joker | 2731f0bf5887150b3348cd0f6c0acc06d087fd7d0cfb2fe1a22d968e8b967f81

Analysis

max time kernel
1665368s
max time network
78s
platform
android_x86
resource
android-x86-arm-20230621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
submitted
17-07-2023 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de-fitotrack-tdfitness_16.4.1_arm64-v8a_en_merge.apk
Size

6.3MB
MD5

9db1b61a7ec3307d34214320f7bb0bfd
SHA1

abafbf6b1f6d7760dee240bd72c4ff31cd474b2f
SHA256

2731f0bf5887150b3348cd0f6c0acc06d087fd7d0cfb2fe1a22d968e8b967f81
SHA512

9c6d0370336603e2865214e22a3521f1883a8ec33ff2764635405fc1d5a58ab1b9bc12e3c4e53797d0f08fcf8e3402c019565bf56cc45787b8d2d54bc97c7578
SSDEEP

98304:d6w8dHTog4SmGul1GZOkSi5eRl6nVTC1Iy0rC1sL5iHRh1kgoY9GoVPt:go5GuqJSQeR4vycmsLqRYgoiGo3

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://adcbk.oss-eu-central-1.aliyuncs.com/af2

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
Anonymous-DexFile@0xe6b70000-0xe6b71744	4102	de.fitotrack.tdfitness
/data/user/0/de.fitotrack.tdfitness/files/bueadlkh	4102	de.fitotrack.tdfitness
/data/user/0/de.fitotrack.tdfitness/files/goosds	4102	de.fitotrack.tdfitness
Anonymous-DexFile@0xe33fa000-0xe33fb744	4102	de.fitotrack.tdfitness
/data/user/0/de.fitotrack.tdfitness/files/bueadlkh	4102	de.fitotrack.tdfitness
/data/user/0/de.fitotrack.tdfitness/files/goosds	4102	de.fitotrack.tdfitness

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	de.fitotrack.tdfitness

de.fitotrack.tdfitness
1⤵
- Loads dropped Dex/Jar
- Removes a system notification.
PID:4102

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/de.fitotrack.tdfitness/app_sslcache/fitotrack-b707e-default-rtdb.firebaseio.com.443

Filesize
8KB

MD5
af8d2175836963852600c74964f3e865

SHA1
cde08267c5e8969f2a09b06a31d2ffcf4cb0d8b4

SHA256
b6723739fadbaa2fbaf853d94f7295a8f405c681e9bfd31ec2c3422f25b2a2b9

SHA512
2a9b9a0a219503c37c44c057d83cb4005470b1b138767d8bd05d83d62b3700ab6b4d50ef80bac359cae3c5c89aa7cfdc95de583bf294a0ae5c9692378d9af530

Download Submit
/data/user/0/de.fitotrack.tdfitness/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/de.fitotrack.tdfitness/app_webview/Web Data-journal

Filesize
1KB

MD5
a74b709efc5b6197f0526850910c7112

SHA1
e732b05e5247e4f9c2ed75839bc93caa3d415208

SHA256
59ef059518bf9688e03d142ebd06e80a5f38df47b83e3a18206e248a6da2509b

SHA512
ce6210dfb12764b42148fe8bf2e8a92144ff21ab564085208ceeb198b6f93000ee8ca45a7b215f4a2f59f9aedb9ace2f4b2630be502b19a45b83db9131105d43

Download Submit
/data/user/0/de.fitotrack.tdfitness/app_webview/metrics_guid

Filesize
36B

MD5
a50a4617c5e44535b8c799b4fb0145dc

SHA1
87333dff3e476fd870033210b6b930e2b9b40aa7

SHA256
dd33c20d60f3a4377aa83da884cdff28444a0d5ad59dd8d27975504e3f2434e7

SHA512
055b429b1880030dc51336179b043fd7d8a19aea4c2bcc5ab6ca31ca4046620e297e57c63bf37b4bd43df7cd28cc5097094f5734ec87581a956949682d4c37c3

Download Submit
/data/user/0/de.fitotrack.tdfitness/databases/fito-track

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/de.fitotrack.tdfitness/databases/fito-track-journal

Filesize
524B

MD5
6824dd803eed3720e2a759f10d4b308d

SHA1
97d077b6ed08330f8dfb585c8b8676c576c5134f

SHA256
aa3041847bf9c65041ce09e5816a4ee28a16470cdf10026a89625bbcdd2b52e0

SHA512
829c670e8c26f3a5bde81924d89733244045d7b3d722bb2f8431017ab62dacacf4747bdc7b9e1fa7c46215e32890ba9701604f366eeeb982f6747e6524738eed

Download Submit
/data/user/0/de.fitotrack.tdfitness/databases/fito-track-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/de.fitotrack.tdfitness/databases/fito-track-wal

Filesize
80KB

MD5
1c8391c572ddda9b673d4ae664d5bb93

SHA1
18ee3c75868159cd5c8a3da5e7dad963076bc6f6

SHA256
c9d566a7c57715a683b336abcdabb527c05d6559b683048a88a9febe3f2fa4a8

SHA512
e806ed1999e89f6f811eb38faab43a7bc0a0d49c1bd3f3fae75704d851dd536b6f9ded5b5d0d41957ce1dac357fe6a976d3bdb677b41b418a386d0bb48c6a46f

Download Submit
/data/user/0/de.fitotrack.tdfitness/files/bueadlkh

Filesize
4KB

MD5
072fe7ff4453429ae655c1bd90d9d8be

SHA1
6a1a56f137ed6ff695754fe8a370cfa745115103

SHA256
adc16955321278a75fc11a0714cfdec0f6f6b9fea84e025c5eef8b3caa62a82d

SHA512
6e639070705492b41750c00843f4cdab563c67ec8ed8e13a628aff1a024a068af32499d1caacbc9cd7e07f2f8ca22719385814fe54c9f559bca6ef6c65ef1f32

Download Submit
/data/user/0/de.fitotrack.tdfitness/files/bueadlkh

Filesize
6KB

MD5
8eea8e03fcfd8b34a500f5320c3db248

SHA1
0c97211e6b894a2bc57ffc600082b13a1afcb868

SHA256
8a85091e7b082dc1508b08bfdd2bc6f66625c89b8e11a496b140add85a59410d

SHA512
184d7801fc93bc99139ec6bca6f953039f274ba692a1b5a5006e10e1cb4436ba4ec134a079d215247cfd10a3e316bd2f314bd245d9bd187f9cd1e92b86ec9d41

Download Submit
/data/user/0/de.fitotrack.tdfitness/files/bueadlkh

Filesize
6KB

MD5
8eea8e03fcfd8b34a500f5320c3db248

SHA1
0c97211e6b894a2bc57ffc600082b13a1afcb868

SHA256
8a85091e7b082dc1508b08bfdd2bc6f66625c89b8e11a496b140add85a59410d

SHA512
184d7801fc93bc99139ec6bca6f953039f274ba692a1b5a5006e10e1cb4436ba4ec134a079d215247cfd10a3e316bd2f314bd245d9bd187f9cd1e92b86ec9d41

Download Submit
/data/user/0/de.fitotrack.tdfitness/files/goosds

Filesize
32KB

MD5
fd93701cc6b335378bfec52508faa731

SHA1
9d47ff02913e0f12339aeb7c8d897c02febaed38

SHA256
5318f3f3f5ebeec8d782da558e66fa3ab3e654273925594a284533a19409b35d

SHA512
5464d74b9b8810ca1618bcf612a24fee98659902f97399014cf824995450b8ac4e4cb1866955695cbc0eb05b610865ea34e85003b39689b919dcd7b2c77c0817

Download Submit
/data/user/0/de.fitotrack.tdfitness/files/goosds

Filesize
68KB

MD5
a19e2575d95dcd0749fcbf5b2dcbc3a6

SHA1
bbd93c14a8d14c0c63aca3aad3917473ec0565ee

SHA256
11f5b0edc5519c4ff70005fc721089fb595203e48cf9cdb2bd909f051db98f01

SHA512
f2a50f9f82b8dc50906be5b57f83e7508ec509a298b24e1254c026e55a2b498d605f91463916f9cce9820a2425ba1da68d00a3472159eb18585dc54f5ce08fab

Download Submit
/data/user/0/de.fitotrack.tdfitness/files/goosds

Filesize
68KB

MD5
a19e2575d95dcd0749fcbf5b2dcbc3a6

SHA1
bbd93c14a8d14c0c63aca3aad3917473ec0565ee

SHA256
11f5b0edc5519c4ff70005fc721089fb595203e48cf9cdb2bd909f051db98f01

SHA512
f2a50f9f82b8dc50906be5b57f83e7508ec509a298b24e1254c026e55a2b498d605f91463916f9cce9820a2425ba1da68d00a3472159eb18585dc54f5ce08fab

