joker | 8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04

Analysis

max time kernel
2364803s
max time network
161s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
20-12-2023 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04.apk
Size

5.8MB
MD5

629235956ac03aab63cb90565edd8a80
SHA1

9a081a7788136264decad354f2e2f645a4316e77
SHA256

8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04
SHA512

04e7539ec1819e2114cb5c208a3fe3caaee9cc4d6f5532e9a49b72894cbc72edd9938f2bc28d86e82affb01dd3eb804c73e0c2d05008233cd9a07361c98c5fad
SSDEEP

98304:4qMwrdXx8Yf1lF6WROXbInGds8DikIlSBLk7ak3ElJV/WtbmV:4qMwRB8YJ6WRO3s8hIlSBLWEFuIV

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://joyjo.oss-us-east-1.aliyuncs.com/timestampcam

https://canbye.oss-accelerate.aliyuncs.com/canbye

https://canbye.oss-accelerate.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.fo2fo.timestampcam/files/vKVS	5079	com.fo2fo.timestampcam
/data/user/0/com.fo2fo.timestampcam/files/describedescribedescribedescribe	5079	com.fo2fo.timestampcam
/data/user/0/com.fo2fo.timestampcam/cache/1588462714860.jar	5079	com.fo2fo.timestampcam
/data/user/0/com.fo2fo.timestampcam/files/Yang	5079	com.fo2fo.timestampcam

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.fo2fo.timestampcam

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fo2fo.timestampcam

com.fo2fo.timestampcam
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5079

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fo2fo.timestampcam/cache/1588462714860.jar

Filesize
9KB

MD5
86066e62936fea939b14bdc2a636ff1c

SHA1
c0faa2f4c6f206b92bd611323c8f81b02dc8f16c

SHA256
e4270ee2c7c624bde9dacf923066032fd734e12cd70c8c70c949aee553896ef2

SHA512
1c0dee21b55c6ee6d4cbfe8c7c13f03bd39fbe26c329e77b87d0b13505e91242f93d1dd541f08c66bb701c591ad75c3d0b5ca846a2498b1a28e38a365875ecaf

Download Submit
/data/data/com.fo2fo.timestampcam/cache/mt-download-936089/0.part

Filesize
3KB

MD5
298b116ace4d5a14b2e3b1890fb99216

SHA1
d3d51c45b33bcbe93fca0f1097e3298da141544d

SHA256
0823e009b7b81264ac7bec755c32ec1202ee75b98c5db4c42994a385508412cc

SHA512
470ff8228db0e66efe03af13e3d2007a98c3041270e35e91200c20372ffa82fae46d0cfc06e392003d3fca2e382514bbaec58b7499ae2d1718b23ab4f8f5924b

Download Submit
/data/data/com.fo2fo.timestampcam/cache/oat/1588462714860.jar.cur.prof

Filesize
152B

MD5
8e5f0b7df39bd213cfe061f8ea92fb45

SHA1
d994bb6acc62753f4c9f46931a15ad67306669f1

SHA256
5e962434ccfe78150c4cf6c31a1404a2d1b45614b630b6436ecfa327dc08265f

SHA512
39af48a6b30a4ee2f38b3bcdde4f68d1365c3cb1f2f6cd45fce05285b45d68808dc5c7fc4608ba53677478b687b72bafacb25794b0db26dd4b909095c0fa5219

Download Submit
/data/data/com.fo2fo.timestampcam/cache/tt_tmpl_pkg/template/4cb16488fead4b8e1d41496c91c11495.tmp

Filesize
32KB

MD5
0bb5c27ee78bec3e751207181eb009f9

SHA1
0b4f2f3c7c0cd20d441343c51026a0791af33495

SHA256
c1b3b17a10d93da563e4af5c00d8aa8c755e472bd2ce302089b6024a8c54c1be

SHA512
35beca2368b95dc4306c177452b05ef0acc20c0462bb371ec4713e9a4b3ea16af6ccc0d5479e1bc26630c7d64d3136279a2299af403ea76e556dac27a521ef7e

Download Submit
/data/data/com.fo2fo.timestampcam/cache/tt_tmpl_pkg/template/9d4696113b198f2cf3a9cc77af61f762.tmp

