joker | 83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5

Analysis

max time kernel
2344499s
max time network
146s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
20-12-2023 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5.apk
Size

10.5MB
MD5

c3cbaa7af5eb9408f0d41bfc0c26b108
SHA1

4c028067260f01a021afce988964ea0f3d586414
SHA256

83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5
SHA512

842b47b2d06e0d251cb4b2684bdd8217ce8323b4ae4c69ac07e034672a343b53a73bca354c37d6eac196e17c656dedad39a52a67e1ff86ba732fbc69c0f8c298
SSDEEP

196608:B7fAr1+32EM8ki62klm/LPAN3ZG+2UNn0zchOnRIPM3vS0zU+CLZL4kk:B74rA22kvkLPANJGf60sMfSwjkk

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://xjuys.oss-accelerate.aliyuncs.com/xjuys

http://139.177.180.78/hell

https://beside.oss-eu-west-1.aliyuncs.com/af2

https://xjuys.oss-accelerate.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.mass.ivthesms/cache/mass	5020	com.mass.ivthesms
/data/user/0/com.mass.ivthesms/files/Yang	5020	com.mass.ivthesms
/data/user/0/com.mass.ivthesms/cache/1629828815138.jar	5020	com.mass.ivthesms
/data/user/0/com.mass.ivthesms/files/audience_network.dex	5020	com.mass.ivthesms
/data/user/0/com.mass.ivthesms/files/audience_network.dex	5020	com.mass.ivthesms

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mass.ivthesms

Reads information about phone network operator.
Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mass.ivthesms

com.mass.ivthesms
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mass.ivthesms/files/UnityAdsStorage-public-data.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.mass.ivthesms/files/audience_network.dex

Filesize
69KB

MD5
6dbc5f957337d5bc50fad0cdf3a74168

SHA1
adc32300556a196b67275dd8606a1ae048a08b2c

SHA256
62cc146291c2d0faf16259f6b16fc49b5a0b5447d7e2b15c25be596aefecbbf2

SHA512
c58c361e69aab9619f2bfd1859899d2004f49e17ba7b939487c6b0c6fc74cd53fa9a2a220ccfc811bbbf5bbd918075b85560ee0b0cc5595c85667b3cffdf0447

Download Submit
/data/data/com.mass.ivthesms/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
873d9b56a29e89fa3b49ccaf244d1392

SHA1
799ec93dcee4c88551024cad456e6d85bb46c895

SHA256
b67086d03fa824acac79e2571d6f7f2d755232744d811b3d41b1a3161632ea42

SHA512
4f71187c686ce365edc95dd3befe8e06447488815d06d50b4a5bc676f61bd49438498d19e98f02e8562fc117eccca3e5c43d3731c6bcbcaecbf4f935029273dc

Download Submit
/data/user/0/com.mass.ivthesms/cache/1629828815138.jar

Filesize
19KB

MD5
38c960945cceba468ee4f1772abb99cb

SHA1
c7c2d5bdc5d06a5f43c24809602d0f2d2ba8e62b

SHA256
b8d90074a4efd78bcdecc27a24d4249d53b0b76134590750733d1136d9ad964e

SHA512
efa6c5518308ded2af559bdf6276176be8f7067dd1a486dc7f23395435a2cfca4f40106275e38ae126b52d943fced8383f92469c734f3b721cfcc78db400e1f9

Download Submit
/data/user/0/com.mass.ivthesms/cache/mass

Filesize
5KB

MD5
82abc51016150852bf8e65e047f467a6

SHA1
53d235499fe87726655e14b6e124bf1ae1efcb59

SHA256
5df03b928f087510f22bed777cef0eaa6c542df4fda748022cfec3ad938bc4fa

SHA512
1dbc3c6a6ee6ac37d680f248e49211931615690421fae86e1d6e47b3da984a41c490967e379d1253b481d3f1fa017b3e3cff267581c6f2585ae5a747197007c5

Download Submit
/data/user/0/com.mass.ivthesms/files/Yang

Filesize
59KB

MD5
6039552d12f80cadba4f5380d2a6956e

SHA1
f1d5e6526673b121b78f33dae74ce03e5c9ae75a

SHA256
64968aff752918e06ef849e623c6fc601cff69b28a5499891408a58f421b5e27

SHA512
55a7d9a0a421596ab16e66d0c490a224903954e7721bb28a43658f5e64695411021c0155a3ccbe11539ee24f02b0d1f72e1f42e1c7396a9f2ff9ed1da92c6d3c

Download Submit
/data/user/0/com.mass.ivthesms/files/audience_network.dex

Filesize
3.2MB

MD5
692c6b1b89702297c59bd34c4bd1fa53

SHA1
f38cac946f03d7e869018acbdfe0ed272e11b106

SHA256
920e465a87a2409fc8d7186ea4e319c613c04d156bec75e8b91cb4d07b1deb75

SHA512
927048402fb314ef2624776b27317a6f996ea6b3d697d66b8b213d5be9559f24ae0dca8d2f8a9350d32310b8cab071933936640641d297ba522b3af60424df63

Download Submit