joker | ff8c2bcbe5beafcaf4aca4b1078d755e26e584b9e8cf5473a021b06dab84d48a | Triage

Sharing

General

Target

Document PDF Scanner.apk
Size

8.5MB
Sample

221213-kpavgaec89
MD5

d369bbc5d7cb8dfcc987e0ea5547a50e
SHA1

511eddc66847446dc992fd081419c653cc3249b5
SHA256

ff8c2bcbe5beafcaf4aca4b1078d755e26e584b9e8cf5473a021b06dab84d48a
SHA512

7d00500009d254ed5369826383660584f275d64d9a88f24bf4fd97e03f54ec4f21dd46ede815edf37448981a26c80a2d117669746fcf9c0ac61d413474f37b07
SSDEEP

196608:9+GCjxVA0s8tWLJiV8dlKJTcnMAdRPWncI:4ZkXdwJTCF0z

Score

10^/10

joker android evasion infostealer trojan

Malware Config

Extracted

Family

joker

C2

http://sightly.oss-ap-northeast-1.aliyuncs.com/either

Grant permission to use all features

https://cxjus.oss-ap-southeast-1.aliyuncs.com/af2

https://cxjus.oss-ap-southeast-1.aliyuncs.com/fbhx

Targets

- Target
  
  Document PDF Scanner.apk
- Size
  
  8.5MB
- MD5
  
  d369bbc5d7cb8dfcc987e0ea5547a50e
- SHA1
  
  511eddc66847446dc992fd081419c653cc3249b5
- SHA256
  
  ff8c2bcbe5beafcaf4aca4b1078d755e26e584b9e8cf5473a021b06dab84d48a
- SHA512
  
  7d00500009d254ed5369826383660584f275d64d9a88f24bf4fd97e03f54ec4f21dd46ede815edf37448981a26c80a2d117669746fcf9c0ac61d413474f37b07
- SSDEEP
  
  196608:9+GCjxVA0s8tWLJiV8dlKJTcnMAdRPWncI:4ZkXdwJTCF0z
Score

10^/10

joker evasion infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Reads information about phone network operator.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

jokerevasioninfostealertrojan

behavioral2

behavioral3