joker | 83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5

Analysis

max time kernel
2344612s
max time network
149s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20-12-2023 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5.apk
Size

10.5MB
MD5

c3cbaa7af5eb9408f0d41bfc0c26b108
SHA1

4c028067260f01a021afce988964ea0f3d586414
SHA256

83683c5b32913fe9caacfc824f7db20e33921062d756029ccceaa240054f08f5
SHA512

842b47b2d06e0d251cb4b2684bdd8217ce8323b4ae4c69ac07e034672a343b53a73bca354c37d6eac196e17c656dedad39a52a67e1ff86ba732fbc69c0f8c298
SSDEEP

196608:B7fAr1+32EM8ki62klm/LPAN3ZG+2UNn0zchOnRIPM3vS0zU+CLZL4kk:B74rA22kvkLPANJGf60sMfSwjkk

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://xjuys.oss-accelerate.aliyuncs.com/xjuys

http://139.177.180.78/hell

https://beside.oss-eu-west-1.aliyuncs.com/af2

https://xjuys.oss-accelerate.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.mass.ivthesms/[email protected]	4588	com.mass.ivthesms
/data/user/0/com.mass.ivthesms/cache/mass	4588	com.mass.ivthesms
/data/user/0/com.mass.ivthesms/cache/1629828815138.jar	4588	com.mass.ivthesms
/data/user/0/com.mass.ivthesms/files/Yang	4588	com.mass.ivthesms

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mass.ivthesms

Reads information about phone network operator.
Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mass.ivthesms

com.mass.ivthesms
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mass.ivthesms/cache/1629828815138.jar

Filesize
9KB

MD5
af1f7507b04b896dc31dc05d6ab5c0e9

SHA1
f8a8409a9bcb3e3163b0098e432f061ae1c300d8

SHA256
51dd5ff34a950c026bd39ba3b923c4c47126c097e844951ab1b71ea7c0ed824f

SHA512
14d9057dadb87ae71e9dab793092b551cd97e42bc6bdbdef57e93d676b7c8f918719e5b7b232ec55ecd0c4d10bb99e84f84b071d182e2bfe214aab7ca0fddaec

Download Submit
/data/data/com.mass.ivthesms/cache/mass.download

Filesize
3KB

MD5
9089b1b361b016d99d9db6362100fa78

SHA1
750ae6f49b7eb1a26758b0c2f3d3f9a718465847

SHA256
6e621509deba2c165f2357a047b898453bee6e42817152b9a1d15721cdc3f2ba

SHA512
46115dcf48817e8f0df753a5ff7040ae4794a827053652a44f4abc7cd368c271bfcd01453cf160235823e4029321ca6d957de1fd9cc0a91f2bd0f990aa7bfa4d

Download Submit
/data/data/com.mass.ivthesms/cache/record.json

Filesize
103B

MD5
bd103eaf9b3ccef4d356a38e41471ac3

SHA1
15bf8a1af935f5a83e6154e58762e4b3c3ef8c0c

SHA256
6656efcf828cee078600cefedd96bf639a6afd982cff55d1ea84030f1294282c

SHA512
d5ecb6d62feac1abca650b63675b5fc5a708324e01717f3060faff2dbb790126aa569c865abb2a8c1d9121073b56dc55c89d3f70543e9e238ea64cb042a2f79b

Download Submit
/data/data/com.mass.ivthesms/databases/messenger.sqlite

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/data/com.mass.ivthesms/databases/messenger.sqlite-journal

Filesize
512B

MD5
63761d5d5e307e97aa665e6f4b524a82

SHA1
6860c1609ae32d8081e0398857d8ba00d07dcdf6

SHA256
4682b49b9cec86033ef4e0a82b78d5f19908808c967cb5d3192ae985a9de4625

SHA512
784d2b3edf179573f83f206f8b196a940aaca2b02aeec632d9289c6f1628b5159cc610293ee154e4d52875f4f49f01162871c4673c45f4e770d1e03c2020d31c

Download Submit
/data/data/com.mass.ivthesms/databases/messenger.sqlite-journal

Filesize
8KB

MD5
4a1fbab6bf1e8cec61606cf3364f72d7

SHA1
b2dbf49e19ee8effa7bded8903d5575946100e2b

SHA256
701cf001708b718cefbbc21d4b4c23501438608c21c798bf70663035392fd8c5

SHA512
4339d2b00b3399eb409bc1487629602603edabbe8600715a3a29e747c729f6b37cea957e8907f8a385bd2e7aa6a09db933d877056dc89a0b6820939045b446be

Download Submit
/data/data/com.mass.ivthesms/databases/messenger.sqlite-journal

Filesize
8KB

MD5
0996b18df3ecd4d57dc4d763d9ac6896

SHA1
37aa86bdba9a24bf005be62e4026124f31fb14df

SHA256
b4a5df3af23a06378d4f81771db31fecc935bb9844a89442a841a25b03be486d

SHA512
dde653b9f2ba74fbe4cfecf6a71a4c1b43bcdcb9e1a70662fa851deafad9838803d0b1f10e28aa7e682d010caed26e13dacc56a0c4f75a95e936a73aecd776fd

Download Submit
/data/data/com.mass.ivthesms/files/UnityAdsStorage-public-data.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.mass.ivthesms/files/Yang

Filesize
25KB

MD5
31217fab7722f55e60245ac48a48560a

SHA1
a8f33b9cfbb3858eefa45eb9ec23edacaf83b972

SHA256
78bf941588cddb91fa62f11410c616c572508b341f505c704712faee0501a042

SHA512
7d5be7c756f70dbf085b3332ae59f01ffdf3697bbe83de702231a920ab9304ef0f1502cebf42c1264c31dfe26663c2e7e762b41061650f9812388af14cb4b2a5

