joker | 7906d13c568ec322ccba26a3773dcafb74fb2a8bedbcec66b6bccfa9acb99993

Analysis

max time kernel
2897181s
max time network
19s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
06-10-2022 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

和平精英透视.除草防封.apk
Size

4.3MB
MD5

d8d98b10dd55cff879556ecf71b9b6ab
SHA1

ab8a576ac26b50bb468f6c040256198d7a2f8c52
SHA256

181f81bcb7dbd8f01dcb45e72faec82c435f73a8448e58365488dcaf88b7df12
SHA512

7c43c3de4953ea09f8f4fa6a44122970c35d4e6026a60faa6af841dc49445e83ac805bbb38ac1bc97a8b3e79dca0f9a8dd31ae580fc35c988556fc0d45341a4d
SSDEEP

98304:OCI+p0CazkL7DlJ5hamrjJbxDvLkM4SJDmIXfH5e:OClYE7hJ5haYJ1DvLkcJDrX0

Score

10^/10

joker infostealer trojan

Malware Config

Extracted

Family

joker

http://buwo.oss-cn-beijing.aliyuncs.com

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Checks known Qemu files. 1 IoCs

Checks for known Qemu files that exist on Android virtual device images.

description	ioc	Process
File opened for read	/sys/qemu_trace	com.jyzlhkj

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

description	ioc	Process
File opened for read	/dev/socket/qemud	com.jyzlhkj
File opened for read	/dev/qemu_pipe	com.jyzlhkj

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.jyzlhkj/.jiagu/classes.dex	4251	com.jyzlhkj
/data/user/0/com.jyzlhkj/.jiagu/classes.dex!classes2.dex	4251	com.jyzlhkj

com.jyzlhkj
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
PID:4251

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.jyzlhkj/.jiagu/classes.dex

Filesize
1.6MB

MD5
8020812975f0e462a194313ce6db3619

SHA1
1d3a341b153009bb8730f2c6c0c45722201f07a7

SHA256
3a7fdb9d07a47f2d5af11b08a8ecf958da29fb4352f392b050e815ea532030c3

SHA512
691efb9640ebfd77ede81c220bf5115fe4335df547555d90a5bcd750b2c6171f1f2deb5a24f2b8094293a22e117cac43e683820b3db590ac9553d9fcfcaa3b37

Download Submit
/data/user/0/com.jyzlhkj/.jiagu/classes.dex!classes2.dex

Filesize
116KB

MD5
2f24e2640211bb75c19409eedb7ca3cf

SHA1
6a5e3360f17878d2a8133d4c02fe47a832a56db6

SHA256
276baf4bc626d9c2127283d2340b07ac9b8b3efe204c16eaa7251827e40fc9e5

SHA512
4612e0ee90b39264d7413afb7aa4b0359cfd4bd49928ba6fbc1fb498a9b68e65490f8c2b19aefdc304a23c66900f913af8fb09413d560918472e140b3493ca2f

Download Submit
/data/user/0/com.jyzlhkj/.jiagu/libjiagu.so

Filesize
682KB

MD5
299f287aa6b9bbb5d64be7725d93cdab

SHA1
4f6caa7c2b73adcd48c130e9dab5ceff2d9221ac

SHA256
f1beda015646b60d4293e1ab8a7b2ac22b28e966da0da3eb87fd1812b8442e7b

SHA512
cae7ca6015c3ed51e5f5d1dad6733201bdbcec16c95cb84e8a5947c4effa1296fc6709cce35333b6d8815d0a6323bfd5d485d2d5702fc60bc235da8f0fa1f766

