joker | 11d84c07e2903a06ad01d1e91188dc72a5a34b82f8a06a413464387d0a5756be

Analysis

max time kernel
3536520s
max time network
167s
platform
android_x64
resource
android-x64-arm64-20231023-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
submitted
15-11-2023 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cool Photo Effect_1.6.apk
Size

98.5MB
MD5

e02e5e024b86607bfd4464c4eccad502
SHA1

34e51607e9697e67ccaa2975822aad1906f72067
SHA256

11d84c07e2903a06ad01d1e91188dc72a5a34b82f8a06a413464387d0a5756be
SHA512

886568471c4d67ff69b28057429b78b2c8384b2a3d2a6d977ebecf4f35c94e0db373b857a8b1c10a25ab48d8aefb831274e6cd2108c9ccb642917d8c896faf1f
SSDEEP

1572864:+jEhT1CL4aKxtb0RrMG5b4Iez0ZpyA340PBw/nNNgCt:n0JK1t

Score

10^/10

joker infostealer ransomware trojan

Malware Config

Extracted

Family

joker

https://ebysto.oss-me-east-1.aliyuncs.com/tap1

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.lab.photos.edit

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.lab.photos.edit/cache/1658186039475.jar	4412	com.lab.photos.edit
/data/user/0/com.lab.photos.edit/[email protected]	4412	com.lab.photos.edit
/data/user/0/com.lab.photos.edit/files/earstne	4412	com.lab.photos.edit

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lab.photos.edit

com.lab.photos.edit
1⤵
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lab.photos.edit/cache/1658186039475.jar

Filesize
10KB

MD5
d532cbd4f180fe5fc0d6bb5f0e1677a2

SHA1
991f862931b10f1e4efcb27f60dbc596ca4fbc95

SHA256
5af63d2127385ce87df5e729040874f5043b20ce14e4c60dd95e410d660355da

SHA512
a071eadc4a25a4ce82510e5c6acc34f6d9c324e782be149209eb9f484fa6f1f8809261627368573be434ab513e1f66bf2dbb48cbc849b431d9dfbccdafce4dc4

Download Submit
/data/data/com.lab.photos.edit/cache/oat/1658186039475.jar.cur.prof

Filesize
151B

MD5
670112659c0c4c2090386b50d186971b

SHA1
64c9871b26b5af522cf97a720b4882240fcc87d5

SHA256
5e373a5749210e2b579b9dcdf38960d0af63f22c00bcf8b247a7b4b6cb3e7e3d

SHA512
c17e5ee6e2eb3c80fdbfbb8917dff40500546ed5ebec12803f3602c702d2cfada4be34478842b1e4e4ce71d7f76196b58778122e8e547c9903c736080cafa380

Download Submit
/data/data/com.lab.photos.edit/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
1cc717af44d61731d8ad85c04f77affc

SHA1
b7bdc0d2a3d7ed9727dfbfaf0c5589d4e7741d8d

SHA256
5e1f0527ad356f87e1678b21cee2be86fc93b2ccd4c0573a3eed77c204c0da2b

SHA512
b2e913f75fecd18317242c9c5bc2204d8492afd1deff8e5051782e6bd616ee6447861f9599a64891de837e4abdf525373dccc4464d2b3fbf40ab6184d0702563

Download Submit
/data/data/com.lab.photos.edit/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4c3c0ba5a4638d0895687920d3719f4a

SHA1
ffb6239b5541d3dbc0a80ec622307b361dfb4fa8

SHA256
c2c2b43bfe250d5600349a259253219fb84d80528114e3b4a7546fe87d55c21e

SHA512
5f3312009a1071cafa1e10a07176370b714bbee19792f16d4d1dbd1ccaf89214c544ccf27ec472fd3cee049a76b6627ad9bc95a53bec7456b5e9cde604d87f00

Download Submit
/data/data/com.lab.photos.edit/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
aa896ef5e9869d9bcf09ce4655d3af93