Download Submit
/data/user/0/de.fitotrack.tdfitness/files/recorder.log

Filesize
65B

MD5
8ae2c95728479a1a3eccec3ce22ee73c

SHA1
4a3c22b8bd765acc038e8f42ab37f1ab99c6aff1

SHA256
eae4f030fbc94a9a66a322da6b1b4bfc6c2615f2da1a365603977cb2491550c5

SHA512
57e861b1f5ad7aaa43d805ea6b56ef4d9fefe18d6fae6567a158b6f8ddc4050e363edd95f20f1c19a2d75514b16381767f2c47d2e0d4d04146b100f9e7b710bb

Download Submit
/data/user/0/de.fitotrack.tdfitness/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/de.fitotrack.tdfitness/no_backup/androidx.work.workdb-journal

Filesize
524B

MD5
3802a8e6dda39e1297ff539512084196

SHA1
6312c97f6318d98da8a2e69caab948e50087b9ae

SHA256
9a234ece31d96ff77f650c5b5b60fd1cfd8783bee9c8edec502083b8a96663eb

SHA512
b002d2d96867376b3ee654b7f68c9174e2f6a84008918129974c2d78b4dae7d96ab38d7a9f2308828968402af1958f44178ab18609810052ac8f3dfe7152e96e

Download Submit
/data/user/0/de.fitotrack.tdfitness/no_backup/androidx.work.workdb-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/de.fitotrack.tdfitness/no_backup/androidx.work.workdb-wal

Filesize
120KB

MD5
aad107987e4df1b16ca5549c6621361e

SHA1
3e26bbaeaf791176ccd22a6d59840ff0936c3eba

SHA256
33bd98e91ab2e6a80e69b432be7dc66cc5c2e53b18043eedec8cac90fac9d06a

SHA512
0508f3d502b178c2c060dcba52f20e6995dfa06a0cd1e9b702ff2b32f22b7fdab7bfa4a1311393bbae8ec3871e63db616edb2073ec3b2867af8070efe403666e

Download Submit
/data/user/0/de.fitotrack.tdfitness/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/de.fitotrack.tdfitness/shared_prefs/de.fitotrack.tdfitness_preferences.xml

Filesize
114B

MD5
ea8a01c3b7ec2316b247d621e6eb2052

SHA1
e4171a3a7368fd2fba2336e052402c962db5c6ca

SHA256
8097cd9b4a1499052bbb741c0cfc9ff38bbce8afa08fcb5f2a81dab58c2edaf7

SHA512
5e6220298cc5abde62492c04a2c837ee2c5608f65e15e154f264cdfe255003ace772084daf974d31e86c42b34ef92f6b5555fb9c018b03d8ecd7eecdf3bebdb3

Download Submit
/data/user/0/de.fitotrack.tdfitness/shared_prefs/de.fitotrack.tdfitness_preferences.xml

Filesize
162B

MD5
5094f63d523657237fa981f944c689dd

SHA1
7201918810b0446ac3d6a43413c04780788ed867

SHA256
3170506adfab14e0dc64ff34641ae52b7ecaea0bc1b402b3a1ebe6ffa72da95d

SHA512
c01b388af4d67b39edbef60d3f7bc51b68a462dc15fa464e6ffd67620a0ed479fece04628d33ade916a0103771854ae56faaea295980e7ae7eb03b9e3c757d77

Download Submit
Anonymous-DexFile@0xe33fa000-0xe33fb744

Filesize
5KB

MD5
b38e9a6d5d5f1e3112fa001f871c8adc

SHA1
2c4d09dc1b1b77039bff572515acaa0a83d52afa

SHA256
3d568868ca206a9bc568dfb0e8c7229c3741df50b2c46879fd04ce42ec51aefa

SHA512
7db2115a651f76909f57cad27cb7e3050016cbb891752410c507be3d12fc1eb2928bd29a6c7b629bf7b93bd74c1912927bf305485cb99e39c0e709aed8427dc5

Download Submit
Anonymous-DexFile@0xe6b70000-0xe6b71744

Filesize
5KB

MD5
b38e9a6d5d5f1e3112fa001f871c8adc

SHA1
2c4d09dc1b1b77039bff572515acaa0a83d52afa

SHA256
3d568868ca206a9bc568dfb0e8c7229c3741df50b2c46879fd04ce42ec51aefa

SHA512
7db2115a651f76909f57cad27cb7e3050016cbb891752410c507be3d12fc1eb2928bd29a6c7b629bf7b93bd74c1912927bf305485cb99e39c0e709aed8427dc5

Download Submit