Download Submit
/data/user/0/com.jyzlhkj/.jiagu/libjiagu_64.so

Filesize
798KB

MD5
84271f62254994e967f1ce2c0eca6a84

SHA1
440f54a9395a682b87d4838e48e684bc43571132

SHA256
e1f2d92a9bb122955d0fbc4bc362bfb7f35b9aafc8fd169ad419b9933e4f7290

SHA512
1b249da878133f4df3ea2cd87e5a3d74a3e5d13f6621476d58d83190ffb64103acffc2794d191568c216920699fcdcf4e7df98e2f63f7b5f695264a9d3d4cb01

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db

Filesize
72KB

MD5
7fa3f348afe732a6b3221726ddf460d3

SHA1
45e14de1b088b4ce652a29d21e4d8adefd946368

SHA256
32f57693502cbfeba4929c73f74ad05c6baf6f1cbb34961401d6ae6d7fde6527

SHA512
a9ce277f93f6b885786afb292b1043b6d6e1fed64b8cc6c8e8ae8d59b3cf7274531038ac0e7dfe7c8bdf4996f5ae82bf1a2f346cd22a441cdcdb65ed0089e511

Download Submit
/data/user/0/com.jyzlhkj/databases/download.db-journal

Filesize
1KB

MD5
e6124014159e2ac94cd77425db22064b

SHA1
c23985acd386b68141e902554d1ac3b812abefb6

SHA256
ca7f67597fc1e11ee7a80b0d3eeef80de73d1ef1fc4285ab6ea07b0fe8f6fa43

SHA512
09d8a415bfafb47b5082cf118efe15e118e86faef6aa15bfd4f1ebd532860efeadbb8731478dfa6378f49d7b7751168ded96bcb534002a9d39b5e74100a06c4b

Download Submit
/data/user/0/com.jyzlhkj/files/.jglogs/.cl

Filesize
32B

MD5
f645e20f7cbc0e91d6a3988eef8885cb

SHA1
bbca1ac4a0c767fd437aea16f1381b688501b652

SHA256
1361d6de61462b8f2a0faf0a1cc9bedfed61d4412da7f24fbcdb144b7fc17020

SHA512
fe49eb3bbeb74796c208123fdc8b0fc0dda3b0864c367389adddf296c2099b903c5fdea4fccef11b3f06a5dd589201f4412ea8d744b1eb5e1cbbc237c2f250bb

Download Submit
/data/user/0/com.jyzlhkj/files/.jglogs/.jg.ac

Filesize
72B

MD5
a6c4ca95bcec743165dfe2170b33fb5c

SHA1
96dc33947706d970974683c00fc0326a47c89e28

SHA256
b583d7e39fd60abc9ed12991962b19fad3dc8316b34a7128a039b9c6196c7cee

SHA512
42f3323bba136dcf7b13b7c27cef828d88dde504805d354d9ef3e834a4f03a69e35a46b4537848632685313468369d333029f640e714fd7a8b598908e8562cfe

Download Submit
/data/user/0/com.jyzlhkj/files/.jglogs/.jg.ri

Filesize
646B

MD5
920e8e927a1ff3ad41aee521542c6006

SHA1
de86f8f5cc3208c69481f17a86758000fccd280c

SHA256
802ad9af0e50c2480463f952de8c98d65423ff374154155c8340407e6b94a714

SHA512
eb001675e5acd624c28103d0724aac0ec43ba453423dcda56ebe9c2644a4895d62ed2320b841ea5f5853dd935491eceae56dd146fb9719db68ed425e1147329a

Download Submit
/data/user/0/com.jyzlhkj/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
af5c7119bd3e17750879070c31ea0932

SHA1
7a794cc418c07ebf75fc99a17a241e2d26d5ef5c

SHA256
a2513f8f3e27a7e756fb5860cf3615fdf220fb08e658b936905d7f5aafb096f3

SHA512
6667eed9154916f23e9459b756963c9a6ca064b5def1b3fec0b24a0a8307974efe98cf02b0a00608bfd60e585dc30aac868ea7fcec499ebbeb86fcbc969c79c7

Download Submit
/storage/emulated/0/stymd/ther/bmn/zscs.txt

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit