joker | 83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5 | Triage

Sharing

General

Target

83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5
Size

10.5MB
Sample

231220-ev6ansbehj
MD5

c3cbaa7af5eb9408f0d41bfc0c26b108
SHA1

4c028067260f01a021afce988964ea0f3d586414
SHA256

83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5
SHA512

842b47b2d06e0d251cb4b2684bdd8217ce8323b4ae4c69ac07e034672a343b53a73bca354c37d6eac196e17c656dedad39a52a67e1ff86ba732fbc69c0f8c298
SSDEEP

196608:B7fAr1+32EM8ki62klm/LPAN3ZG+2UNn0zchOnRIPM3vS0zU+CLZL4kk:B74rA22kvkLPANJGf60sMfSwjkk

Score

10^/10

joker android evasion infostealer trojan

Malware Config

Extracted

Family

joker

C2

https://xjuys.oss-accelerate.aliyuncs.com/xjuys

http://139.177.180.78/hell

https://beside.oss-eu-west-1.aliyuncs.com/af2

https://xjuys.oss-accelerate.aliyuncs.com/fbhx

Targets

- Target
  
  83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5
- Size
  
  10.5MB
- MD5
  
  c3cbaa7af5eb9408f0d41bfc0c26b108
- SHA1
  
  4c028067260f01a021afce988964ea0f3d586414
- SHA256
  
  83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5
- SHA512
  
  842b47b2d06e0d251cb4b2684bdd8217ce8323b4ae4c69ac07e034672a343b53a73bca354c37d6eac196e17c656dedad39a52a67e1ff86ba732fbc69c0f8c298
- SSDEEP
  
  196608:B7fAr1+32EM8ki62klm/LPAN3ZG+2UNn0zchOnRIPM3vS0zU+CLZL4kk:B74rA22kvkLPANJGf60sMfSwjkk
Score

10^/10

joker evasion infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Acquires the wake lock
- Reads information about phone network operator.
- Checks the presence of a debugger
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

jokerevasioninfostealertrojan

behavioral2

jokerevasioninfostealertrojan

behavioral3

jokerevasioninfostealertrojan