joker | db8f4f6d6858f0ed5e255966cdc1fdcd57aa029f659639629d17fde9d4790944 | Triage

Sharing

General

Target

Smart Screen Mirroring.apk
Size

6.4MB
Sample

221213-ksqp4aha5x
MD5

b4840c67ac46972d7adb718d4fe7dce6
SHA1

9ac0f913e1c975a9a715cbbd8bc6a35e78e09e71
SHA256

db8f4f6d6858f0ed5e255966cdc1fdcd57aa029f659639629d17fde9d4790944
SHA512

d9e3e60d9a17da994729cfd4d1aba2d05178a6e344d9b958d4eab2768a896359a933d51180797d48ce3644b31da17c92d63487971e020970f9546218904060d0
SSDEEP

196608:OpQ6myieWM3B2cqTE93ggz59bNltiwGJvqTCXNUE:Op/mzaYcqTE93ggz3bNltiwG7GE

Score

10^/10

joker android evasion infostealer ransomware trojan

Malware Config

Extracted

Family

joker

C2

http://careof.oss-ap-northeast-2.aliyuncs.com/journey

https://cxjus.oss-ap-southeast-1.aliyuncs.com/af2

https://cxjus.oss-ap-southeast-1.aliyuncs.com/fbhx

Targets

- Target
  
  Smart Screen Mirroring.apk
- Size
  
  6.4MB
- MD5
  
  b4840c67ac46972d7adb718d4fe7dce6
- SHA1
  
  9ac0f913e1c975a9a715cbbd8bc6a35e78e09e71
- SHA256
  
  db8f4f6d6858f0ed5e255966cdc1fdcd57aa029f659639629d17fde9d4790944
- SHA512
  
  d9e3e60d9a17da994729cfd4d1aba2d05178a6e344d9b958d4eab2768a896359a933d51180797d48ce3644b31da17c92d63487971e020970f9546218904060d0
- SSDEEP
  
  196608:OpQ6myieWM3B2cqTE93ggz59bNltiwGJvqTCXNUE:Op/mzaYcqTE93ggz3bNltiwG7GE
Score

10^/10

joker evasion infostealer ransomware trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

jokerevasioninfostealerransomwaretrojan

behavioral2

jokerinfostealerransomwaretrojan

behavioral3