SHA1
1ed5da04de9130ee053b9e9b1b17551d9957f7d8

SHA256
68923bf2b76e5e3a84225e14caac5ce6ab00dbc3efbde44f96dca1abecc9643b

SHA512
839aa2e12b52b7d22492d7498910f334711890ee517a0c81f4b46c1ebe3ee93921c89bdba6a6ff2aba99ac77ff11ac7537e12e5ce38bdaa6d775c4d9a2a42264

Download Submit
/data/data/com.lab.photos.edit/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
aeae76dd1e4bfee81d98c9db9926a6ed

SHA1
20346c1cb697c4ef0f7e67b4162b34e1e8375760

SHA256
89a027b4e7111fcd12f11136b38adf99b3a74c740187896b38fdc121612925bb

SHA512
b60e9d3b52efedb32f1b8f34e9a280465a9c1c25c70a1749cba7c7142e1d7bab3cc51e6c05c0bf4e6067770e6e62aaf9041d435bc0afa7922bd1bdc9bb53046a

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0ded3c1a7d4d40b1e275f897817f8407

SHA1
946778fb4e4f917affc80eacf4f4d587f47a94eb

SHA256
3433c02b50d82d9f1555a8c58af83d2097f09f71c047d282bbd9aa191f569cc9

SHA512
7862134273117c23c70d725543346888d6d3d94396782b98b31b5642908e543d04be8b9fa605ad2a4ccae4ac00c4b3059e5d09413ade6f5f06e2b5995d827bd5

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4b7d6cff2e0fe33bcf8f659f0ed423c0

SHA1
b5a4ca2c5037661c5c0fe631e563128eccdac125

SHA256
6dc1bf8a49cead5a3bfcdf852be239012842e9f9872eed733f1ca71b090cab8b

SHA512
a805b7247a2bdd1a9e606eca6c8d1d4a71230d53da068704a599b56c3f6b79bf87385aa9d828151100b995dfa082f8af240d689fa96bb7bb73ec286a639cd4a3

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7e7f22ace9b21bcb22678a320d1584bd

SHA1
95fd870fce4c29336c4611c3629121316ff1d448

SHA256
7d4fb8489eec5b21257ed49fcd95137471cd757d09fffd04740cda8e2c68df8c

SHA512
e4f00b9fcccd2bed92c98198dbe5e56d3e5c625a40bd1e52d72363f680a0af4f406d42199117c6eff34717bab3468974a02f32d4936201976ecbdcbafe7e1cb3

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ca58bfa6ef0f561c32358c1acd2775eb

SHA1
2ca89c3672f6cff06cf1d697324af9f9e169c4c1

SHA256
e8f83c108c443db559486484feffe30a0cadf54db619fbf04650dcb8ff47a33f

SHA512
2a951698fec727a1cdf38316da649e17b31dd4f2b2bb216a70d303c98291d9f07e1644ca0cb2e8f14a68a7a14834738006574604209c9c65571225854bcdb542

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8b95925bfb9491923ede49d4aeb4a004

SHA1
a5cb237c9b6bc562492034bb3abb06cc0dd99631

SHA256
1eaf3bf4f629dd64586d6b23f6bc96877b27bf703b18a3dd944105012f0ea44c

SHA512
50e224e7c9c5eb36ddf8c7a36553b378d9a332dd5add60151d530533d4d08129db7fc09b7fa508196f9e04e0abcb9ebf26aa3d024fd4ca7c3ab2b335404625e8

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c1ebf703f6b8c668c0a3629b5dbeb8f0

SHA1
4008f290a5488392148e09ed608a2493f16ef6fe

SHA256
184bb818474cdf508a22c26e5f7670eddbc8385ac83bc21e42b2025b42c63699

SHA512
56ab551c1055933aa910adfc6860a6c7f4a88c3de1fa6f40eafda7a065d656192e832d35f59bdf1fb667cd7377a347a18bab3ffad7f6116ad1769bee3754132f

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6b3731cc1b29d31478286c7f98968199

