joker | 8c2e3c0c7fd591f1377e9318fbcfbcae85db4875a2f405b99da46edf9b70eefc | Triage

Sharing

General

Target

Phone Cleaner Lite_2.1.1.apk
Size

3.9MB
Sample

230121-vchpnaeh9x
MD5

017613c945f5b8f07ea88dce7629a1ff
SHA1

5da104368c047b40ba07aace5bf21f38ed10aec7
SHA256

8c2e3c0c7fd591f1377e9318fbcfbcae85db4875a2f405b99da46edf9b70eefc
SHA512

7708f0ed3bb2a8f09be525519ef30c6d47b406088fb1e2906852028b490777efce8cdf4765546c6f35870b544e6349f2d87254a55f8c100b5c665abdc823cbad
SSDEEP

98304:ZalsueP6Gt15eSye4RHIKWLdNA3u/l7JMTndWvfrBwJ:ysuXy1wq4RHInLM+/l7I2w

Score

10^/10

joker android evasion infostealer trojan

Malware Config

Extracted

Family

joker

C2

https://weco.oss-eu-central-1.aliyuncs.com/simple

https://weco.oss-eu-central-1.aliyuncs.com/test_kbnt

Targets

- Target
  
  Phone Cleaner Lite_2.1.1.apk
- Size
  
  3.9MB
- MD5
  
  017613c945f5b8f07ea88dce7629a1ff
- SHA1
  
  5da104368c047b40ba07aace5bf21f38ed10aec7
- SHA256
  
  8c2e3c0c7fd591f1377e9318fbcfbcae85db4875a2f405b99da46edf9b70eefc
- SHA512
  
  7708f0ed3bb2a8f09be525519ef30c6d47b406088fb1e2906852028b490777efce8cdf4765546c6f35870b544e6349f2d87254a55f8c100b5c665abdc823cbad
- SSDEEP
  
  98304:ZalsueP6Gt15eSye4RHIKWLdNA3u/l7JMTndWvfrBwJ:ysuXy1wq4RHInLM+/l7I2w
Score

10^/10

joker evasion infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Reads information about phone network operator.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

jokerevasioninfostealertrojan