joker | 3c7eec55d83a346b4f5f3f25dd9a56f5504a404f165db3fe4cb9717c7a166886

Analysis

max time kernel
1823378s
max time network
140s
platform
android_x86
resource
android-x86-arm-20230621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
submitted
19-07-2023 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4K HD Wallpaper_3.8.apk
Size

5.7MB
MD5

c49f0aee218a72e7c3ec739b289cdfc1
SHA1

affc5b85e9f4207e3fc7b9f4e0efc673036a80bc
SHA256

3c7eec55d83a346b4f5f3f25dd9a56f5504a404f165db3fe4cb9717c7a166886
SHA512

e28fff6b372f2f17ae47393784a51656f70377122f1c8dda24a1ab1a8a0db51bd4ef4321cf36da86dd7e590b60f0d435b6408e35b68036031ea505b19af63b27
SSDEEP

98304:IL5PZO+uOdbQ2mTGtdlhygelQSDUvIe/EFYiztk9sY+r8htKvfDEGgQA5grh2Zr4:6QzkVmTGlZSYQe/YJ2WYO8hkvfDEGgQp

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://adcbk.oss-eu-central-1.aliyuncs.com/af2

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
Anonymous-DexFile@0xeb5a3000-0xeb5a4718	4134	com.wallme.k4hdwallppaer
/data/user/0/com.wallme.k4hdwallppaer/files/deerlet	4134	com.wallme.k4hdwallppaer
/data/user/0/com.wallme.k4hdwallppaer/files/goosds	4134	com.wallme.k4hdwallppaer

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.wallme.k4hdwallppaer

com.wallme.k4hdwallppaer
1⤵
- Loads dropped Dex/Jar
- Removes a system notification.
PID:4134

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.wallme.k4hdwallppaer/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/app_webview/Web Data-journal

Filesize
1KB

MD5
f50bd313073d2259ac3f43a47103ca24

SHA1
3dbb9c24111b481602990171b61bf229471a8fac

SHA256
e0b8dbc32c271a3eacdd8893aa6a416d93ff91eac3a75c3492952333aeab4f0f

SHA512
ec52bafe6a93fc2f934b40931ad0744d06f1c5259a0d6175ec05a080e3793dde4f98fc9a06c6adf3fe2ecb4f58e84aefad94a5e2f68225b8d2954a4310068c78

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/app_webview/metrics_guid

Filesize
36B

MD5
c15909a37bf75e06fb8c1f17ad33aeb9

SHA1
d89c63396756ff9905dbdf6ba3624aef6c6f9ecd

SHA256
41409fd57669641d7328a3b8900cc3fdb20e6ecb1b0dfe5ee242cc4cd83bba76

SHA512
216d8a9e0eebb875d0a8c20acabd55c24f6e531c20995597dbb21bd2132f94bb475cf3c06c29c64753dba15d772647dfafdb066942736624f86357a75d76f1d9

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/databases/image_block_list.dp

Filesize
20KB

MD5
58bd419f4de1f36a540a16245e2f7021

SHA1
443bbf7003492ae227b2b334944feac16295ff33

SHA256
c59e93e6c54dd36342257681365cd584286a2188ff5ee044e5c375064cf92678

SHA512
b6996b91c98a8e440a008ac633c3a9b27e06bc41bc9ad14ee55c60d6822fb9ffb492870ae0c0933b6e91a0d6231051555eb106ba090f27e90818a15839ce866f

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/databases/image_block_list.dp-journal

Filesize
524B

MD5
a4ddce0534d354117aaa796896c4f41f

SHA1
a48b990734e54966072bd518b24d8edadfec8c63

SHA256
d364cb1ec137eebcfefd9ff8b157056d78322df42c042d75dc108806f0bcc151

SHA512
509801af401cd63342852e7d70b6232f7f2eab5ca0b498eee0cb59a726d117fd66163dcd26bcd42f2e908c5d9d2347f28689e3cff219fc74b22d52ed4a8fc22d

