joker | 837a8108fef980f0e2889ae1bc98b0f655bb1dd5d08436b5ba7676c2f13f4209 | Triage

Submit
Reports

Overview

overview

Static

static

6

837a8108fe...09.apk

android-13-x64

Sharing

General

Target

837a8108fef980f0e2889ae1bc98b0f655bb1dd5d08436b5ba7676c2f13f4209
Size

18.7MB
Sample

231220-ewf26sbfan
MD5

227a1945cb031d32e880e57a6c60a493
SHA1

3dfc10f67da86d6cea89f08b4dfbb6134ce403e9
SHA256

837a8108fef980f0e2889ae1bc98b0f655bb1dd5d08436b5ba7676c2f13f4209
SHA512

a278467565f2c20b5792bd9ed2d035cd2cac35a7b85fe0a12f1af5d76011c7a61d5e2277e92eca661c273d4fdef6374f9c4cc46dbb603fdb98c29e677f8bef8d
SSDEEP

393216:qzsrl6+FK34h8qCtobzzgcadx4zwW5X+usaodgrY4hgTj2JJU:7cS/5C8vgcav4EW5JSAgTj2JJU

Score

10^/10

joker android banker evasion infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

837a8108fef980f0e2889ae1bc98b0f655bb1dd5d08436b5ba7676c2f13f4209.apk

Resource

android-33-x64-arm64-20231215-en

joker banker evasion infostealer trojan

android-13-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

joker

C2

https://xjuys.oss-accelerate.aliyuncs.com/xjuys

http://139.177.180.78/hell

https://beside.oss-eu-west-1.aliyuncs.com/af2

https://xjuys.oss-accelerate.aliyuncs.com/fbhx

Targets

- Target
  
  837a8108fef980f0e2889ae1bc98b0f655bb1dd5d08436b5ba7676c2f13f4209
- Size
  
  18.7MB
- MD5
  
  227a1945cb031d32e880e57a6c60a493
- SHA1
  
  3dfc10f67da86d6cea89f08b4dfbb6134ce403e9
- SHA256
  
  837a8108fef980f0e2889ae1bc98b0f655bb1dd5d08436b5ba7676c2f13f4209
- SHA512
  
  a278467565f2c20b5792bd9ed2d035cd2cac35a7b85fe0a12f1af5d76011c7a61d5e2277e92eca661c273d4fdef6374f9c4cc46dbb603fdb98c29e677f8bef8d
- SSDEEP
  
  393216:qzsrl6+FK34h8qCtobzzgcadx4zwW5X+usaodgrY4hgTj2JJU:7cS/5C8vgcav4EW5JSAgTj2JJU
Score

10^/10

joker banker evasion infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Acquires the wake lock
- Checks the presence of a debugger
  evasion
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

jokerbankerevasioninfostealertrojan

© 2018-2024

Terms | Privacy