joker | 21d50eb0f59d497c65f46ac1ead62af331c957f0133daeca5f3662e4bae5238a

Resubmissions

06-11-2023 10:57

231106-m2e13acc53 10

02-11-2023 09:23

231102-lcq7csaa6v 10

Analysis

max time kernel
2756237s
max time network
105s
platform
android_x64
resource
android-x64-20231023.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
submitted
06-11-2023 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21d50eb0f59d497c65f46ac1ead62af331c957f0133daeca5f3662e4bae5238a.apk
Size

4.4MB
MD5

a4fb036a7460c9e15b3b779f9db3fe6a
SHA1

a827e9a713b8f46d2d5adcb18e181b8572a7caca
SHA256

21d50eb0f59d497c65f46ac1ead62af331c957f0133daeca5f3662e4bae5238a
SHA512

bd32354a02a2089511c7b884754185b0ed5ecb894aa2a02a08b93424592bfb36e61c22ddd6d80a413ad5f51e7a17852eefe2cc3a8d4184ef859a8ebefefb2cea
SSDEEP

98304:c6awMfNJzamCitccFqX6Zs+YxcVEYy72sDqa4i/JZw0LCrp/H06/:wfN91CiSwqX6s+nER/D2KJZx6/

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://weco2.oss-me-east-1.aliyuncs.com/smiple_4yue

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.enber.gareapp.translator/[email protected]	5125	com.enber.gareapp.translator
/data/user/0/com.enber.gareapp.translator/files/nnoosb2	5125	com.enber.gareapp.translator
/data/user/0/com.enber.gareapp.translator/files/nnoosb2	5125	com.enber.gareapp.translator
/data/user/0/com.enber.gareapp.translator/files/nnoosb2	5125	com.enber.gareapp.translator
/data/user/0/com.enber.gareapp.translator/files/nnoosb2	5125	com.enber.gareapp.translator
/data/user/0/com.enber.gareapp.translator/files/xddmama	5125	com.enber.gareapp.translator

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.enber.gareapp.translator

com.enber.gareapp.translator
1⤵
- Loads dropped Dex/Jar
- Removes a system notification.
PID:5125

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.enber.gareapp.translator/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
d6d558e0525ac42a5ce30ae8217deace

SHA1
129f9b07dbfc0aec7415517d97772f58f619e788

SHA256
55f5ea27552b8d529bc82bfc1d2a5cdf395cdf1fe4238a69f365cf9d26dfe286

SHA512
2d9461ccc5857cced4fa763c6cf5fb349f31356271d909b6d30e7ae6126eb1c154adbdb5cfb48f2542d94cff994c7e4ceef41aa6f7251edbfdf924fef2446512

Download Submit
/data/data/com.enber.gareapp.translator/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
51659bd5d7d71efa5e3c3cf2e26cca20

SHA1
5666191fa479eaf81cd0752358d1919a73483585

SHA256
b6f73574b76e4013e46b65aa4fb47cfbcaf7da3906b176da66bda955f7373d16

SHA512
3936af6053c61f3efe03ea054176471d3e41c0a2fcd7f3f9b436a28303ebf9cf7b99220b55b6ca36691154adca783db15a17d4e6fd8a15520598365b40359f58

Download Submit
/data/data/com.enber.gareapp.translator/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c94cf66c1f60ac20022a56e47eebf8ad

SHA1
6aaf5545dcbef1333f78a3ffe04270771edd2ba3

SHA256
e6b92a9eaa6d8d9bcfbf3d4bd09a9189479072fbeffadfef727bf44c96befb84

SHA512
d08021ce164155251839115e88d9a6fe27c962fb13d8feef2267868580b56748006594ea67c21c99d994987e3a4d95ef7c34973fbabbf8bc16de86f4434279df

Download Submit
/data/data/com.enber.gareapp.translator/databases/com.google.android.datatransport.events-journal