SHA1
d01c5db4195a08956fb8b75e9e6a25a11f6a25f6

SHA256
6c9b3da7ea77b7789abdd1754a1a936c0e1827c61c2d8474e44be471f85e5c7e

SHA512
4545a6f4c0fc2251b919fae1ad77c4b368d0776975161bfa0b4444824ef8e65ebe358a4b85a40e88e4d815a042352c92fe63e098fcb035cf3a47eb6696f9eaa1

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
01943d8fa67c5c8d40fe07485ca569f5

SHA1
e5717f48b6951575a8c12eb000d8c210bc0be843

SHA256
895e378a87b81dad3df6ddb8459aafeee478f1aca55c63dc493c132e34c6d2eb

SHA512
6092a59412d0ba6a8dff5dc6c1a34c9cb297d404cf0e20b98eb6483e41a7181b33e7c9460f06ba827ef507ab5421561889ca3b358c50df407805e96e9bc4c586

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
248684819ccd16f7b7af3ecc7311a99a

SHA1
5a7473053b9945866ad11f8915b9e98b88927321

SHA256
19687ee68c70d720ec95a3cd37f1f361a456fda33d375c54a9d00284b4a0a4ef

SHA512
ef282a0eb9e7bf173a300031338754a2b3152103a7ecf32d152baf0eeb29d4b0d653bb2132b620a19c81bf5b95fc7bc6396016dd0adc5f350ba650a031c4c70e

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
d991b3908d1e2f94ae2a392ad94dddd7

SHA1
0aadddc1ddec88059597344c65763db7b6adaecc

SHA256
0a7b03e7dbeb1b1af181f07203f6acda15a34a6b796bd2fc4a745f8bd9915ada

SHA512
29729df4be6524345305cc78b7759a0ac5f63aeb084293a5a3fcc130b5f107539ad6d2f15ca62212a6ea08657b5bef0aba6c33ce5c18cc7f7d634a8ee16234bf

Download Submit
/data/data/com.lab.photos.edit/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b73ca5d50d3cdba8d18c5ba532204410

SHA1
b3bf4d5a10af0470a49beb16af1d7447282627e7

SHA256
8799b3bc1904bf6a1379bf61d36ae57f2c578aaf20d54ccf577f2f33516d93fe

SHA512
7dc5d4c17a51e67fd4fe8a16a926b1b4f4dddcb1cc409569680647b985deaaad192fea1f87115f6be9eb393c3ea20149e71b4f4d4d26b631e74dcd7475af2a81

Download Submit
/data/data/com.lab.photos.edit/files/.com.google.firebase.crashlytics.files.v2:com.lab.photos.edit/com.crashlytics.settings.json

Filesize
714B

MD5
4325700a8d83c529aef368e0aeca22ed

SHA1
abe620aa479bacbec363460c944ed06a17357f8b

SHA256
700d308940fe900fd2db82ef37495e860a5cb627f22328f553cee6c38186c5e8

SHA512
0021fcca0b78ddf03e155e36cd1124891631f2012bcd236ca44aa0a64fe11bdd7aa9d664deac2741bf83e0e6d2f0b93c3e62b357e2a0151fd5dae26f527dde52

Download Submit
/data/data/com.lab.photos.edit/files/.com.google.firebase.crashlytics.files.v2:com.lab.photos.edit/open-sessions/6554AE7302F20001113CD52291AC1C2B/report

Filesize
737B

MD5
e1280b5b18e9b7b316909b779d74e767

SHA1
06a15a048574cec2f630a89cbc5b74f6262ff0c0

SHA256
bbbbdd93ed72d792b73da8fdade9f268d034e04ffb30d9a0d067d1ba11a07bf2

SHA512
34f2c7ad3261f9b46dc1235115adb9963cdb8e48184afa9927dca416ecd80b8e3cc768b93a180c5a3f2da11094c4df31e8c6e25b0f9b19c91b002923c457c45c

Download Submit
/data/data/com.lab.photos.edit/files/.com.google.firebase.crashlytics.files.v2:com.lab.photos.edit/open-sessions/6554AE7302F20001113CD52291AC1C2B/userlog