Filesize
103KB

MD5
fe271a2ea22c7a6335e0817664912a16

SHA1
6e72111f6c3fb4112f71d226e3c5c306833f325b

SHA256
fb59e7779c27a0a3a716acec1bb372a573ef3c719d1b256068d279016fb88660

SHA512
6363fd7d2bb145c46871614653f91b2999d31a0728284d032e882cf286e19ff69f7f607c8be57d994bff3a9fcc392dd4da1a958d1dbdc38eef9f04e801b0b329

Download Submit
/data/data/com.fo2fo.timestampcam/cache/tt_tmpl_pkg/template/temp_pkg_info.json.tmp

Filesize
731B

MD5
9af3190e719c756db88cc24bac13d102

SHA1
c993c6950f35c401d528dc95461ee53f2ed76aa7

SHA256
0ca309d87f4593ec449eef4de90a4c35888c1bb299d0d8efe1955c8f77dadc07

SHA512
e2f6974317d18f8d57d64d9245f9da21ab29d3e8e788ce79efbdb5201248ec023e3512076d4e02252a8dc8836a6cbd302b2b9c3b0d32e0e3b5ce4d559b0d4b12

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db

Filesize
12KB

MD5
163b0e3f017becbc89b9d7f330b78f09

SHA1
1ef9cd8ac8655190468d0ccece0a4738634ab0f9

SHA256
cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

SHA512
6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
512B

MD5
0d098d9a8aec8a6ce1e31ee4a6c05da9

SHA1
5172d2b8b488b2521a0750117481310691a5c427

SHA256
83e671a94d693e1f1dd612828cbaac4aac22576ae3e0499e1880f036f27caeb3

SHA512
2fca1e58631477f47ab07b0408e116956cac98026b4b78205e5d6afb4d96964fbb08690b80b6e6d59ced89fea9427b590ea217b933f7a08857ebfe91dd0c02d6

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
8KB

MD5
7f96d45818f252a8951abff29376b5b6

SHA1
5a443d1e51cb3c0eea08621223b182fb02bcb815

SHA256
8d7a9ff44735b71a301cb744841fd7205bcbe231c3f09867cfecedf0a3a21704

SHA512
ad16b6b7b0e6ce3b40a9dffe63c25b6f714e51825e88b3bb4cc12d9d015edb57b2685c5c2fda6d5102682aa1b20c8c69ba2d4289240b12743ebb89ad12b2715e

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
8KB

MD5
c9dfc58a030a5cda181b2658eb6dce79

SHA1
7a0bc40c57bfc0395cb1e92147978db11bd45cd6

SHA256
67e4b848c6b53cdef6635744c3ccfba082e0bfb5c5730f102341e7bfefdb8699

SHA512
2796162c9383565a8e199345f6e34afe954c62d22758a59dd65f1c15a0ac294ccd3130387d1b75cf81e3aee16a9015a9ae2df6c87f5597a73f65625c8512c257

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
16KB

MD5
3a3be72bd9c7624c2a96feccbf7ad503

SHA1
8b4479e53adfe9eeb013f471acb830fefe1253e6

SHA256
6838c3b3de2b3842e3c9675e6829041542c1d93164acfaea9358d50f2c398d21

SHA512
2c41645e159fefe30f53a133d69e440b278ad5b99437444998ddc5a1ce54f0ddab7af3c347885d6919331bd648027a6575c936b3532383955c5cc9f4f3cb3439

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
16KB

MD5
ff4182b8949cd3e3c7c8293825148cf1

SHA1
a1acc39ac1f03c5dfcfa297443a6e2e393035618

SHA256
3ce54d4fa7d2ffb6007be59806bc560d1b36225b791f18912b957c892e61cd24

SHA512
0d7aaf68b63922e519e15a1d1e3121cf5a0d8d2f51af5c862882eea1075bde67c805ad37e66b0b7e34e927ee96b9420aba73185719d0c66eaf6143d72f46383a

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
12KB

MD5
fe2e0e455b930d57a570d74aba9d5d23

SHA1
8eeb8366a58df8fb90f8aea6a89df946b4a32ac3

SHA256
d6aac17671312eb0a74acf03624c6e53f72822727c3746693b0680c833263e46

SHA512
ca0827cea316635753e220e8faf488c854dfce047894f34e4a28fae1379035dbed173365ec5dc54f109082b40edf89899cb2a7516780805139f4b0d5e3cf08a4