Filesize
16KB

MD5
995f793c22609aa61e7331b3d9414b56

SHA1
d1c04009d645f75ffedd972e02eaa233657fa5ce

SHA256
a82e63058b0d2922f238309708f77f4a08179c1b0cea0e939b4b2d78e823760f

SHA512
6f65042012f5f065450f37b93386e9504b67411ff6ab15fc9e3d3d1beffa3a23ae5c3c65a2d9a853012add9c63dbcc2c997094f2c5bf87313c1e361d0e864672

Download Submit
/data/data/com.enber.gareapp.translator/databases/com.google.android.datatransport.events-journal

Filesize
20KB

MD5
c6c2010ecca40ffd42f3697be2bb75b9

SHA1
ec2da147b788a6b7f9a9af93f29c9100991ee054

SHA256
18130dcafab61852db060919e032db18158253748a5f3438293cef6307733768

SHA512
2443b8b872ddf7862c74426b6e86749f0046bf0ef650c6142e73f2436e7eee63da9fabd23e8f50cfcff4f827f577974d54787d36680273327cedad90f267004b

Download Submit
/data/data/com.enber.gareapp.translator/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
7bca08855d05f37106716a1cf82c5ad9

SHA1
efc0f16c9e682373a2020d7a69134910066d68b5

SHA256
324165168e410492994562ed42e92a147b52bff8b00e71b5550f30535d7290ee

SHA512
966eaab8c5a47adb3d70fa61026292c19f517115d7797bdd98f8aaf1b04de40a45333a63e48553334968c577c128f5beb799f0bf2ebcb9bfef07834121f07b7c

Download Submit
/data/data/com.enber.gareapp.translator/databases/com.google.android.datatransport.events-journal

Filesize
24KB

MD5
bc0ab9a089ca48b74bde9ac18fc892a0

SHA1
ab82fe4af112a0ca8d42e2b06f5e01d28280ee87

SHA256
8884613115ca65e5a9a334b6cd0f9d25e83f168144a3675c18c5b623665326be

SHA512
e7faf79a590d72edf852e618937116b4d54802ac8ba0067a0cce177b6ce297aa9a6ac8b17b096c113036604ddc8e0c8a864eb44cc510831d6afef36f36270961

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6e2a11748b01fc874a8fbf079768b19d

SHA1
2eb4f7a5b24deca8a7f13219d5dd634bb073c9e7

SHA256
bd378aaf38b9d81a35627be5a358bad1efe22d8236f61ae7cf65fa08ff25ca3f

SHA512
d6db0001a822cf5f1aaae92f08fa7d8b77920fbf33a82e407332c4c2300a959c976cbfc8ecaceee656f5939f368b3902b8e39106e03561428878ff552caff009

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5054260f5a1c057575435ff56482e177

SHA1
0c90388ce90376f5b674882248c9dbe920b65a27

SHA256
8968824c958d420a25b1fe22b3414be08e0bf3943e0d2d3d6247dfc07434062f

SHA512
d3ae4ba85690d5ecf5e89b7f137a1f6e05facfa3bfcc2db3654fad1d2a82fdbb16d42d8f1202e029f1621017725973b1432bc3c5287773e18bc9008535d5bdb6

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db

Filesize
16KB

MD5
45e2e20cc1a017bc128dc1ad7b9f125a

SHA1
23a23767c48ae0996d35b6d2fce446589987479c

SHA256
92c4e79830ab283f93cf76c5b5d88f946db8ba7612bc870b0a2fe52382a9347c

SHA512
4863ad43026c99ab30c5a9e212cfc6388036dab7c88fc0bcd8aa4d38fb2987652cc09e37c630bfbc0c5d9a279308c5c0faacd6a14bce45039618acc79bd7e56b

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7c4f9272053033e6af55e1b5f1eb1fbc