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/databases/image_block_list.dp-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/databases/image_block_list.dp-wal

Filesize
28KB

MD5
4e22e157ee62ae0643a70805b6907dbd

SHA1
7318e8e2a707a90989e1eb13e047ce2f4e4d55bb

SHA256
c5f02193f58b57157f0d7f70fc2f9ffef4c0933f1ff0d21abc8ed9d01e48615e

SHA512
ba073aea9aedf1a7050d7dd94a8031b6293ee448c457527c04aa1ac4b3ad7efab100a729d6cc9e66cd101faa57dc6a57b4a51142cad3e7017c41cfc610e48082

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/databases/image_info_list.dp

Filesize
20KB

MD5
8775f73bf453e40b951a1fcbdf9ba623

SHA1
4ff43acea348b840a366623d0c23fbffb619baf3

SHA256
8d3f1105c0139daade64a1583e906e957e058ab43fe1739b5ead8f763b33b17f

SHA512
18a2e3fc91ac8211166898379e40f8e2217bb998c1da8c784433feca4dadf6e9e8ddf87867c2bbe1a6559a8d6dc9802fe8938e1e325ed69728432b4edf13fdd9

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/databases/image_info_list.dp-journal

Filesize
524B

MD5
bb25ee13877b508d41e1228e255618f8

SHA1
29dfcb00f7025a24021bc559d76bdafd601518a2

SHA256
b628a72129e00ec6b1a1320b39fbd92f606b8f466d8e7abe7c6001071d2e8963

SHA512
7c13eee4567417bbae8307ae041c3bbe68a1af111ddd4a4f1889715309f3331f22ab3bcb5b9517b2157341855e6d7e161e6608ebb1830fc56a8b97766e240665

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/databases/image_info_list.dp-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/databases/image_info_list.dp-wal

Filesize
28KB

MD5
d9f601f8faaa1af3031d541ffccea09e

SHA1
c0ea09dae6141e762ca82a40e8370aeae76b95f0

SHA256
746fd20c11f794ad29a38c6963ae8fe7bef87d7c498d3d240377daf58b23c902

SHA512
1a4e0abccb359dff706038cfaec5d77c96445f9ed5b10075bce7a883b834af2b8b51745df97794f91bc9b162cdbb267113b36677402811b2b7b9065ae89372a3

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/files/deerlet

Filesize
4KB

MD5
946130377f5566e87e15749369abad5c

SHA1
fa27076c630e44471044f39b46404ade544737b6

SHA256
339b7898ba9e6c211e5f6b6f2bd3b393645727e104a4e4a08bd8a718a903b2fa

SHA512
b6d88aadb8dbf4d6b5835b8d371fd6c350e4fb2a47ae5cb84179479ebb9a829187041b06c9c07d763f2acc1ad7f8b0fd7639054185c5536eedb222cc1accbf4a

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/files/deerlet

Filesize
6KB

MD5
144a16e8fb3b58047fd51bbb07632175

SHA1
27b47a7a125b86496bd5230afbafece8df42c534

SHA256
f48f52d298435523e82ac3063ed06fc05dde1cce8038567ccb78c439f5474b9e

SHA512
9e163ee816976f447979216f27ad38d8a172861799be6bc893ba489417a09f6f8968b924bb79070868ebc326933a63491aea6969ceda027fc704cd88bee6033e

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/files/frc_1:1076353950077:android:97ee37d8aa38cd0deaac14_firebase_activate.json

Filesize
239B

MD5
a1255a7e9c7d47f3ac37da6a7377c188

SHA1
2bc85d3fb648ff2081f572ee4843244af0313f01

SHA256
b28d98a9df459bee70da41dedb433db02e6978b734191579587b9bea2966b88d

SHA512
9638aa3233f6f02cb6bd761e1bfb9da402511c5736ae3364d9c783bd002b5bc0666669b00212d7d88d011659235883c8910267d0177ea6ed4f106eb5d64ac016