Download Submit
/data/data/com.fo2fo.timestampcam/files/Yang

Filesize
25KB

MD5
7c3848adea0f96e350af53da0b7630d6

SHA1
ddae4ae390f480797a09979312e3f88d9a3daa50

SHA256
2da5ad942435714f52204d6955f7ae941d959dc275df75acd6aa15bfe81e653b

SHA512
53ce645b9ce664bfc41ee7b7024994e347873a35d0e3dbae581eec1c677c9f13d51c7ad8d88b7d2189bfa1e1962c8ba5fdf7b14ccf0eca2c24dad67800353067

Download Submit
/data/data/com.fo2fo.timestampcam/files/describedescribedescribedescribe

Filesize
5KB

MD5
5ba9822e9e7da2c7b80b032eeb5d5c5c

SHA1
1e18c4f20030d496c9153ba63f0ea10849f0a488

SHA256
505a4aa0703841632471cbfb7a2d8fb2d1708f2f1156ee144c0711995fed0f3b

SHA512
d3e0f941bff8ddbd7376b20de792eb311a1c83e87ab48aee3962170faf785434b8219ddade392e6c19cbf09f819f649cc1e92dee5d08826008a6e429e11a4537

Download Submit
/data/data/com.fo2fo.timestampcam/files/oat/Yang.cur.prof

Filesize
98B

MD5
d5d04b7fcd95eae58e02c07e144c48d1

SHA1
4e991b87def145ef25a813777a2e2ffcf29ce44f

SHA256
4cb0937b3ce3997f41578c58e0c6cfb15a70082295c326564d5a2810224989a8

SHA512
99a108b474cf654f57529cb2c9f53e58b12020ce93ee65ed9036905c668af78ef0e6eee259d484047986c9a1031dfa8236f1149ae58ade8d5e8187d4f0d96bfe

Download Submit
/data/data/com.fo2fo.timestampcam/files/oat/describedescribedescribedescribe.cur.prof

Filesize
88B

MD5
bd629f5e05c917351a6a2e1deb81547d

SHA1
fb55c004be8e5eddab6a692f6256842ae5721c59

SHA256
5315d6607867e7538878214bda707b2d88489fb502fe5d8e75247f8058dbaacf

SHA512
73c54372cd22270614bab53d26dc733896fdb11aef7949f635078b7e69de077d97a1d6c06bea1828f896d4d038f196d0db5a2d242657821e7e79ec20cad591d9

Download Submit
/data/user/0/com.fo2fo.timestampcam/cache/1588462714860.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/com.fo2fo.timestampcam/files/Yang

Filesize
61KB

MD5
9066e9adbb920d5af43be2e0cefc4730

SHA1
a9613dd4a1023111b82be3b0b4cc66893de9650c

SHA256
dcc95c4e9c442b844fd68543d29cbc0da5581f615d63f4dc078280a9c82e4c96

SHA512
f89243d88c97834e16131e435a46ed4dcff7f3a4f32f6a95a921f7dd4b0b8c596294713032d157fed2f38cec159f20d4d0049c281ba52100bc166476354af13b

Download Submit
/data/user/0/com.fo2fo.timestampcam/files/describedescribedescribedescribe

Filesize
9KB

MD5
28d1636567236f852092f42e35e36ebd

SHA1
e94b782c6ca27ddeb01760847507f53041ebf494

SHA256
919ab7a9edfc242000493c54a2ac553be3aa2711b728f09dd74159b17cdf2a22

SHA512
487f9f2b7ce8a0d990484b0f00fca56dcbdcb810e44d4d48cb710b8f54cc79be07537ec909ed5d5e0fc100c5660f9fe4a2cb5e2f84c9ca513b97c516506cadde

Download Submit
/data/user/0/com.fo2fo.timestampcam/files/vKVS

Filesize
5KB

MD5
6b3a9e4c0ed3c3231e3d40181d6e0c02

SHA1
ea2313adb79e2f6c8bece04a63945904eeefc0d0

SHA256
22341dae4f97121a4d197d91c71415865477ff80b2a1cdbc9a1f273e17aef9fa

SHA512
1f39e33ad873efdbed4f81424449735a105dd1f564fcb5d6c2292500476e8801c8386b109debf2f40c9b73cb3151320ed64cec021782271a96a3b50c3bd5c489

Download Submit