joker | 724e412f02185c8721fea47187d07cfeac03a42b2e1d776f8fc7eccb5143289f

Analysis

max time kernel
2265148s
max time network
140s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20-12-2023 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

724e412f02185c8721fea47187d07cfeac03a42b2e1d776f8fc7eccb5143289f.apk
Size

6.4MB
MD5

1325ddc84a95033801f4043f260c8313
SHA1

9a63bec8f4602933b284729563249afb90eb0391
SHA256

724e412f02185c8721fea47187d07cfeac03a42b2e1d776f8fc7eccb5143289f
SHA512

a0aa271960cd3ad23eb7cc5fdd27d02b45f78ee2a7b58fa8380b3cb846c8c521b49c3852dc31e42d009b1ae35f8a186ed2e85cac2825527ff9fc7d9634b7aef9
SSDEEP

98304:0fArAqo/RtzwUsYSuBmy0d7DGZgoRimxf4jxH29LHZ4zLEcmuaHbTdDXy:0fAr1/uB7kaZHRdf4jY9L54zAcmJbTZy

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://homeward.oss-me-east-1.aliyuncs.com/nameplate

https://xjuys.oss-accelerate.aliyuncs.com/xjuys

http://139.177.180.78/hell

https://beside.oss-eu-west-1.aliyuncs.com/af2

https://xjuys.oss-accelerate.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.pdfview.reader.pdfscann/[email protected]	4517	com.pdfview.reader.pdfscann
/data/user/0/com.pdfview.reader.pdfscann/files/saudys	4517	com.pdfview.reader.pdfscann
/data/user/0/com.pdfview.reader.pdfscann/files/journey	4517	com.pdfview.reader.pdfscann
/data/user/0/com.pdfview.reader.pdfscann/files/Yang	4517	com.pdfview.reader.pdfscann

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.pdfview.reader.pdfscann

com.pdfview.reader.pdfscann
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4517

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-journal

Filesize
512B

MD5
7fb91933734b25423de646edb8012129

SHA1
cc0dd9c2e9b0e896c13a3a1d39d743cc44265c74

SHA256
7facf1072f728b3925089499f128e2bc6ed8670e0ad295409c3d13de98147571

SHA512
1b472c16fa77e0fe37a64bfbba6f84a3f3017120295528e910563edc2923e8ac5b064210f6fba2857e663f9031185decd563dbbc6dbdddfd9b6762f9b7f3345c

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-wal

Filesize
44KB

MD5
6c80a158e5da151126a77d27cae4810b

SHA1
42c237c5bd359a2c0743b35bbadfa6ca78d061b4

SHA256
83e4a583369a45107ffeb8e70868f3ae6c2bcf512efd58e37052130ce4917fa1

SHA512
91b419416e9d10342da752795c728689827bb9d88db7308d5c726b5aa261d9f0e855417decec14d80c7d280d9859fe1beb0ad97f5d6c13df95b9fff5e3587363

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-wal

Filesize
16KB

MD5
c71c05b09b4af0a726c644a5acd9bbff

SHA1
b75dba491166b5cc8704fc5594d6b1d7d946c6d5

SHA256
e621c554388a2f177bf13eba9146dbb926aa85424cf3bd4894a9c24416e35424

SHA512
c928527497d2bfaec830d27e54a1358de83df855cd6162f98c60ea717a849e6878b6da206b57fd43f9c10971bc20cbfd97d4f9c7ddce3b7107f7ea6ea6b20f3b

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/Yang

Filesize
25KB

MD5
31217fab7722f55e60245ac48a48560a

SHA1
a8f33b9cfbb3858eefa45eb9ec23edacaf83b972

SHA256
78bf941588cddb91fa62f11410c616c572508b341f505c704712faee0501a042

SHA512
7d5be7c756f70dbf085b3332ae59f01ffdf3697bbe83de702231a920ab9304ef0f1502cebf42c1264c31dfe26663c2e7e762b41061650f9812388af14cb4b2a5

