General
-
Target
Paint Art_1.3.apk
-
Size
4.1MB
-
Sample
221212-p7rcdsbd39
-
MD5
36af3b813438470a0dc1c890360e3c6a
-
SHA1
c8cb5654e1bb031bc337d3501ffce2ad7fd0a437
-
SHA256
0f41adb9d470c2450c2987c1c6b3a2ddcf8bcc47fad7a54ee4ec064afd0b8a3e
-
SHA512
f0a0b9e05759f71dade7e81639f705462b81bb01d709d47a48691bb837536a959677ba5a82d7b8c9634d6d256f5d1da1d5a85c47f60f35b5219245a08c647a3d
-
SSDEEP
98304:PrSSze0+HVciXp0wxsPgdsuGnRCCO+8Lz31JqhVEgaCZtzT:TSSi0wciXp0w2JxRe+8H31ojFJX
Malware Config
Extracted
joker
http://thoroughly.oss-ap-southeast-5.aliyuncs.com/artpainting
Grant permission to use all features
https://cxjus.oss-ap-southeast-1.aliyuncs.com/af2
https://cxjus.oss-ap-southeast-1.aliyuncs.com/fbhx
Targets
-
-
Target
Paint Art_1.3.apk
-
Size
4.1MB
-
MD5
36af3b813438470a0dc1c890360e3c6a
-
SHA1
c8cb5654e1bb031bc337d3501ffce2ad7fd0a437
-
SHA256
0f41adb9d470c2450c2987c1c6b3a2ddcf8bcc47fad7a54ee4ec064afd0b8a3e
-
SHA512
f0a0b9e05759f71dade7e81639f705462b81bb01d709d47a48691bb837536a959677ba5a82d7b8c9634d6d256f5d1da1d5a85c47f60f35b5219245a08c647a3d
-
SSDEEP
98304:PrSSze0+HVciXp0wxsPgdsuGnRCCO+8Lz31JqhVEgaCZtzT:TSSi0wciXp0w2JxRe+8H31ojFJX
Score10/10-
joker
Joker is an Android malware that targets billing and SMS fraud.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Legitimate hosting services abused for malware hosting/C2
-
Reads information about phone network operator.
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-