joker | 837a8108fef980f0e2889ae1bc98b0f655bb1dd5d08436b5ba7676c2f13f4209

Analysis

max time kernel
2345218s
max time network
146s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
20-12-2023 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

837a8108fef980f0e2889ae1bc98b0f655bb1dd5d08436b5ba7676c2f13f4209.apk
Size

18.7MB
MD5

227a1945cb031d32e880e57a6c60a493
SHA1

3dfc10f67da86d6cea89f08b4dfbb6134ce403e9
SHA256

837a8108fef980f0e2889ae1bc98b0f655bb1dd5d08436b5ba7676c2f13f4209
SHA512

a278467565f2c20b5792bd9ed2d035cd2cac35a7b85fe0a12f1af5d76011c7a61d5e2277e92eca661c273d4fdef6374f9c4cc46dbb603fdb98c29e677f8bef8d
SSDEEP

393216:qzsrl6+FK34h8qCtobzzgcadx4zwW5X+usaodgrY4hgTj2JJU:7cS/5C8vgcav4EW5JSAgTj2JJU

Score

10^/10

joker banker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://xjuys.oss-accelerate.aliyuncs.com/xjuys

http://139.177.180.78/hell

https://beside.oss-eu-west-1.aliyuncs.com/af2

https://xjuys.oss-accelerate.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.relish.messengers

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.relish.messengers/cache/fsrm4737253324763355783.tmp	4280	com.relish.messengers
/data/user/0/com.relish.messengers/files/Yang	4280	com.relish.messengers

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.relish.messengers

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.relish.messengers

com.relish.messengers
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.relish.messengers/cache/fsrm4737253324763355783.tmp

Filesize
3KB

MD5
e3641a4c71174ef7901ce0fb0a8d8051

SHA1
68b41868bd9daf340faa7af2e222a89ca5b118e5

SHA256
73ed822302f18c8518a48061346f938eeb359d8d1b3a38c2ea011f94685e567e

SHA512
9dbd8c7fba04ed3a9b88ff92c21747f492fc790ee057157c28be6350c3ece40aa5804e837504b781833a10493c147b103b6399e6c2ed8165a9f42b8547a343cd

Download Submit
/data/data/com.relish.messengers/databases/ApTridentEvent.db

Filesize
12KB

MD5
4ee0378a45c9c7591dbc517328746366

SHA1
87cf9073deb176171918c05755d637eee58d3feb

SHA256
f58c8bf9198121976c1c8a9c798e2f1942e0245350133fb887bdba5cd97c2c2d

SHA512
75371c0d436314d6fd2a53e27de31cf4b1590914b67e224a9812290b0a0af1b4c6d0fdd2028cd7fcc6de945687e1d7c3832dcf6f0c2b795bdcd1b7a666a29c8f

Download Submit
/data/data/com.relish.messengers/databases/ApTridentEvent.db-journal

Filesize
512B

MD5
b5d6aa56c5def6ea49507899a678dad9

SHA1
f1672f35dcb5cb036716870ece8b3cf4f7524f1a

SHA256
855ffbe62cb498c173de6108e67f75cf09f66e9f2e2ac2b27da86f6008822c8e

SHA512
92ff6e23b2181c4adadc862efd588b67d60b971b85fa3148e22fb3aaccb25840ea141a9b76e428befc79e4e0e1d4755f83ec3c29d483a2de3f4275ee72f7b971

Download Submit
/data/data/com.relish.messengers/databases/ApTridentEvent.db-journal

Filesize
8KB

MD5
10827d6066041eac0125d450ed44abca

SHA1
edd169df453ce776c68af9fd3274075fa18644b6

SHA256
257fa6f0c066dba687f3707da77a2a990a10fc934a62f1f5ac3c395bd7fdc545

SHA512
df5afcac0dd991614e6388a1ad392335d1b2f0f7a05a0d2e8d1ffcfdf421b11a0d6232017c3475d5bcfb8db2228aea3270299a4c922c94cae56673f61c79173a

