joker | 83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5

Analysis

max time kernel
2416351s
max time network
131s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5.apk
Size

10.5MB
MD5

c3cbaa7af5eb9408f0d41bfc0c26b108
SHA1

4c028067260f01a021afce988964ea0f3d586414
SHA256

83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5
SHA512

842b47b2d06e0d251cb4b2684bdd8217ce8323b4ae4c69ac07e034672a343b53a73bca354c37d6eac196e17c656dedad39a52a67e1ff86ba732fbc69c0f8c298
SSDEEP

196608:B7fAr1+32EM8ki62klm/LPAN3ZG+2UNn0zchOnRIPM3vS0zU+CLZL4kk:B74rA22kvkLPANJGf60sMfSwjkk

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://xjuys.oss-accelerate.aliyuncs.com/xjuys

http://139.177.180.78/hell

https://beside.oss-eu-west-1.aliyuncs.com/af2

https://xjuys.oss-accelerate.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.mass.ivthesms/cache/mass	4247	com.mass.ivthesms
/data/user/0/com.mass.ivthesms/files/Yang	4247	com.mass.ivthesms
/data/user/0/com.mass.ivthesms/files/audience_network.dex	4247	com.mass.ivthesms
/data/user/0/com.mass.ivthesms/files/audience_network.dex	4512	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mass.ivthesms/files/audience_network.dex --output-vdex-fd=123 --oat-fd=126 --oat-location=/data/user/0/com.mass.ivthesms/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.mass.ivthesms/files/audience_network.dex	4247	com.mass.ivthesms

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mass.ivthesms

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mass.ivthesms

com.mass.ivthesms
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4247
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mass.ivthesms/files/audience_network.dex --output-vdex-fd=123 --oat-fd=126 --oat-location=/data/user/0/com.mass.ivthesms/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mass.ivthesms/files/audience_network.dex

Filesize
76KB

MD5
2bc8918fab70af415bd05cca48a4f8ca

SHA1
2849369fa204bed8930132e2709571cae11a943b

SHA256
06a3c2425b803fb59f8d136f61f453edcb26ac876f1c6ecc1f799c52912c93b9

SHA512
ba2c2c9cd7b1f24b5553cd1f3c6514ae57ae4dba0d094fe1e2851b5a85236aad9e3642c2412576a9a58c894e75ed86ae01fcffe03cf62ff0531687a47dd1395a

Download Submit
/data/data/com.mass.ivthesms/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mass.ivthesms/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
d0a44c7b4ae3fca16ab20aef8308b907

SHA1
ee4f6d6f3ed25b0c0ccf8e1ed8524630b8ef27bb

SHA256
c1a290e98514728f8efa11245991ad4970c56dc9d65eefb42b8cb56468ef6233

SHA512
442fd6f63700bece283197a89d52f358b6e05c78ba6ca8a4791db4c9351922203ff85708108a38a87e3788abbb782c8dfa35fe26c8e13b5050b6253ce2bfd222

Download Submit
/data/user/0/com.mass.ivthesms/cache/mass

Filesize
5KB

MD5
82abc51016150852bf8e65e047f467a6

SHA1
53d235499fe87726655e14b6e124bf1ae1efcb59

SHA256
5df03b928f087510f22bed777cef0eaa6c542df4fda748022cfec3ad938bc4fa

SHA512
1dbc3c6a6ee6ac37d680f248e49211931615690421fae86e1d6e47b3da984a41c490967e379d1253b481d3f1fa017b3e3cff267581c6f2585ae5a747197007c5

Download Submit
/data/user/0/com.mass.ivthesms/files/Yang

Filesize
59KB

MD5
6039552d12f80cadba4f5380d2a6956e

SHA1
f1d5e6526673b121b78f33dae74ce03e5c9ae75a

SHA256
64968aff752918e06ef849e623c6fc601cff69b28a5499891408a58f421b5e27

SHA512
55a7d9a0a421596ab16e66d0c490a224903954e7721bb28a43658f5e64695411021c0155a3ccbe11539ee24f02b0d1f72e1f42e1c7396a9f2ff9ed1da92c6d3c

Download Submit
/data/user/0/com.mass.ivthesms/files/audience_network.dex

Filesize
3.2MB

MD5
692c6b1b89702297c59bd34c4bd1fa53

SHA1
f38cac946f03d7e869018acbdfe0ed272e11b106

SHA256
920e465a87a2409fc8d7186ea4e319c613c04d156bec75e8b91cb4d07b1deb75

SHA512
927048402fb314ef2624776b27317a6f996ea6b3d697d66b8b213d5be9559f24ae0dca8d2f8a9350d32310b8cab071933936640641d297ba522b3af60424df63

Download Submit
/data/user/0/com.mass.ivthesms/files/audience_network.dex

Filesize
3.2MB

MD5
dbefc015f722b31d41e6ce0dec958f3f

SHA1
64b526a96766345c346f226935b612a2e203d1c2

SHA256
2c5a36ebc9ff0ff5bb2e1e53949f0ee6c08b368bfc0ec4bf9f6b8d9175cbd8b0

SHA512
94b410d1db8bbaac796078fd7e83933c3db6b38fdf26cf5ab1b5bee9d0612455a17d264f5fd0570181beb16d78b6d69be0b8a798c45ad4dfd99d4e1eb9ac9767

Download Submit