joker | 8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04 | Triage

Sharing

General

Target

8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04
Size

5.8MB
Sample

231220-f1q9dagef8
MD5

629235956ac03aab63cb90565edd8a80
SHA1

9a081a7788136264decad354f2e2f645a4316e77
SHA256

8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04
SHA512

04e7539ec1819e2114cb5c208a3fe3caaee9cc4d6f5532e9a49b72894cbc72edd9938f2bc28d86e82affb01dd3eb804c73e0c2d05008233cd9a07361c98c5fad
SSDEEP

98304:4qMwrdXx8Yf1lF6WROXbInGds8DikIlSBLk7ak3ElJV/WtbmV:4qMwRB8YJ6WRO3s8hIlSBLWEFuIV

Score

10^/10

joker android evasion infostealer trojan

Malware Config

Extracted

Family

joker

C2

https://joyjo.oss-us-east-1.aliyuncs.com/timestampcam

https://canbye.oss-accelerate.aliyuncs.com/canbye

https://canbye.oss-accelerate.aliyuncs.com/fbhx

Targets

- Target
  
  8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04
- Size
  
  5.8MB
- MD5
  
  629235956ac03aab63cb90565edd8a80
- SHA1
  
  9a081a7788136264decad354f2e2f645a4316e77
- SHA256
  
  8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04
- SHA512
  
  04e7539ec1819e2114cb5c208a3fe3caaee9cc4d6f5532e9a49b72894cbc72edd9938f2bc28d86e82affb01dd3eb804c73e0c2d05008233cd9a07361c98c5fad
- SSDEEP
  
  98304:4qMwrdXx8Yf1lF6WROXbInGds8DikIlSBLk7ak3ElJV/WtbmV:4qMwRB8YJ6WRO3s8hIlSBLWEFuIV
Score

10^/10

joker evasion infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

jokerevasioninfostealertrojan

behavioral2

jokerevasioninfostealertrojan

behavioral3

jokerevasioninfostealertrojan