Download Submit
/data/data/com.relish.messengers/databases/ApTridentEvent.db-journal

Filesize
8KB

MD5
9b56552adb8b9e1d3d38d76d7c39b47a

SHA1
b1c9fdcd8ef46d0e2f937d7020c626da0b3c9696

SHA256
8ccb23dfbb2ef586159488cc6738c7f79f843fa173d3025a2131afb1e82e051e

SHA512
73fe3ecbab865a0c7ec5b66fecfd95eee88e5d1cfa75ef824cc3cd500f772f78f6ee25cd17add821176c777d6ea26e8d93c8ff2c5813097993668d1d1bf2a2ea

Download Submit
/data/data/com.relish.messengers/databases/ApTridentEvent.db-journal

Filesize
20KB

MD5
e41168eef6ac3ff090ae2692217fa923

SHA1
7c37afa9a139970b23d1a62255b734aa6d97874a

SHA256
b2943b94a451a0caf1660c18fd7234400773cdb3b6efc77dc3c3f874f0eb09ec

SHA512
eb7bcaf855789bbe90a445826f8d4611b8115f49f4c4b52bb5b070de10a2c337f2b58135b428a54f6d984b439a5ce1589b2df8f25ddb5fae325b2eec99744a73

Download Submit
/data/data/com.relish.messengers/databases/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.relish.messengers/databases/androidx.work.workdb-journal

Filesize
512B

MD5
6726a0f2244b602aea1abd57f9addcfc

SHA1
1f320e8ce50b610670e5cdae54b23cfef7221fa5

SHA256
7648e09fbffb969d07fb36d16e73e72cfec2a3372cffe2db4213054c0e191fe7

SHA512
427aa29e1924a395efdd92c7ae099aab3acfe1e59d14e82661b90e0c5a13e11174aeb150d82b0edb5aba416d90ab4801b3f4e98b48feaa7f3065610cdd42aa39

Download Submit
/data/data/com.relish.messengers/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
0110d7625cfa200db21bd047876661ce

SHA1
7f025ef2c3da98018761e15f462a3028ed399a8c

SHA256
c8b7b7bf64edcadaa9814cb3957913ca1ff47835ffd7f5cc4905c93e55590638

SHA512
e2ddbddeb53df82fa2a33917b7b7ead95e7fd9e5e7680ed87dad9baa650ba499bd09dedb13fd390db1a347e8a6e56ef2ff3db0df2c9d59e60334751766ef6ad6

Download Submit
/data/data/com.relish.messengers/databases/androidx.work.workdb-wal

Filesize
88KB

MD5
f7be7b5a8730e783987de876e6b200c7

SHA1
c401a2a37c26b76912c6e4dfa3e6e90260d19b8e

SHA256
0851149e2403e5bcfb1817d8487ac1a1d0196539c79dded1ef0b01f2bff967b0

SHA512
a7e79309aaed96ea72fd52f6d649087b178a7d71bda0eeec4d5904d28950bdb42a2c1b42455e40cccdb4a563c1d580157ed9230cd4979fe21fc51d09929ea938

Download Submit
/data/data/com.relish.messengers/databases/bugle_db-journal

Filesize
512B

MD5
648c9998152ac6466666162d26e12557

SHA1
90bd02928e0cf6edb882329fe8c0711e8501c508

SHA256
762c4c6d6eec0e39b257ab55faca859ce14c15dc7ac3bf1088213ead666ac158

SHA512
164827d4ca44faec5574a63604f539370e1a2299032b9438b35375fe25631160b01590cf4c3328e6fd411ddf758b6697d6c400728ed2307b1df5c04c6fda1c41

Download Submit
/data/data/com.relish.messengers/databases/bugle_db-journal

Filesize
8KB

MD5
726ce3852e82a8150fff7571be94992e

SHA1
66a3f202161b484f5eb66fc181e99cc87d96a1b7

SHA256
ea3ad6d92148095d6d8a235e2e4656ed1e9c64e0066951962f5e342b1208eda7

SHA512
15c363a4f2dcda1da4d163bea5620b8a82762a73f78ada4ac58737af69e3a9bb6bd0a37e2597a812dbdff43c46991d6d30ee1a79bccf9b640f3ce6642978d6ff