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/files/frc_1:1076353950077:android:97ee37d8aa38cd0deaac14_firebase_fetch.json

Filesize
239B

MD5
a1255a7e9c7d47f3ac37da6a7377c188

SHA1
2bc85d3fb648ff2081f572ee4843244af0313f01

SHA256
b28d98a9df459bee70da41dedb433db02e6978b734191579587b9bea2966b88d

SHA512
9638aa3233f6f02cb6bd761e1bfb9da402511c5736ae3364d9c783bd002b5bc0666669b00212d7d88d011659235883c8910267d0177ea6ed4f106eb5d64ac016

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/files/goosds

Filesize
32KB

MD5
fd93701cc6b335378bfec52508faa731

SHA1
9d47ff02913e0f12339aeb7c8d897c02febaed38

SHA256
5318f3f3f5ebeec8d782da558e66fa3ab3e654273925594a284533a19409b35d

SHA512
5464d74b9b8810ca1618bcf612a24fee98659902f97399014cf824995450b8ac4e4cb1866955695cbc0eb05b610865ea34e85003b39689b919dcd7b2c77c0817

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/files/goosds

Filesize
68KB

MD5
a19e2575d95dcd0749fcbf5b2dcbc3a6

SHA1
bbd93c14a8d14c0c63aca3aad3917473ec0565ee

SHA256
11f5b0edc5519c4ff70005fc721089fb595203e48cf9cdb2bd909f051db98f01

SHA512
f2a50f9f82b8dc50906be5b57f83e7508ec509a298b24e1254c026e55a2b498d605f91463916f9cce9820a2425ba1da68d00a3472159eb18585dc54f5ce08fab

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
02713f66e0eaeab5e39ca5623618a2c0

SHA1
1ce27074e0acde74b5ec3b8c0f4f33fa23dde6c4

SHA256
59c775c2af88208b26f22d4e5cd3627022799bac238b71672c1316466a9a68b4

SHA512
20a2f92083ea4227c5e61c120e80607a30f0a380ad227bf31b323006ec94d87d32c64830033b7a557315e558c3ce721fce6a1624b3e7487c44ffc7c35f86192d

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/no_backup/androidx.work.workdb-journal

Filesize
524B

MD5
26c73b826bc7f26f02d28211296e5263

SHA1
bb76260a00e0ae0e49a3d60df52f679659078db7

SHA256
afc00fce1f1a3a1594448c7ba4b37f6f5ecad3f72d23485dfd14710a8466cbf0

SHA512
4008c93673a325859f69fc84a0c0a3b76aa8013a60087e0661ad4d05f91985cc330f1f03d3d4dbc412ce5a8511a8a3d5a83e61473359ebf15240cf0b34689dfd

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/no_backup/androidx.work.workdb-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
8cacd200914dbb737297d06c77f2bff8

SHA1
4d590bfadfb20c97ce33458c8a57517dc806452c

SHA256
6e01a0721ae5ff0a7cddef73b8e33f954b5e67cf06e50fdc48081d6a6b0986a8

SHA512
040877a5bc5ce5e0cecd73b135cc12cdcd819f6fda4e94e3b7767ca125b9befab5f3c219a99ed4fa0b2b44c310be981492cf3edbdef8c791f9164a5a436a573a

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc2MzUzOTUwMDc3OmFuZHJvaWQ6OTdlZTM3ZDhhYTM4Y2QwZGVhYWMxNA.xml

Filesize
472B

MD5
3a8dcbd4de037098ed0ed3e6231c8c7e

SHA1
957e3a95c36ef20a77aac86f68c5c7ae5a66585d

SHA256
0604b9adfe3ad683c4d7f2a975d99112265c21f291dd4ea58416d2c6863cdead

SHA512
aea63985ad58e81890d50ae9bce9ba12efed393651b4a31d0303759e837b3b949f9d8a942b532fb60bc2e666a433f49a15cf14b444a2c8f5b5adaa52f23fd1b4