SHA1
54b8db7af1fcac583f04e6a177534e540220bedc

SHA256
5925fbdf941035b73d1af513f61bd888565e7eba748abed35738ca6aeafdda2f

SHA512
3498dd863322e6c6d20a7a73b4fc259d103158dbac0b6817e16e3bec862d2b71d2f1c54cc3286408af58ca7fa095f7618f5c03eb09b747df89ac9c932b43d9f2

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db

Filesize
16KB

MD5
036fb9abe937763e3dc8de0a7f726d39

SHA1
078883d886715eacfee043230a81118630883fba

SHA256
340fb475122975e1bb2db75722b4014da7bd4889047e0564952546f76501332a

SHA512
64a2cc007d2b7eaafaffdd31617f3195a0d12dd6d1aef57786bd0c8c125ef048e2b97c5c792426a74f163d7b6d6bc43be1dc6a901db099cbc55d386489650bf3

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
93fe8196933f18c3d22961b31dd56feb

SHA1
4439cda5fb30bb87dcb5e7ec66ae3390dd6be5ea

SHA256
c51e4d0b6cb15d51da1ee039d7bbb0b33a1a2f41e4c8285bb7738faa24d0135a

SHA512
d659bebb83bc301a2b5433edd90e6e70dea6ff4e058aa27b4213cbc06662929b520a4fa69c0eee7ba2484143cd96a013f619c689f4837864f793878ac3ba8a58

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5622e52f09452669a0682938a322f864

SHA1
88194facd50fccf58b60095cc0611e818677a9a8

SHA256
9da45c46f6f4379781a25f44ae926e5c7d647e39c718433a933331d55e907589

SHA512
773e3481b45744320d6208c230369abffac30795dfacbb9f33ce10e41434e8abf224f044437fc2a06fbe8abeb265c311e1802e83987e632fb7c7a944547e2c24

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
3316685f87664269c5bbb60043cba1e9

SHA1
1ed4d373506383ee7bf41241b3ac26ddc8546973

SHA256
45964309005d88b2e313eccfc2ad8c8c93e3f6ece9ee9b2705e5389859bdf44d

SHA512
67f5662e3ca6602b7468a0931be6963b0e74251ba9ffb817d607fe3b18809893d4e302b5d7e3d0d96bff85c76c3a3c8c4d613ff09b2eec047137357fdc1030b0

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c91dee246785db7a4b1c62de90d8db40

SHA1
eb4544223b669cf594b919232718cbddde3830e7

SHA256
f868817ee630b92598a402545b245f3120d3037399f1c6cd7c5bd3e0780bbd89

SHA512
b08cfd780550250d9d1a1f4c48044696a5719e1472dfe8f8cd18c56505db1a9dd10f7a0e798db5a1789c200f7c0f32b5470484645ea3d165ebf1e6824d8314e5

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
58d3de757ecebfa3548f20e075a3ce49

SHA1
aee4c39d4ef3d9a7452b27ccc65b0a77c33638d7

SHA256
4a3672617d83fa4b543593280cefb5111050f1d6572f784fc1d6126de83f5d97

SHA512
43f12cb2069249b1ea9f2a9e50566a7f20bc663b25e8bf045a54a22a74019dc7c3d3f887de064a193d53003e10f2b3e683531fabf751ad61020d350980f40c83

Download Submit
/data/data/com.enber.gareapp.translator/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c32dd6838d8f70028a000321f0690a11

SHA1
1d3242023909855aaa8f51d55f109ecde5c7d36f

SHA256
e2014dd600a4170e08158a485d59dd01286952dbea47886c534768c9e9fc676b

SHA512
557d9a4d99ff371c81ff0cab6a290d782d8bc23ed5df79b4a9842240cf4402204f1e855be59111b3a6bfa034edf6b32f36e8e4b7996f96301726e0eaee949f5f

Download Submit
/data/data/com.enber.gareapp.translator/files/PersistedInstallation6431670105447342618tmp