Download Submit
/data/data/com.mass.ivthesms/files/ia-global.config

Filesize
3KB

MD5
90e0178b7fcb3088e5984a56da2e1e8e

SHA1
f4e0d68f86ca6f4b7a465e89707772551bc88c59

SHA256
3ef89b9868e431664d9a91c6131bb32eaadd17ee8de9c74b00fd2ac0c036de5d

SHA512
c360e20797614323f1e46d8174d90f10dfb71914df433b06cdf453cc97d51fdfa69f4264ea80771bd0df8a406da44de8d9fd9ee007ffd3df8330689191017c31

Download Submit
/data/data/com.mass.ivthesms/files/inneractive.config

Filesize
694B

MD5
5c2dd540b81a0d0d19a789a3ffd99799

SHA1
f8988de600856e73101ecfd37e12a5abc90d7ab7

SHA256
6f15a5960094685eccd74e5188bdad5ed99d55d41912374afcd31ae272c08d95

SHA512
556176e3bec7e529a36ea7be79ae9ef0d5f16be971b0cd4a2d7fef21af04a4497df37b9400bf66ff927cedd6853c03e14f23d8296f8cf061f6e87f77339b6101

Download Submit
/data/data/com.mass.ivthesms/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.mass.ivthesms/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
22547e5a8d2816edee40b428bfc70337

SHA1
a8808f915b179fcf57759cde30f8661ea9444d4b

SHA256
849cdd17dc44fa16e40d04a22bbf1badb8412a0ca3b878ed462e39804da45e6a

SHA512
5e091be0a666007a100a1cb8dc8c1de3c9e5d84b6c7b8da98565f2c0ac9c5ca4830ef3deee9e9586445d36ba34b1d8d63819f4ee547201eb4d0faad8c162acad

Download Submit
/data/data/com.mass.ivthesms/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mass.ivthesms/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
f29ade161c3a07451da70d1df8ffd39f

SHA1
b2689a7908808f1d58434d16964dc654a974b67f

SHA256
ed17dff083600b85e4f49e3611fbe701d0c3c210b55fd986833b137fd4c4fdaf

SHA512
0d919864b7ab3c6bab57dd80cbfd6ba2aa8b566adde9fe53dfcb3790c323952492778e968784cb3ab5f3579762126f73f3fa08cab7d36da466d68c4cf55a70c2

Download Submit
/data/data/com.mass.ivthesms/oat/x86_64/[email protected]

Filesize
567B

MD5
211f90b7d32bdde032917db5c2562f53

SHA1
60197bc8aabbc00d7f7fb14cde13734ad6ef5179

SHA256
34b45fa56632d9c7cbf644784c64c41b068ac0fe4921c4c09340533586e55850

SHA512
e3b314306a67a91598553fb8ad7302d48f9c1f129fc71190b4c42cccdb15eebd97f64b5b528016788e522d90bbf42ad0189b30d8bf7beeebb54fb17e8f1df273

Download Submit
/data/user/0/com.mass.ivthesms/[email protected]

Filesize
3.2MB

MD5
692c6b1b89702297c59bd34c4bd1fa53

SHA1
f38cac946f03d7e869018acbdfe0ed272e11b106

SHA256
920e465a87a2409fc8d7186ea4e319c613c04d156bec75e8b91cb4d07b1deb75

SHA512
927048402fb314ef2624776b27317a6f996ea6b3d697d66b8b213d5be9559f24ae0dca8d2f8a9350d32310b8cab071933936640641d297ba522b3af60424df63

Download Submit
/data/user/0/com.mass.ivthesms/cache/1629828815138.jar

Filesize
19KB

MD5
38c960945cceba468ee4f1772abb99cb

SHA1
c7c2d5bdc5d06a5f43c24809602d0f2d2ba8e62b

SHA256
b8d90074a4efd78bcdecc27a24d4249d53b0b76134590750733d1136d9ad964e

SHA512
efa6c5518308ded2af559bdf6276176be8f7067dd1a486dc7f23395435a2cfca4f40106275e38ae126b52d943fced8383f92469c734f3b721cfcc78db400e1f9

Download Submit
/data/user/0/com.mass.ivthesms/cache/mass

Filesize
5KB

MD5
82abc51016150852bf8e65e047f467a6

SHA1
53d235499fe87726655e14b6e124bf1ae1efcb59

SHA256
5df03b928f087510f22bed777cef0eaa6c542df4fda748022cfec3ad938bc4fa

SHA512
1dbc3c6a6ee6ac37d680f248e49211931615690421fae86e1d6e47b3da984a41c490967e379d1253b481d3f1fa017b3e3cff267581c6f2585ae5a747197007c5

Download Submit
/data/user/0/com.mass.ivthesms/files/Yang

Filesize
59KB

MD5
6039552d12f80cadba4f5380d2a6956e

SHA1
f1d5e6526673b121b78f33dae74ce03e5c9ae75a

SHA256
64968aff752918e06ef849e623c6fc601cff69b28a5499891408a58f421b5e27

SHA512
55a7d9a0a421596ab16e66d0c490a224903954e7721bb28a43658f5e64695411021c0155a3ccbe11539ee24f02b0d1f72e1f42e1c7396a9f2ff9ed1da92c6d3c

Download Submit
/storage/emulated/0/Android/data/com.mass.ivthesms/cache/fyb.vamp.vid.cache/journal.tmp (deleted)

Filesize
31B

MD5
8c8bcb7d36cb5a71729c00c4e7f2d330

SHA1
a352667c61dc45f43cae74a7102fa692fba98d3e

SHA256
fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150

SHA512
4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

Download Submit