Filesize
362B

MD5
a9fe9e850d9ddca9041b7daced244f80

SHA1
6682f34c18a9e7527f7222b2060e2154d5978167

SHA256
b3124ddab5780cf5568c6835abf51b0e32c50cd9fa434fca8f9c6105ea032d1c

SHA512
dbe21d7907978625b84c2be91236e1566a409bfd2a3c8fa62ac0a13ebc82dab9d00830be292846ec2a239aa4f03fc110413bdc7505c9200f216f12b22f414568

Download Submit
/data/data/com.lab.photos.edit/files/.com.google.firebase.crashlytics.files.v2:com.lab.photos.edit/open-sessions/6554AE7302F20001113CD52291AC1C2B/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.lab.photos.edit/files/PersistedInstallation1707467981598542168tmp

Filesize
566B

MD5
7195b76883d3308ad8dd9f0abd5c948e

SHA1
33ed144da8e6d73a7ad70fb806a7507bb0b770ce

SHA256
50675996ba09ecf89688bc9974e65b0143be2a25c48df3f86254ab80765e0bbf

SHA512
20ce5cc02881e08bb80550920fa5afd642770e683e5ce760921fde863f409d6514d4277d7caa2e0764ef7800313f54368381f005759811d68b692db2fe1681db

Download Submit
/data/data/com.lab.photos.edit/files/PersistedInstallation717052054328871908tmp

Filesize
90B

MD5
6bc550a167f1f19c25652386de02ae88

SHA1
3e272a7f55c3e36a7f9ff5b9dd6ef5a74c6123bd

SHA256
5918a86f6f9519464d4f945108c060cca5838f9838c166b3bc869ca2a1dd6622

SHA512
18d63af8a4975951951d380ae15932b8dd5e966454b5ac64fe6926d731848ff0a19211dfab5643c628970cfaf0d5d3977b4cb8454f329631ff5b97b351a69d4d

Download Submit
/data/data/com.lab.photos.edit/files/earstne

Filesize
3KB

MD5
4b783af48a7d2110217a31289d24604b

SHA1
98f19dd0d7e788006271075212bbd8e0ad2505fa

SHA256
a36da52ae152c25d44ceb18246081aa19a6f002790d7a56ec5f8b19490ef0bd8

SHA512
5467add202090a271639c2f29ffa61d0b80aef5d7745c7b25b6af097680f957addf75790cca763cd7db7247e68015cc204aa945bab0b50bcd9477f8e944fbfc2

Download Submit
/data/data/com.lab.photos.edit/files/frc_1:362684862920:android:6174cba3b2b31c27d3f0fd_firebase_activate.json

Filesize
194B

MD5
7736a5e9ac0e5b1a5c946f45223717a6

SHA1
276efdea4ae3ac2c0c16c90b4266a65d36457f06

SHA256
c708bd815659669f73a7774e00b06f4c93a45a70c98318c349082bf2c6b84029

SHA512
7497255f4f56ccdf806a16409e93809ec5d5e2ed02a8abeb5aa900e1373ca182ad12321cae6d96b7c07ff7f9b1b21db8499f0a7786df1f97c2a8b61f9902dbe2

Download Submit
/data/data/com.lab.photos.edit/files/frc_1:362684862920:android:6174cba3b2b31c27d3f0fd_firebase_fetch.json

Filesize
194B

MD5
7736a5e9ac0e5b1a5c946f45223717a6

SHA1
276efdea4ae3ac2c0c16c90b4266a65d36457f06

SHA256
c708bd815659669f73a7774e00b06f4c93a45a70c98318c349082bf2c6b84029

SHA512
7497255f4f56ccdf806a16409e93809ec5d5e2ed02a8abeb5aa900e1373ca182ad12321cae6d96b7c07ff7f9b1b21db8499f0a7786df1f97c2a8b61f9902dbe2

Download Submit
/data/data/com.lab.photos.edit/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.lab.photos.edit/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
d786690ec8d9b677f5f31e6dad47f6f1

SHA1
7960e2a73d76ecf5bcb502f26384539523442d97

SHA256
f1da8d7e3da5498f6c5253d6fdaddf43023e56cb205d3d817fa0b128a3ebb840

SHA512
dbbc881faec772549affc977ce59fb469fc4938c9c8dc9762dada97547f05721b229c83b3e236cc1444781bc34b88103f78221eebc4a50e0187eed9ddde494a1

Download Submit
/data/data/com.lab.photos.edit/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.lab.photos.edit/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
58f65d70ed7dad553043f014540fc2f8

SHA1
18af0371ab3ee7ac10e1b770f76f0ff27ac549b3

SHA256
688c6cd17046411c9884095e2871baa8ebe9c9a874f67bb8d16a344037087ab3

SHA512
3f0f871fdc1ff99b908f1873c7e8776eabc599f15828c8ac3ba90e86bcca82cfc38bdbe021a75db227c13c7a153a5882142001a6bdc0c83bdd43f0bed8edcaf1

Download Submit
/data/data/com.lab.photos.edit/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
f4932ed47f8d13c6eae301f74481d919

SHA1
c34545ea17101518bacaf318cd0905bc010be47a

SHA256
93adbd5aeaf9da8d31396b2ad36ac82980a4eb0f15ba3384740ada0d794ee16f

SHA512
b43adf684630794c8dc4b657b6c29eda959823f30d8b5c5c703699b66151c97e1d75ad564ffb79b9084002cdf452bba04b7f3ff0655993bccaeef790b8e2aec6

Download Submit
/data/data/com.lab.photos.edit/oat/x86_64/[email protected]

Filesize
460B

MD5
b42a985436a8a8362d263f947544233f

SHA1
2f0893d2541098b34a394fd2f57052c6e0c9d59f

SHA256
e983655f4f54a891bdfd5c4fa638c0e5b732c8d2f6c6d639a7da7c1483044dbb

SHA512
145905b6a9da57256319a61e5a33148e95eda4603ee875fb70f3aeff0e4197651070453d693abf50b6195cadc81ac16affa108ab23c5e7fca192592fd7fcaacb

Download Submit
/data/user/0/com.lab.photos.edit/[email protected]

Filesize
5KB

MD5
b2450ab2585ef304d6eff393fa8d20f8

SHA1
7350c6adba89b7608ba9dfff7b099ac4613693ca

SHA256
db211f72d78e154c0068681022e422946c1858d1184d31e5e439fb05d7624a38

SHA512
1dcac23e311fd56e4c51de83908ab6c92b1f6e6aecf04d1883abf2d4863de94139680a896ac0a3c2d00e5aa3971ca12f434774c844c56db0355004298a7188f5

Download Submit
/data/user/0/com.lab.photos.edit/cache/1658186039475.jar

Filesize
20KB

MD5
3e4c7cfe03c0013124c0a0b4a7f79735

SHA1
7061aaa831e19f82510a07d6628550fa4c4abc87

SHA256
a35c31d98ca212a0553053527fc39a7a8c8cfe22e87fd72d20f81a92cdc7bbaa

SHA512
e9341778de8925924b49b64181f5091f0c96898e7587a05aefceb0ee87921c1bb392081a305161b04123b59c7d4209f279d92702090dac9331b852f6e755a1cd

Download Submit
/data/user/0/com.lab.photos.edit/files/earstne

Filesize
4KB

MD5
6317c76e2ce312adce1453de5d4703a7

SHA1
e4643d25d919a1a506d36cc50e772e1060703de0

SHA256
9ab42b5a4abced715e1a51d1fdf67ef793ca31d3826148a4bf246544ed5a2f6a

SHA512
b937e635229551ab13515c21ee4186ac8a3686ebc419411e5c98172ae75df91740bffa1d5d77c2e6b205b045c1c04648d50b60e9fb513e7da60dab963794f902

Download Submit