Overview

overview

10

Static

static

7

com.autopr...om.zip

android-9-x86

com.autopr...om.zip

android-10-x64

com.autopr...om.zip

android-11-x64

com.autopr...er.apk

android-9-x86

10

com.autopr...er.apk

android-10-x64

5

com.autopr...er.apk

android-11-x64

5

config.ar.apk

android-9-x86

config.ar.apk

android-10-x64

config.ar.apk

android-11-x64

config.de.apk

android-9-x86

config.de.apk

android-10-x64

config.de.apk

android-11-x64

config.en.apk

android-9-x86

config.en.apk

android-10-x64

config.en.apk

android-11-x64

config.es.apk

android-9-x86

config.es.apk

android-10-x64

config.es.apk

android-11-x64

config.fr.apk

android-9-x86

config.fr.apk

android-10-x64

config.fr.apk

android-11-x64

config.hi.apk

android-9-x86

config.hi.apk

android-10-x64

config.hi.apk

android-11-x64

config.in.apk

android-9-x86

config.in.apk

android-10-x64

config.in.apk

android-11-x64

config.it.apk

android-9-x86

config.it.apk

android-10-x64

config.it.apk

android-11-x64

config.ja.apk

android-9-x86

config.ja.apk

android-10-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    com.autoprivate.gallylocker_200_apksos.com.apk

  • Size

    2.6MB

  • Sample

    221114-qpgkxagb5z

  • MD5

    fe9371192d5501485a5e440a14c5beab

  • SHA1

    a523d6fb6c97fca05f43a4cc085e64c4cb646ba7

  • SHA256

    a91e822957d66f26016249dc598f6868c8a803ef029f233fef88ff3f30f462ab

  • SHA512

    6c37c0d7d2bc62bd2aadda002c785d8dba3786666beacb72a2ad0f2108872be24279b398b928c4ec89dfb450b5197f91b2b26f4fe659cf0db05de45d43adea26

  • SSDEEP

    49152:auKcHIIdnVifRWaxFIb9gU0KxiXoS2CPwb2mr5477/0wMYZ:HnIEnViLxa9x0vXgC4b2mr5477/IO

Score
10/10
jokerandroidevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

joker

C2

http://oneslife.oss-ap-southeast-1.aliyuncs.com

https://cxjus.oss-accelerate.aliyuncs.com

https://cxjus.oss-ap-southeast-1.aliyuncs.com

Targets

    • Target

      com.autoprivate.gallylocker_200_apksos.com.apk

    • Size

      2.6MB

    • MD5

      fe9371192d5501485a5e440a14c5beab

    • SHA1

      a523d6fb6c97fca05f43a4cc085e64c4cb646ba7

    • SHA256

      a91e822957d66f26016249dc598f6868c8a803ef029f233fef88ff3f30f462ab

    • SHA512

      6c37c0d7d2bc62bd2aadda002c785d8dba3786666beacb72a2ad0f2108872be24279b398b928c4ec89dfb450b5197f91b2b26f4fe659cf0db05de45d43adea26

    • SSDEEP

      49152:auKcHIIdnVifRWaxFIb9gU0KxiXoS2CPwb2mr5477/0wMYZ:HnIEnViLxa9x0vXgC4b2mr5477/IO

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      com.autoprivate.gallylocker.apk

    • Size

      2.0MB

    • MD5

      d2af80a36bdbb5fb11adaf030ada0f36

    • SHA1

      58bf8a0d23fe7c6f184ce7f88ad09f0d169e501f

    • SHA256

      25922e86d546a5027c19d0e06bf6203cdf9f1f10d69a944f4225cbfe9f258627

    • SHA512

      c1864d11709750896de80098ba368644585922c90547733038168440538377d71d54b18a2921cb36e11ffb0feb137016abd21cd9e0e84d466505942a69ba3895