Filesize
90B

MD5
b3ecbda19e67286ea06807d5bbfaf685

SHA1
4d68eb0078a4287e767d9c5cdb37f26c6ef731ec

SHA256
364d98450f0acc3af213325d5ef08e23d0633edc362e0ddd113ea903e4b45522

SHA512
0b640a3f2e9c57e8bc5a1981b85b89879a79457856ed3184d4ed45f88f41269d2d72441f19a7ed18ed517a3721b3587bcb73ac7de2219ca60ead675e88599175

Download Submit
/data/data/com.enber.gareapp.translator/files/PersistedInstallation9037229331005559886tmp

Filesize
571B

MD5
20112c558378925239d0e9cf8c55a824

SHA1
1ed7260fa50bc62118db0369949613564448c892

SHA256
6136faa62e1bd4498361975016f8e63c5c93952d678f3143bac9bf0dfeb03633

SHA512
5f4e5464006c9734326f2dda761a2eb1adf076db417c563a735147823c3f4e43e93f62427333b363ffcbb0c47ff2ad4a72fd06fc3d6d1a3a4ccea465af84287e

Download Submit
/data/data/com.enber.gareapp.translator/files/frc_1:1096647638011:android:3acbb0aa78b8f71520a95e_firebase_activate.json

Filesize
196B

MD5
ed90f51314ce29869dcf7684dcc0186d

SHA1
aeb744dd377dc73a74b7ad5a1db944969d145e90

SHA256
e4e5374ed4243831b85ade2ed57b49a8561701243178b0067d4d91de1c580aef

SHA512
b6fbd301bec2c613228f4480b18cda3b6dce27aaf99b2bbd6fee9c5b568b040f866911016c0bbca19eb65694d8f52ee34d0a1191771e30d81ced1c6fa1fe5f8b

Download Submit
/data/data/com.enber.gareapp.translator/files/frc_1:1096647638011:android:3acbb0aa78b8f71520a95e_firebase_fetch.json

Filesize
196B

MD5
ed90f51314ce29869dcf7684dcc0186d

SHA1
aeb744dd377dc73a74b7ad5a1db944969d145e90

SHA256
e4e5374ed4243831b85ade2ed57b49a8561701243178b0067d4d91de1c580aef

SHA512
b6fbd301bec2c613228f4480b18cda3b6dce27aaf99b2bbd6fee9c5b568b040f866911016c0bbca19eb65694d8f52ee34d0a1191771e30d81ced1c6fa1fe5f8b

Download Submit
/data/data/com.enber.gareapp.translator/files/nnoosb2

Filesize
8KB

MD5
912725659cbb19a22be6bdd2c048cb14

SHA1
5c7235660daba274a4545c4ddc7fcf3a0ad13dd8

SHA256
def71df84f9010a9ea6f809c06952da9fde6f400b0b8807d2d997ca0a881cd0a

SHA512
114a510cbbc04ef83c13fe6f72b2bb61b50bf45a120ab35b8995274d8881ec4c4f19a3056e53ee661688487a4c5b70fefdc7d88cbe9c078be70bc3dccf095e7c

Download Submit
/data/data/com.enber.gareapp.translator/files/xddmama

Filesize
32KB

MD5
88f00985d5e8cb60857698fa7fa2c2e4

SHA1
d9d19d5e778aaba16c91ecf4cc93a01d9fd2e708

SHA256
b32935ff80ccea3e131b80a5e74592b78acd6596a54093e740e1f062af3def12

SHA512
13865c22218dba4d73fc5571e97390c4f3e0cdf8e6e117138f38afcdd91b4213d33465185ead0e5436a94bd511a4cdcbf4ed67b64a2bd9dafa611591dd3f4166

Download Submit
/data/data/com.enber.gareapp.translator/oat/x86_64/[email protected]

Filesize
80B

MD5
3adc4a6e524c7b2abfe76b90386d1a7d

SHA1
f1bd88547e0cc102f205cb36b2df4d03a6d4d054

SHA256
352f9483346437411d1cd9cab573d47252ce4e8ea5991e3879ecd905cba61105

SHA512
e47444f85646e5238b7c9b15e939a4124ef91c3b129a65f2408223f7e8d591942ea83d6310e3efb574ccf56b2b7deb1d5fa7b25c50ec527ab58b27a93cae6b2d

