joker | d3c731f966dd4f5a86c8e17de24ba8b1cbf95ba64f47d32ed52e217d16b09a53 | Triage

Sharing

General

Target

Night Clock_10.0.3.apk
Size

33.8MB
Sample

221222-ndv8taed43
MD5

87ffd9568465dcfd410ac4c6f03b30c3
SHA1

7ec24583b39d7e4243dadc197ee3b40babe3c7ba
SHA256

d3c731f966dd4f5a86c8e17de24ba8b1cbf95ba64f47d32ed52e217d16b09a53
SHA512

b142e9c04a0541e550a8eb84d287b08332a0ea073502dbe56c5c1319bc78497cd315954a9a9c31c1d4c1b2b20b0062433d319d15c4b4834c7f69d2231ed0590e
SSDEEP

393216:PxHOSpdE41M/fBHyfpBfR12mcAFvDCQ08DZ5upabQJe11avkqmgysx:ZHOYm41G0fpBp12mCQ08DZUI1q6i

Score

10^/10

joker android evasion infostealer trojan

Malware Config

Extracted

Family

joker

C2

http://limited.oss-ap-southeast-5.aliyuncs.com/digital

https://kbnt.oss-ap-southeast-1.aliyuncs.com/af2

https://kbnt.oss-ap-southeast-1.aliyuncs.com/fbhx

Targets

- Target
  
  Night Clock_10.0.3.apk
- Size
  
  33.8MB
- MD5
  
  87ffd9568465dcfd410ac4c6f03b30c3
- SHA1
  
  7ec24583b39d7e4243dadc197ee3b40babe3c7ba
- SHA256
  
  d3c731f966dd4f5a86c8e17de24ba8b1cbf95ba64f47d32ed52e217d16b09a53
- SHA512
  
  b142e9c04a0541e550a8eb84d287b08332a0ea073502dbe56c5c1319bc78497cd315954a9a9c31c1d4c1b2b20b0062433d319d15c4b4834c7f69d2231ed0590e
- SSDEEP
  
  393216:PxHOSpdE41M/fBHyfpBfR12mcAFvDCQ08DZ5upabQJe11avkqmgysx:ZHOYm41G0fpBp12mCQ08DZUI1q6i
Score

10^/10

evasion joker infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

jokerevasioninfostealertrojan