    • SSDEEP

      49152:XuKcHIIdnVifRWaxFIb9gU0KxiXoS2CPwb2mr547A:enIEnViLxa9x0vXgC4b2mr547A

    Score
    10/10
    jokerevasioninfostealerransomwaretrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral4behavioral5behavioral6

    • Target

      config.ar.apk

    • Size

      28KB

    • MD5

      0ac6d9c81925039e22bf1786e8d28517

    • SHA1

      154db3ac6759426a8d91e30da3ab618d4ad121e1

    • SHA256

      f61defe03375941f23ba5e67ace71a5769b6ba39632e82c8a4e55c75d4f0439e

    • SHA512

      748033ac289c73487c8cd457507694b09eabb78b3c270852e71030d563c9793398995567c74fcf5d48bfd9e7d8083480592b6c3a0a7013f5ba47af696656ebf4

    • SSDEEP

      384:eWhbBV9YJ1eoCPARyo5TaFvC5TmwMVf2dpd88hI8:eg9V+J1e7OPrP

    Score
    1/10
    behavioral7behavioral8behavioral9

    • Target

      config.de.apk

    • Size

      28KB

    • MD5

      fc3a25cbe02f380d9c109d32d763b7e7

    • SHA1

      715eb1fff398112990899b9f4847a77d44c006ce

    • SHA256

      b2b6d52d916f16bb82cc778c4129f2f592c36dd7b0e21fdb4f63d0629eb9ba8b

    • SHA512

      5ff9ee8f1350a5ed459b9be9b622f0b838ee345739df0d9a4f883ad2ea39ec4f66fd876f79e244fee6a7dea6806f6aa720d5f0cb6120e38f073d3ad069005cc2

    • SSDEEP

      384:MqHRf7FcaY2BV9YJ1em6MrSxB5TrYv5TbtMVasct8hIo:xxG4V+J1ez3roOcKX

    Score
    1/10
    behavioral10behavioral11behavioral12

    • Target

      config.en.apk

    • Size

      44KB

    • MD5

      061b3ad1f6012977a289288f55e0720b

    • SHA1

      851461b3ecf5612ac25ea15d549a0c55c468392e

    • SHA256

      46018553a28ccd969173072a253d59192ab2b63ce17505c7a881dcb4c2fa70ec

    • SHA512

      bcebc6bb9b7cab954589a8f7a92b040ff57445d2e15cd04f89d3c59ffd9ee7a39985e5337654bb7b4d49a7dc61346ce353609bf666d0a8a3b65cc6918a96c34f

    • SSDEEP

      384:li8Wj6aSllvBV9YJ1eNDzrz0ezbzBDW+Lee5TDp/o5TyT/eoMVT8hId:lipj6aSBV+J1efDW+LHk+va

    Score
    1/10
    behavioral13behavioral14behavioral15

    • Target

      config.es.apk

    • Size

      36KB

    • MD5

      66496826682746e45fbc09f3b95ef7a7

    • SHA1

      c8551c0cf47b9bf6b027d1094f38d7e420ffba0f

    • SHA256

      c286a04c3cf4b77acb1dfc9ee288abbc113d833a44f0b4b7ea81aac07f72d373

    • SHA512

      c95675c057f008bfc89d199eab2cf6d8d148311e4ea2f80b034f0bbc974ae6c004085d15c493cca4f82e3478e8ec6c22cc0e9f5a2a029153a29edefe471e1185

    • SSDEEP

      384:GpxV1eDKkdqBV9YJ1etQVS1sAYRqxWCaf7iHX5TiCiyw5TNf/MVxH949u8hIw:GZeDKkGV+J1eg2rafOHJ6x5jf

    Score
    1/10
    behavioral16behavioral17behavioral18

    • Target

      config.fr.apk

    • Size

      32KB

    • MD5

      4b667fa4aa0b45e1f4abd296b7dcc125

    • SHA1

      255f2e6813e830df485051a42e29dbd4988f6ea1

    • SHA256

      7054bb6c2977db177dd5660194f0ca923ce9e870822241d84627ba77d9d9c47c

    • SHA512

      1683546ed07af6abc5fc2ed565e2d298f177627c3d48a423ad04345fa20388e2e6495b6c7e4ca7f51e6e88ddd60d05c7298a142959936027c7c45409065dc2aa