Download Submit
/data/user/0/com.enber.gareapp.translator/[email protected]

Filesize
7KB

MD5
7b8a73470452c429671e8207c78c6a08

SHA1
4b0650c3656d476ffcc47e889e3cd3a54476b8fa

SHA256
146abcdf3571596c2be2fd9c7bd9298653399f9f61b62bbcf196c1086603665e

SHA512
9a30a8a33b68eb8fd8ae2f2553593c0de7d855c28e54d5c5243c171f1b124ecd0ed557d99b03a558c32d5c93a6fa9e3e091ab6919df6e26d6141cdd547fad13d

Download Submit
/data/user/0/com.enber.gareapp.translator/files/nnoosb2

Filesize
8KB

MD5
912725659cbb19a22be6bdd2c048cb14

SHA1
5c7235660daba274a4545c4ddc7fcf3a0ad13dd8

SHA256
def71df84f9010a9ea6f809c06952da9fde6f400b0b8807d2d997ca0a881cd0a

SHA512
114a510cbbc04ef83c13fe6f72b2bb61b50bf45a120ab35b8995274d8881ec4c4f19a3056e53ee661688487a4c5b70fefdc7d88cbe9c078be70bc3dccf095e7c

Download Submit
/data/user/0/com.enber.gareapp.translator/files/nnoosb2

Filesize
8KB

MD5
912725659cbb19a22be6bdd2c048cb14

SHA1
5c7235660daba274a4545c4ddc7fcf3a0ad13dd8

SHA256
def71df84f9010a9ea6f809c06952da9fde6f400b0b8807d2d997ca0a881cd0a

SHA512
114a510cbbc04ef83c13fe6f72b2bb61b50bf45a120ab35b8995274d8881ec4c4f19a3056e53ee661688487a4c5b70fefdc7d88cbe9c078be70bc3dccf095e7c

Download Submit
/data/user/0/com.enber.gareapp.translator/files/nnoosb2

Filesize
8KB

MD5
912725659cbb19a22be6bdd2c048cb14

SHA1
5c7235660daba274a4545c4ddc7fcf3a0ad13dd8

SHA256
def71df84f9010a9ea6f809c06952da9fde6f400b0b8807d2d997ca0a881cd0a

SHA512
114a510cbbc04ef83c13fe6f72b2bb61b50bf45a120ab35b8995274d8881ec4c4f19a3056e53ee661688487a4c5b70fefdc7d88cbe9c078be70bc3dccf095e7c

Download Submit
/data/user/0/com.enber.gareapp.translator/files/nnoosb2

Filesize
8KB

MD5
912725659cbb19a22be6bdd2c048cb14

SHA1
5c7235660daba274a4545c4ddc7fcf3a0ad13dd8

SHA256
def71df84f9010a9ea6f809c06952da9fde6f400b0b8807d2d997ca0a881cd0a

SHA512
114a510cbbc04ef83c13fe6f72b2bb61b50bf45a120ab35b8995274d8881ec4c4f19a3056e53ee661688487a4c5b70fefdc7d88cbe9c078be70bc3dccf095e7c

Download Submit
/data/user/0/com.enber.gareapp.translator/files/xddmama

Filesize
70KB

MD5
525fee9bfdc95bdefe919eea26e3c452

SHA1
03f1325b711fd4445830e8e50e9d3f6730540507

SHA256
8b3c121661902f58291d3437e12cadb89b101c4031ddace6bba8b7159186b130

SHA512
eee2ee9dee6af18565a940835d2e4dd3cfcaa24685b71484c5f05c061f1e3432ee94b2f32767ed3f98499647873f885b0dde43b0f3e3af32fdbc8e94926e1bb7

Download Submit