Download Submit
/data/data/com.relish.messengers/databases/bugle_db-journal

Filesize
8KB

MD5
0a0c024261cc51c9732fab5a3c91208a

SHA1
1e8d001f41f4dbeab4bbbc801fc856adad9366d2

SHA256
475032461b4c65340f22e460f9866b324bbaa187a4d513c201397bd70a1ace3b

SHA512
1f3619da7eeef5d86296a377ddedc166da95e99b1a0d8297432fb98b2ec88fe2184831941dd63ffe7b5bcb950ae7f9d7a10bfcb1e5d30a8498bc7ede38727e7e

Download Submit
/data/data/com.relish.messengers/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
edb655088d1ed9f33f9d0d499b7a3ef5

SHA1
565c4f4e43179dbfc285cd6331dc8ac75a901af8

SHA256
bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9

SHA512
98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

Download Submit
/data/data/com.relish.messengers/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
5315632d54644f933095529021908a8b

SHA1
f9c12550b34f17d3f17d73c8f26b892d4b244c21

SHA256
330be556d2b19ff6eab3bdf5f0c044a1e613bf0d079f86cacce08e0a2fde4b1c

SHA512
9e0b1d5048fe220ea8ff795aa71f18745a1d2c863eaec092115a3a53d8668f922ae10da42d3d3fbcd9a48a7212e37fb7594f6a621dd46f6376a60f47f3e66752

Download Submit
/data/data/com.relish.messengers/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7247cb7dbf2f0829a5f28c355873298d

SHA1
24c151723f0da75c81e9f24909670dc23ed5bb2d

SHA256
460089f41db90d75cb94c464fe4441e13839ebd72b35714919b30389cac68091

SHA512
b147e932fd782b76b4f209363024407a94425c47b91a6c4663bb7160270d804ff83bd518d9a20ceca163ec18a486a2f49e2170a3e17902455efae950fa1a2e88

Download Submit
/data/data/com.relish.messengers/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0da9e659d0f1f1b5b5509886abf05b19

SHA1
3c4c020d3d89daee69086a7c32eb791a7dad311b

SHA256
3bb4eaf6b48c0c5adca89a5affd52a2258c11282704de9b3026f89d20c3963ce

SHA512
b1329013457456a1ad013fb42baa7d1ced4bd7ee46a32c8b19872f9743eb9a55822f1b67fc281247b07236932c3ee51472256b1f586866dd867a942c6c46d0bc

Download Submit
/data/data/com.relish.messengers/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2ba7c06008d41c4caadd5c9e47c92983

SHA1
53b16b7af20d9b8b297976c9f50f6de308ca49bc

SHA256
7817d0d650cee6ea576d795ec6ac65f6706b00e567b1a72ad87ff017109869ad

SHA512
19e28ba4cda8f4939d18e0ef9e6ef515c532e74768bce833f8a0be259360297e79222d8cbdef12ab7c6a535bbd38460c3ad02d97baebde21d08f2eb59306294f

Download Submit
/data/data/com.relish.messengers/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e7f46d52ca3bbac51430b6e0c66c9e15

SHA1
435b33cc2ae87a96786cbada03c63be85ed17c79

SHA256
506516e124a20fa33aa517982e313c82f41286ad92f4b142235e4782e6d43034

SHA512
6e302028c4d5c19f0ff8da06f290dfeb884e48f5fbb042934b5f73cc1ee1e51f6db4f51f5d9507c695321304ae45d3dbf4abcc550c19cf22974c366085ecb38b

Download Submit
/data/data/com.relish.messengers/files/.com.google.firebase.crashlytics/report-persistence/sessions/658409FB001D000110B851F67D8E407B/report