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc2MzUzOTUwMDc3OmFuZHJvaWQ6OTdlZTM3ZDhhYTM4Y2QwZGVhYWMxNA.xml

Filesize
526B

MD5
b18e0d2184c388cb11893e41753e77fe

SHA1
441908fb6f1efc25974ad4f2fa6f4bde84af7424

SHA256
8880eed4c9fa121b92020a30089af3f908f8569312bcdffc214290d76e4195ab

SHA512
29b6b72fc8fe21260b8872152bffb7d21738e9a7170ba450de77a0a8d30c215644442ddb97af9b7f300d81b848dd3ae9933db1da269e4162d27a8447159a7f17

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/shared_prefs/frc_1:1076353950077:android:97ee37d8aa38cd0deaac14_firebase_settings.xml

Filesize
193B

MD5
17a804dcf8eb456240143efc82406c6d

SHA1
c6b6ce477b586e53ca3463a7aeb5dad18c0b0e38

SHA256
96c82ce1e484fdae91bae3ec2de61f1d4c15790f113d1c31d93f1e1e06eed9fe

SHA512
78a4627e7131e6d938a96995edc7b3d65c7d6bd53cb88d5bb662b6fbd86397bf90e98cfba0c420e8257b2efbf99afd95e279107b2c5098d47f18aaf861555023

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/shared_prefs/frc_1:1076353950077:android:97ee37d8aa38cd0deaac14_firebase_settings.xml

Filesize
317B

MD5
57112e70f2e02c12591ceafb0387c384

SHA1
56c029b8dd9f5c36c8f5034ab3600422ad6efb59

SHA256
0510cd9fb1643012c751caa10c1cf7e7d1a0633c45b8a80b84937aefaeae6f91

SHA512
74e1c0a0ad654dfe64af077a9cafba98745d08bf133053b149b84772d0335dedf80ae45f38e1b3431ccc31d6d8f8aeabde0b0f45011bce1a1685adc3859a0bb2

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/shared_prefs/frc_1:1076353950077:android:97ee37d8aa38cd0deaac14_firebase_settings.xml

Filesize
681B

MD5
9faa6b9d0153a1f85065dcf6245acc33

SHA1
6275a161e05eab5a9d4194e4df46f03e4302a3f0

SHA256
074fadc487aa33b009eed37b669a6c8eecc2dc676a4a7bf0acfc603209840dee

SHA512
894446fb298af9c19e54a675d5ccbcd506352462f772b759d36eb91f4f91e92c48342268a739b056d9642fd5353219b7a86c08c6ac8bdcae899179fa44941f6a

Download Submit
/data/user/0/com.wallme.k4hdwallppaer/shared_prefs/frc_1:1076353950077:android:97ee37d8aa38cd0deaac14_firebase_settings.xml

Filesize
681B

MD5
847c2b17aa815e5613851c60d99c8c7d

SHA1
7c79ca040a4f89a69c49a68534593367a59101fa

SHA256
f4945ca17399e48dcc8de70ab6a70c0bc74afd9a9a5dce5caf67727c8ba37c1f

SHA512
588fad424828b5469290b94df73684f4083b5272da2c54d74ba3dd1cbf2a7a8e790262577b8e4db35b55d699dee4a3f2ecf4dca8506f788cf2068cd1c357a1b6

Download Submit
Anonymous-DexFile@0xeb5a3000-0xeb5a4718

Filesize
5KB

MD5
e689c366adffcac2cbefa7018ae68361

SHA1
c8e6bb97ad58776e48064d55fd0e5f483c8c8834

SHA256
655a01e7caa0be4e139e4738a2bee6c31ee92c4396ee2728f194ab8114a137f3

SHA512
68ce779c7415da311ee17b7f7b4ec8b8e44029bc2b59a243bfe8d43f7c295f4610fa72b979a53f0746f61844eb9afb60ab7b8c48c737289574c8a6955878780b

Download Submit