de7b02c65b0c098d1bf47282

SHA256
b1528c779cd0ed2da10561e445fa874331f1d0767670299aa613cd70e90b06c2

SHA512
5e834ea50bddce5899147b2c6fb1277afbc0639cf2be6a2fd7d98b191b382ea3419bdbaadf5a6285ed3faff1989fe23f6766d0d84cc8eaaf5959cf799a0b0e20

Download Submit
/storage/emulated/0/stymd/ther/bmn/zscs.txt

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit