joker | a4887d5734e90ef773b20a6f22cbca190ec76b5f4c00060f6cdb980c91308783

Analysis

max time kernel
1816254s
max time network
108s
platform
android_x86
resource
android-x86-arm-20231023-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
submitted
26-10-2023 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4887d5734e90ef773b20a6f22cbca190ec76b5f4c00060f6cdb980c91308783.apk
Size

13.4MB
MD5

c28d628b559e9f5f354e7f38137c5b4e
SHA1

6cb8d769c8a8e7a8aa615d631e38be06a2e0c2c1
SHA256

a4887d5734e90ef773b20a6f22cbca190ec76b5f4c00060f6cdb980c91308783
SHA512

ef7f9ef9a42f2faa32d32af4dbf67e92c33b3f3149cad177b1dff872e12b35287847d15e65696b3c345ece5414a8d76eed13f6262e08ab3a77bd47fd0023755a
SSDEEP

393216:s9o6d2bGntbD+ao+Naxzmclxd+RYkD0OKTfeGa:Z6dAGtPzo+Em0YRYmy0

Score

10^/10

joker evasion infostealer ransomware trojan

Malware Config

Extracted

Family

joker

https://weco2.oss-me-east-1.aliyuncs.com/smiple_4yue

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
Anonymous-DexFile@0xde777000-0xde778d8c	4256	com.crispyapp.aspainter

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.crispyapp.aspainter

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.crispyapp.aspainter

com.crispyapp.aspainter
1⤵
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.crispyapp.aspainter/app_sslcache/color-book-pain-default-rtdb.firebaseio.com.443

Filesize
8KB

MD5
f9f857163f9fd5e94482f5a71b0ae372

SHA1
327911fa815fcee23dee65813735dd568a1915e6

SHA256
27677a277fc5f141832ec65ddde9d817e2ed035681cd5ac1c8117e209a6a6e12

SHA512
930ccfd65db657826a4d61049e6ce1705cfdb943057869ea322c653df21f0082186cb9827af709b69af6dc732db8e27f2d23f43ffbcc1107bb8334abac75fdb9

Download Submit
/data/data/com.crispyapp.aspainter/files/PersistedInstallation1244856922508014329tmp

Filesize
570B

MD5
caecaf40307555cd583bdeea8077a3da

SHA1
5bd601995bbca0472353f9c3f4333d272b885197

SHA256
ffd74057f6ee268d776a41ea9d468ba8399bba9e8dfad47b94f63be661cb8bc7

SHA512
fbafdadd8fb1d8d726d40c36c1143798bc68b859fee75a7b9f73e83e33b2cb3d9137f18beb04cfb913744b21bd7325e10ed884541c25f88b20767907e930b4d2

Download Submit
/data/data/com.crispyapp.aspainter/files/PersistedInstallation9171102831871554328tmp

Filesize
90B

MD5
954939d917c3547e47284a00b69c8fa3

SHA1
22681dd148708ba604e5e48cabcc5c4683b45e52

SHA256
68ba2833f31b8271a5bb9c38309a0f77487614e08c72f1eb77296a3665a97c0c

SHA512
612e9ada9410cc232b19aafdfa758054a9b180651e41b59c00d1f48e6af1ee1010f475c5ad591f11ec99ce1806501190e7883c8b03fa2a60528f4cdccedfe8c5

Download Submit
/data/data/com.crispyapp.aspainter/files/frc_1:823224673923:android:005c5621a7de91c0b95db6_firebase_activate.json

Filesize
218B

MD5
aa78f41e1d387a72b8d0c50b99ae187c

SHA1
899fb1455f32b4f703cfa615c98a12d0ddcfe8be

SHA256
19612b08cffb622ecf121648198fd0b29fa103d864c5845785bee2017568d9ec

SHA512
bf21b49fa372a294676d6bf61bad8ea12dacbcd4d6a89a76d8ad78b247d59e963b0b067199ab3f5e0f22d3c66d099033208e86705f380a2bf1047d409e0cb115

Download Submit
/data/data/com.crispyapp.aspainter/files/frc_1:823224673923:android:005c5621a7de91c0b95db6_firebase_fetch.json

Filesize
218B

MD5
aa78f41e1d387a72b8d0c50b99ae187c

SHA1
899fb1455f32b4f703cfa615c98a12d0ddcfe8be

SHA256
19612b08cffb622ecf121648198fd0b29fa103d864c5845785bee2017568d9ec

SHA512
bf21b49fa372a294676d6bf61bad8ea12dacbcd4d6a89a76d8ad78b247d59e963b0b067199ab3f5e0f22d3c66d099033208e86705f380a2bf1047d409e0cb115

Download Submit
/data/data/com.crispyapp.aspainter/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.crispyapp.aspainter/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
54a5437f4590072c8f45be4b1ccd5556

SHA1
d0487736b183c29017b80cd94c3cf715073c746e

SHA256
933e530582b6cd570a8fb25db3e1d9c6e3d18ec23ee8f8b4f1291b270e914f86

SHA512
64bec38d7b208cf06f2a6d9e21a172a6b0e6341c76f244fb51cff404da543f138673f623fef5862072af6558edd69fd6bacf23966d10d80b299e26a6c3ee4aef

Download Submit
/data/data/com.crispyapp.aspainter/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.crispyapp.aspainter/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
396f36b872c64c19b588242cadd11137

SHA1
ffc841e063a55da020628accddbb7082a2a9fdf9

SHA256
b29864d6c9b5f8ce774dd42db528f45b5d64a51bde8e216af8fc3b248d00ff24

SHA512
1d2cbafa4c65f50281029facc034c3503cb1536263a7a51049cd183dbd19ed08fb656af048de93c7ed8a7e23185cc18285e4669b2f3b82fbbe087ec892060148

Download Submit
/data/data/com.crispyapp.aspainter/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
f7d08d6c3a7b1071006b10f777728a2f

SHA1
24d67ae28cf9f7e7ba9a3669107720d79bc45df8

SHA256
ef5b5d64423c9374276dab1e49bb89f4a8f12c00b8cb02e6e99954a2e46c5326

SHA512
f6b55bb1cea6c6c9837521d9d69a55c44e36687f208396d209bb8830ee02af8c20fb26bbe8f6625fea1e5e6d688c4c72235bbc0c1c06c7b5f78681cf30af0763

Download Submit
Anonymous-DexFile@0xde777000-0xde778d8c

Filesize
7KB

MD5
7b8a73470452c429671e8207c78c6a08

SHA1
4b0650c3656d476ffcc47e889e3cd3a54476b8fa

SHA256
146abcdf3571596c2be2fd9c7bd9298653399f9f61b62bbcf196c1086603665e

SHA512
9a30a8a33b68eb8fd8ae2f2553593c0de7d855c28e54d5c5243c171f1b124ecd0ed557d99b03a558c32d5c93a6fa9e3e091ab6919df6e26d6141cdd547fad13d

Download Submit