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/journey

Filesize
6KB

MD5
9af052da1567a096350f9fc5d3629084

SHA1
2805050d51348f8584c0c5f95ea0aecb194632b0

SHA256
c83385b0370b18b75ced66aa0803b878deab447d97bf3d7dfd3f1ac9d88f4186

SHA512
31fb530718c7f0a79e6b19eaa9c5d6c19547ac8054f29231d5c963cc1c4b9d915a7c57a3a2caf30b33239817d066ccdd94bec857113b2a899773585e3cca3f39

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/saudys

Filesize
3KB

MD5
43911fa1ce6a2a2ba7c45f36b6187faf

SHA1
4543ad7ed05726464af38d5f047ebaedcb0d5498

SHA256
b4e67aa7674c1a439ce27c2a706a7c8ab2a6c7a0fdbb752781acec0d5413d851

SHA512
d2ed6c04bc142672d2be8fe443e44990f5fa405e1a3b4496a9a3f09bee07fb2f40e0d70126965707d6934673f7ea9801c2a284482113b99c17127550aab96af3

Download Submit
/data/data/com.pdfview.reader.pdfscann/oat/x86_64/[email protected]

Filesize
415B

MD5
37b375a06eea477ee8a29d34abbe5465

SHA1
cacebb45b02315c820583b86f4e8fa18a0137513

SHA256
d52871ff795f2dfa160928b1040db8eee70975b73ed4b815c325d69864d0f78e

SHA512
cf900cb013fc09826183502a6ad539791637eea135d8679afe18dc6ece1a67b9e0b2257cd8481c6d3ceb5250154d04867fcf4c8d55b5f95ef4d2bc077931bea2

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/[email protected]

Filesize
3.2MB

MD5
692c6b1b89702297c59bd34c4bd1fa53

SHA1
f38cac946f03d7e869018acbdfe0ed272e11b106

SHA256
920e465a87a2409fc8d7186ea4e319c613c04d156bec75e8b91cb4d07b1deb75

SHA512
927048402fb314ef2624776b27317a6f996ea6b3d697d66b8b213d5be9559f24ae0dca8d2f8a9350d32310b8cab071933936640641d297ba522b3af60424df63

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/files/Yang

Filesize
59KB

MD5
6039552d12f80cadba4f5380d2a6956e

SHA1
f1d5e6526673b121b78f33dae74ce03e5c9ae75a

SHA256
64968aff752918e06ef849e623c6fc601cff69b28a5499891408a58f421b5e27

SHA512
55a7d9a0a421596ab16e66d0c490a224903954e7721bb28a43658f5e64695411021c0155a3ccbe11539ee24f02b0d1f72e1f42e1c7396a9f2ff9ed1da92c6d3c

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/files/journey

Filesize
9KB

MD5
c409d388c70ea8ad4fa9360865c761f9

SHA1
1def633ee910d31f50f9f415ae8768149c45dcee

SHA256
2f0fe95c8a02ac85f9383cf7ef5d9937ac93cdc75d75c1f79dd48638ae2eeb1f

SHA512
797d61aa6da7f15404fde84354b833253f9814113649f286162aa766753bf3ab5c678c5aa31805e7eebb6a457a5670e4c06e1ea0486636db464c71cb7c0a50ef

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/files/saudys

Filesize
5KB

MD5
1aa1f9493f5a62883d5512df3ee1c32c

SHA1
d5f6599a22445575bb7b7e21958071d5c87cd170

SHA256
62188b7f0f9f71a33356bcd9019822d4f4f1b077fd715c1236b9ab27598ec376

SHA512
95ce0f1dc39c6309dd826abfe1f5f1f1aff374ce41ae50da12fe6f3d35da60babbc72da8bdb256dd7ab75830e0aeb4fe9e3b1a8ba42753d6f7e7a2e0b3428c12

Download Submit