joker | 2731f0bf5887150b3348cd0f6c0acc06d087fd7d0cfb2fe1a22d968e8b967f81 | Triage

Sharing

General

Target

de-fitotrack-tdfitness_16.4.1_arm64-v8a_en_merge.apk
Size

6.3MB
Sample

230717-lt3xgsbb65
MD5

9db1b61a7ec3307d34214320f7bb0bfd
SHA1

abafbf6b1f6d7760dee240bd72c4ff31cd474b2f
SHA256

2731f0bf5887150b3348cd0f6c0acc06d087fd7d0cfb2fe1a22d968e8b967f81
SHA512

9c6d0370336603e2865214e22a3521f1883a8ec33ff2764635405fc1d5a58ab1b9bc12e3c4e53797d0f08fcf8e3402c019565bf56cc45787b8d2d54bc97c7578
SSDEEP

98304:d6w8dHTog4SmGul1GZOkSi5eRl6nVTC1Iy0rC1sL5iHRh1kgoY9GoVPt:go5GuqJSQeR4vycmsLqRYgoiGo3

Score

10^/10

joker android evasion infostealer trojan

Malware Config

Extracted

Family

joker

C2

https://adcbk.oss-eu-central-1.aliyuncs.com/af2

Targets

- Target
  
  de-fitotrack-tdfitness_16.4.1_arm64-v8a_en_merge.apk
- Size
  
  6.3MB
- MD5
  
  9db1b61a7ec3307d34214320f7bb0bfd
- SHA1
  
  abafbf6b1f6d7760dee240bd72c4ff31cd474b2f
- SHA256
  
  2731f0bf5887150b3348cd0f6c0acc06d087fd7d0cfb2fe1a22d968e8b967f81
- SHA512
  
  9c6d0370336603e2865214e22a3521f1883a8ec33ff2764635405fc1d5a58ab1b9bc12e3c4e53797d0f08fcf8e3402c019565bf56cc45787b8d2d54bc97c7578
- SSDEEP
  
  98304:d6w8dHTog4SmGul1GZOkSi5eRl6nVTC1Iy0rC1sL5iHRh1kgoY9GoVPt:go5GuqJSQeR4vycmsLqRYgoiGo3
Score

10^/10

joker evasion infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

jokerevasioninfostealertrojan

behavioral2

behavioral3