joker | eb46541e2991a20c20fca66e51a705a309e6576296c435126ac369ba41e6bff5 | Triage

Resubmissions

15-01-2023 04:36

230115-e8nmsaaa97 10

12-01-2023 09:04

230112-k1lfcafe96 7

Sharing

General

Target

Quick PDF Scanner.apk
Size

10.6MB
Sample

230115-e8nmsaaa97
MD5

1e288142a45ebe7244ab899798cea643
SHA1

078295d1cda8319ed69f64b5443e4d89705d8523
SHA256

eb46541e2991a20c20fca66e51a705a309e6576296c435126ac369ba41e6bff5
SHA512

0509d443761eb56aa9f53ca552f06ea1202917fa5daf8b0475da247b031677d363ad95e381065a09939bc2681aaf77abf82869c3d0256afea55f3d145e056d7b
SSDEEP

196608:+Ubrdcg+Cnp2yJqiHLu5OOERwQDAvpilOV8YJ/ywk3muPFoeDb7uYoeDzGOjCx:+UbJcg++p2yJ5Ligw0CswBCmuP2eLuvn

Score

10^/10

joker android evasion infostealer ransomware trojan

Malware Config

Extracted

Family

joker

C2

https://weco.oss-eu-central-1.aliyuncs.com/simple

https://weco.oss-eu-central-1.aliyuncs.com/test_kbnt

Targets

- Target
  
  Quick PDF Scanner.apk
- Size
  
  10.6MB
- MD5
  
  1e288142a45ebe7244ab899798cea643
- SHA1
  
  078295d1cda8319ed69f64b5443e4d89705d8523
- SHA256
  
  eb46541e2991a20c20fca66e51a705a309e6576296c435126ac369ba41e6bff5
- SHA512
  
  0509d443761eb56aa9f53ca552f06ea1202917fa5daf8b0475da247b031677d363ad95e381065a09939bc2681aaf77abf82869c3d0256afea55f3d145e056d7b
- SSDEEP
  
  196608:+Ubrdcg+Cnp2yJqiHLu5OOERwQDAvpilOV8YJ/ywk3muPFoeDb7uYoeDzGOjCx:+UbJcg++p2yJ5Ligw0CswBCmuP2eLuvn
Score

10^/10

joker evasion infostealer ransomware trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

jokerevasioninfostealerransomwaretrojan

behavioral2

behavioral3