joker | 7f02b3b80b02d90be94f4b6d031eb43557df44e4647a03ddf8b81d8dee306b9d

Analysis

max time kernel
2114022s
max time network
132s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
23-02-2023 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Easy QR Scanner_2.3.8.apk
Size

2.0MB
MD5

f6fcce306ba26d8a357f44c440deac4b
SHA1

71861be0aede12de53557272f97ea08f0baacd46
SHA256

7f02b3b80b02d90be94f4b6d031eb43557df44e4647a03ddf8b81d8dee306b9d
SHA512

dd660e9c51ed8b78ee399ad04cfab40b964df661522c53e9b0d976d56b3a439b9cef3b9ec30ea8d6032fcc1e6d03a46d1d588fe89f645484d33f535f462aeb1a
SSDEEP

49152:S2/t2kttuxOO9EAoq8t6XFgeg4hXofr9wbs:S2/0kTuxf4Biofr9wo

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://adcbk.oss-eu-central-1.aliyuncs.com/af2

https://adcbk.oss-eu-central-1.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
Anonymous-DexFile@0xe3701000-0xe37023c4	4074	sec.simplified.qr
/data/user/0/sec.simplified.qr/files/envenif	4074	sec.simplified.qr

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	sec.simplified.qr

sec.simplified.qr
1⤵
- Loads dropped Dex/Jar
- Removes a system notification.
PID:4074

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/sec.simplified.qr/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/sec.simplified.qr/app_webview/Web Data-journal

Filesize
1KB

MD5
d1edf2f56847bb2f13ceda53e440ea13

SHA1
995336d61cf02b93056fe04de7d3b9f492a2d890

SHA256
f069b58e47299a78ef0b39764b983b0906e8a20782e83060d729a4c9ed27b764

SHA512
6315f2653c13c03edf1fb450a5648c2accb7a1031c3a96565184aa04b6f21c21703e2adf25c60aebc1db10cc7ef431ae1765ca161252dd4a89bb67d547c574c2

Download Submit
/data/user/0/sec.simplified.qr/app_webview/metrics_guid

Filesize
36B

MD5
68113d61385a6bceca45058bd33798f7

SHA1
2438c2bd26ca782d5f970581a58ff7304acd04fa

SHA256
d57cca431e7adce2ddf6b05885263871480d5311bf7f5dbec6df90309e7c60ec

SHA512
e1bef8771950aab7accf90340077ecf4ab5a1fb61b0bb9a7b8052be331d54e6001b90ac67ed5438400d00e9b39aeab74681942b8ad7dd5134ad8f654fa6abde7

Download Submit
/data/user/0/sec.simplified.qr/files/envenif

Filesize
22KB

MD5
b649d4f73d231ae3eecdc1dd5a5f0c5d

SHA1
f014e4d37ff805cefc49d5651a5183d714e0a02e

SHA256
263562079f6d86c5888171586229d2f1440e9f576f0b159bff25dc44df4b54f7

SHA512
a1a046c7090178819f2d1112994627285b20b79fe2b09b648ac896251762632fe44c92ce9892e8f0981c079c3fb17aae68a26c3771958ce57844c9c14392c48a

Download Submit
/data/user/0/sec.simplified.qr/files/envenif

Filesize
46KB

MD5
13198714188327832b1889908a1801a8

SHA1
04ddc5f648d98a7a602b820e7c0aa61473c56006

SHA256
5f26a6eb8f372e1658a373a980ee4e2770beee4a15b4d103753635bd33b6a085

SHA512
76a85221b1e47ba08f584fc65a7dcdbe95cd66a39729a26f854c0e6052897edc0a64f445c305e4e09befc42df64e6b970989066c01604e388be75357019396d4

Download Submit
/data/user/0/sec.simplified.qr/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
Anonymous-DexFile@0xe3701000-0xe37023c4

Filesize
4KB

MD5
c599c341dd0712d505501dd47afef268

SHA1
faa0e71a617874a34073f3a4eb13850f683b0e50

SHA256
b97d5c22d73b7a699dc549192215de6b8ee7f3a93b816a16ae58d8d03ad698f3

SHA512
80f43f817ce27fcaf071d62ce7251424acaa85505a5e43647fbc00baea9e5c8a6d10fe27e60ec0315acf1531f2245d005805ffbefd900351ca019ba3a48d9b16

Download Submit