    • SSDEEP

      384:6I3Qv5meV9Yb1euDyBPZ83IpYZ5Q8flA5TEWD5T/tPMVjp7h8hIf:B34meV+b1eMICZ+8flWEO/tap7GE

    Score
    1/10
    behavioral19behavioral20behavioral21

    • Target

      config.hi.apk

    • Size

      32KB

    • MD5

      76dc597d538d9c58eeca9a6d06c4797c

    • SHA1

      650b63b467b6b021f77f8a8ad7f8da45e9ab5628

    • SHA256

      373642d0621a36de952e342eb2dd9714499338f63b17348e45f1bf7cb268a796

    • SHA512

      8cfee6e29befed19c7b4cce52a4414803a84f0e0a3ca356d1a7ba070485e58be421ee4c6dafe92ca3dc9e33cb5ab8992c813fd70c7ce8fc4ee341e1fc4a01c02

    • SSDEEP

      768:XKpKroSECv4S2sV+J1ejMFjjutkCN2Npy:aMroSECv4S2sV+ijMFjjutkauw

    Score
    1/10
    behavioral22behavioral23behavioral24

    • Target

      config.in.apk

    • Size

      28KB

    • MD5

      4bc957053a197b54acaa0a6317a0f296

    • SHA1

      ea29ab3cda9bb91c55d185e89ab76874820c9984

    • SHA256

      186b332d510d62cc9fd73022489dd210f9657826a638c1b41f64ec48a2df1753

    • SHA512

      29497d4917874276a883c67be96cf25ff5cc4c7f169c5e0198eef194a409e8b1967d197e259131d8d627dd6b51aaa1bd43cc1e8ac6fd18593368e1973e354f9b

    • SSDEEP

      384:JhF1K+YBV9YJ1ekrfodEgURwbXUl5TKws5T1oMVfNC8hIz:JFK7V+J1eGRwLkSdQ

    Score
    1/10
    behavioral25behavioral26behavioral27

    • Target

      config.it.apk

    • Size

      28KB

    • MD5

      0f9d5f465111324d29d1c361a90de4a1

    • SHA1

      eb316c9726508c73786399e836f50aa7f7fc0bf7

    • SHA256

      1d958d557fba8ce566b45eb2d1013f459b370007ba565c0231a0c9decb7b9829

    • SHA512

      e0499361cd0bbff4f4be105dd9ff0887cb92475588fbc664f418e061b0b1a28a5b956d1985271bc8985d123dd0ae2f4168a2d538b0dce8a7465979196a785d17

    • SSDEEP

      384:6qVhUOQLBV9YJ1eUF9PruS+5tkjH6uU5TzZuU5TUKMVtkX68hIUw:vzUVNV+J1equftz7F7UhYhw

    Score
    1/10
    behavioral28behavioral29behavioral30

    • Target

      config.ja.apk

    • Size

      28KB

    • MD5

      cbee3eeaad04e14a44519cce483e512e

    • SHA1

      57045ed0e2905bc019c401dd489441f205b10608

    • SHA256

      868d56cc93bf0e6f97a8124c73db211de8e69be2563cd162ce79c8c8c1d4e49a

    • SHA512

      3b69836f93b9893647e05a6779db40acbcb2fd6064477b4694f7c894be1eabece104d9ec020f4f66f986c67f374795e612293489d78e1738b13346192a6c276a

    • SSDEEP

      384:ja5uBV9YJ1ep+boxyA930T9M5T9K75TZMV0lfJ7wfJ7y8hIH:jMAV+J1eDye0UwjlRwRXw

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix

Tasks

static1

Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

jokerevasioninfostealerransomwaretrojan
Score
10/10

behavioral5

ransomware
Score
5/10

behavioral6

ransomware
Score
5/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10