joker | 4b3a1ead0e69cfede004b0fdc25e3bb4c8ebb0481671a97844311526f47e21b7 | Triage

Sharing

General

Target

Effect Voice Changer_30.12.2.apk
Size

26.5MB
Sample

230109-sr3x2aef74
MD5

2b10e04a521f354a9ddf2171069a6ba0
SHA1

eef927bc157cc2271cad347ff918942587808bdf
SHA256

4b3a1ead0e69cfede004b0fdc25e3bb4c8ebb0481671a97844311526f47e21b7
SHA512

e3370d832c765d8eadff4c5377e4703ef94b3b4e1112da2e1a86f735cc9a91aa9bc3a9ca9c7b55e89e9268543b279f4ddb7cd400d6a8cdbf058e8388427e6c19
SSDEEP

393216:ZSKP32yHq12IyWBKqkrQkC+XqlOF0zlfuj22nbQiJ6ljNJccDq1HsYVAFOSu:sKPXH+CWQqSQOezhuj22nbQi8lNqKjOJ

Score

10^/10

joker android evasion infostealer trojan

Malware Config

Extracted

Family

joker

C2

https://adcbk.oss-eu-central-1.aliyuncs.com/af2

https://adcbk.oss-eu-central-1.aliyuncs.com/fbhx

Targets

- Target
  
  Effect Voice Changer_30.12.2.apk
- Size
  
  26.5MB
- MD5
  
  2b10e04a521f354a9ddf2171069a6ba0
- SHA1
  
  eef927bc157cc2271cad347ff918942587808bdf
- SHA256
  
  4b3a1ead0e69cfede004b0fdc25e3bb4c8ebb0481671a97844311526f47e21b7
- SHA512
  
  e3370d832c765d8eadff4c5377e4703ef94b3b4e1112da2e1a86f735cc9a91aa9bc3a9ca9c7b55e89e9268543b279f4ddb7cd400d6a8cdbf058e8388427e6c19
- SSDEEP
  
  393216:ZSKP32yHq12IyWBKqkrQkC+XqlOF0zlfuj22nbQiJ6ljNJccDq1HsYVAFOSu:sKPXH+CWQqSQOezhuj22nbQi8lNqKjOJ
Score

10^/10

joker infostealer trojan evasion
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

jokerinfostealertrojan

behavioral3

jokerevasioninfostealertrojan