Filesize
744B

MD5
142eaa96488a9b93ac53f1735e437661

SHA1
daf6150085a43e7c7242455f37dc148e8570d67d

SHA256
ee9322432032bd47e60f918f3e3ff8384e264738bfafc151aff1b464cfef3058

SHA512
1ddeeab65547fd828b88b6faa327500c5a432ab05284ef5372e4101c38bf87b7ee39ce3a792ef2dca51e4af9f3a8a00ff18be6ad1c86b39311ab97d4adda347e

Download Submit
/data/data/com.relish.messengers/files/PersistedInstallation4609407150221861895tmp

Filesize
114B

MD5
21647c4fdf2d1bdc5458b750891c87de

SHA1
972b471c0714b541bb49a6a607c9596c254149a0

SHA256
1d32d2a2c2dcb62912807cb9b45f345eff9df695524dbcf336cb82912010758a

SHA512
d9b95e8c35b6a5825f12b2c909427f9fee453828a7256b72db6a6b90416b5aadf67e41a1d230341dc08f0e7499356aeeea9182edc7b2dac2a3bbd6bb9693ddc7

Download Submit
/data/data/com.relish.messengers/files/PersistedInstallation6953627312178667615tmp

Filesize
90B

MD5
11bb8383078371901b13bfdc537b4bfe

SHA1
5b4f7808b247f979b67f715f85c216d1587c3bf0

SHA256
537966b5421a2dd09d3d90d7f7d1c45ef26081e536cfaa655685581968ae5f87

SHA512
95a299402620399d66710c44ff814f8136bc14486e65bbb3c6e6ec0108c5819f4d1aa72f325e9ec94270da804f6790d886e7248ae0c7c8591bb18df4b88e1a95

Download Submit
/data/data/com.relish.messengers/files/frc_1:713791013825:android:1a6a09dd3ff875aff62540_firebase_defaults.json

Filesize
305B

MD5
fa6d4ea9db5195c104c0c00bd17728e2

SHA1
a370c0f5c0df3826ede11f4cb7ce552570ab23cd

SHA256
0dc861077e430c67a525526391ba74fe68ebb0e63aac2971da176abf9f228473

SHA512
44a5a9d2f77246e01b9ae076af8b5df1753cd37f5e527dbf54c23ed9477c5ea238745b9154c1f6a4a7c5b3f3af3d1422a2745b9d35f6db881c71d81dbbcf2904

Download Submit
/data/data/com.relish.messengers/files/theme/coolgraffiti/list_wallpaper

Filesize
1024B

MD5
65dbc67b577e620d3ebe6409ab77a9f6

SHA1
5a6868fe7165f75558ccc79acb3b2c7f4ffc3ed0

SHA256
477dc8b2c7b2dcfc8a3069038f02d3442bec6bb46c19dcb77c6c525ca3f7af5c

SHA512
4bafb678440dba92645e2098695f8bf9ced393c5b053d8c4adcf37b25f49de4624a355f41d73fc992c5b7c95f10b2163721dac3308d4836e99c55201e9bb210e

Download Submit
/data/data/com.relish.messengers/files/theme/cutegraffiti/list_wallpaper

Filesize
1024B

MD5
ac561dbd7293adcd3a7d4187e328d7e9

SHA1
28ec4c49753d1791cd69f067094368893dcac8d6

SHA256
b9f1812a97957f7eccf736825baac293246449ed6fda963b6611a9670eb0cdd7

SHA512
47df58208c1423c623a9653599341a26ed0dd96a6ebc0c2926f366f06cbac2258ab32004801d0c1ff6902cb019f566c476e35b8919eab27ebbb04bfbe676b98d

Download Submit
/data/data/com.relish.messengers/files/theme/diamond/list_wallpaper

Filesize
30KB

MD5
2fff8242143ab150a028b4373b2f2594

SHA1
84d4fb08f47847c7b8de0eff1cf0501278cf5860

SHA256
670d79094ce2f61c4247d4d7ff2607b9c42556924c8449cacd21a004bf0d24b0

SHA512
f3ae16b8fc9346fc08e76c4d5c72da87c09213ebd56f6893e1052f706eb93ac3b2b2f1d73875024e9b5818f304e57b50ff6e1888cf0b85b64d45ceb89c6702f7

Download Submit
/data/data/com.relish.messengers/files/theme/diamond/wallpaper

Filesize
1024B

MD5
36356780f73ea2d991ec8dff6f646ee4

SHA1
1d170d6b3aba988f42cd78afcbab018638ba2f45

SHA256
c4ad21877008b392846970f70dd7d1519130544cff83174b28b55d636f31da28

SHA512
c3c575f9e6bc3b552d1c446f7c6d61ec0d0bc28fd353027bed5f5b9586d5380d3eb42e8ce1cd41ab56a0e68bd19d152e529df71ab1c87262cfd62d38655ccf5f

Download Submit
/data/data/com.relish.messengers/files/theme/raindrop/list_wallpaper

Filesize
15KB

MD5
8b3c653baee72ac556d6165ebe83f95d

SHA1
7725fd6d1cfaa81038ab5f7d989afe537a96648b

SHA256
6387a038b50b8fb36e871d0ceb1b878572fd945e8129578a6b710b40f984360e

SHA512
3136b9eebcf0d2a2a46c597677ae92a64eb4e1fbbf596095b0096216b2b852e07a24e9b13b470a99b934b82d10220ab64baddfb5a4ba1564ac83737452084622

Download Submit
/data/data/com.relish.messengers/files/theme/unicorn/wallpaper

Filesize
14KB

MD5
e12fa0c9d1ad80bb15e71dd9af3c04b0

SHA1
315362e5b0b8f3a1db1a46def3893f09d716a53f

SHA256
cdadb2c26e370a43639fc3c17d9d1d67d6c1adcfeec9e7b9bd3620d03e838e72

SHA512
d911370917d58e9dc93622f49a548ec84a51d131de00297b349365e9e812264b2633134057e1d6a4f0eb29c4997e4d48b1574221b42cea3c7345903b0b2e8be1

Download Submit
/data/data/com.relish.messengers/files/theme/unicorn/wallpaper

Filesize
1024B

MD5
b9c7e831eee7e0ed7b925c338189d5cd

SHA1
9c46a383491c5a8b0846f515bb1070d008c649ea

SHA256
9aeb65a53bfeb491714a971c3fae2306cc271979fd12d318553e8aa48cac769c

SHA512
2d4b62279d3d5dc7f4b8d6c34e4da14688f1e38743a4425883e8f75233d77c32fb9038ed354616d9c3a043f32a252a5185a7d3a3011806b2f64f1bb77c246b3c

Download Submit
/data/user/0/com.relish.messengers/cache/fsrm4737253324763355783.tmp

Filesize
5KB

MD5
eb071969c8928f61936218406db3c818

SHA1
8665dbcf8c2beff438a634c6212b52da86a812c1

SHA256
99b873f50d9b9cacbab8e8b97d84580983ead54df41ec7e8f2497a426c649b31

SHA512
0b5266dffd8508739bc2a182de80db4ba032ea4ef0aa443062193f11bd66957f2f6efc13c7c159dd008f72f16252facd1dbea1c7dd71cb2e17cdd89e04bd6567

Download Submit
/data/user/0/com.relish.messengers/files/Yang

Filesize
59KB

MD5
6039552d12f80cadba4f5380d2a6956e

SHA1
f1d5e6526673b121b78f33dae74ce03e5c9ae75a

SHA256
64968aff752918e06ef849e623c6fc601cff69b28a5499891408a58f421b5e27

SHA512
55a7d9a0a421596ab16e66d0c490a224903954e7721bb28a43658f5e64695411021c0155a3ccbe11539ee24f02b0d1f72e1f42e1c7396a9f2ff9ed1da92c6d3c

Download Submit