joker | 8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04

Analysis

max time kernel
2364804s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20-12-2023 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04.apk
Size

5.8MB
MD5

629235956ac03aab63cb90565edd8a80
SHA1

9a081a7788136264decad354f2e2f645a4316e77
SHA256

8707a1b82f12d76a34d3260b86c0a8f30d6558fe728525c7021ccf9f007b1a04
SHA512

04e7539ec1819e2114cb5c208a3fe3caaee9cc4d6f5532e9a49b72894cbc72edd9938f2bc28d86e82affb01dd3eb804c73e0c2d05008233cd9a07361c98c5fad
SSDEEP

98304:4qMwrdXx8Yf1lF6WROXbInGds8DikIlSBLk7ak3ElJV/WtbmV:4qMwRB8YJ6WRO3s8hIlSBLWEFuIV

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://joyjo.oss-us-east-1.aliyuncs.com/timestampcam

https://canbye.oss-accelerate.aliyuncs.com/canbye

https://canbye.oss-accelerate.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.fo2fo.timestampcam/files/vKVS	4583	com.fo2fo.timestampcam
/data/user/0/com.fo2fo.timestampcam/files/describedescribedescribedescribe	4583	com.fo2fo.timestampcam
/data/user/0/com.fo2fo.timestampcam/cache/1588462714860.jar	4583	com.fo2fo.timestampcam
/data/user/0/com.fo2fo.timestampcam/files/Yang	4583	com.fo2fo.timestampcam

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.fo2fo.timestampcam

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fo2fo.timestampcam

com.fo2fo.timestampcam
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4583

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fo2fo.timestampcam/cache/1588462714860.jar

Filesize
9KB

MD5
86066e62936fea939b14bdc2a636ff1c

SHA1
c0faa2f4c6f206b92bd611323c8f81b02dc8f16c

SHA256
e4270ee2c7c624bde9dacf923066032fd734e12cd70c8c70c949aee553896ef2

SHA512
1c0dee21b55c6ee6d4cbfe8c7c13f03bd39fbe26c329e77b87d0b13505e91242f93d1dd541f08c66bb701c591ad75c3d0b5ca846a2498b1a28e38a365875ecaf

Download Submit
/data/data/com.fo2fo.timestampcam/cache/mt-download-883057/0.part

Filesize
3KB

MD5
298b116ace4d5a14b2e3b1890fb99216

SHA1
d3d51c45b33bcbe93fca0f1097e3298da141544d

SHA256
0823e009b7b81264ac7bec755c32ec1202ee75b98c5db4c42994a385508412cc

SHA512
470ff8228db0e66efe03af13e3d2007a98c3041270e35e91200c20372ffa82fae46d0cfc06e392003d3fca2e382514bbaec58b7499ae2d1718b23ab4f8f5924b

Download Submit
/data/data/com.fo2fo.timestampcam/cache/tt_tmpl_pkg/template/4cb16488fead4b8e1d41496c91c11495.tmp

Filesize
385KB

MD5
d61d17ee3b57ef5f6e3d214993d6441c

SHA1
b92cc64b117647c4b367e98fb4cd18f36216da68

SHA256
7b02d6b12876756fd3209a6dd546ef424481135673eb10605f5c053171486472

SHA512
64d01e5c597326eb9bed5db0187ae3a928d9e270c4fb96f19028bb20c15540338de9bc62822140fe0c95f9ad6f3ec11d0e60d831d410742000148fa750f2b65c

Download Submit
/data/data/com.fo2fo.timestampcam/cache/tt_tmpl_pkg/template/9d4696113b198f2cf3a9cc77af61f762.tmp

Filesize
660KB

MD5
e3d3cabda93fb560dcdaeaf267c7d58c

SHA1
63b9bab4941ed7a8cc06f4b84992fbc7bfe77d92

SHA256
bc4e1ca7fd858d78e2934558f5ffbbb708ac4d65383cce8d25741ec1c67a36fc

SHA512
ce7b5fd5a1b382b13a6191e68d0120792019413e23df4c45f6c024c19cc6c33d47f5e04ff3f317784eed23433c40e94204684e824d2a8397a347c492d7987242

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db

Filesize
12KB

MD5
f41f531c07d4141546a531ff9caffdcd

SHA1
9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

SHA256
bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

SHA512
e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
512B

MD5
4c621e7c61c7f69140cb330b387bf9b7

SHA1
31ec7c0b7e9b36e8f434f67c9f212dc7b403922a

SHA256
c2f6a212796e482a661a628630b2724adbbbef6b4b288ac445442ba36c780088

SHA512
6c346876f3af1db5a882c2b705053c8ec2ce5027cd84d4ac03b97533839a64bb26ab0b64862385a6835933967182cfc668ba194ac482dd091f512ff719302873

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
8KB

MD5
79716c20c0ec94df9d92f9e4126df9ac

SHA1
e2ad70ce0be770a2f70c6356b752d664b3503cac

SHA256
a97b9635fc7f0d708820cefd8e1ccdcf776ebc82b88fe3f6f9a9471db15160d1

SHA512
e0bbcf54ff7e14071f78ff8170feea506b123e5254ef9f95a3f7d829770536eb6b6fd787ba44e85a1cc590a6776a5e763d7be483c998777e7af7c0fe2b0a12c8

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
8KB

MD5
ee30524e9c380437d13d0aee8ef75fda

SHA1
a5c54460e43df6f722dbcc4de6956ea213431119

SHA256
2db0d85d6479aedd4f4bf6cfcf441a383774a8005dae31284d4beee144f3915f

SHA512
019e58d370c867aeb9c3edca4635acf0181be47ea76a5b222cd2f9685d01c44998eb2e3c84232179aa5b34690441d2a008c9141bef07513cb5309c2ffbb8fb25

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
16KB

MD5
0d5c12ba1978dea5858b1deb814bca9e

SHA1
9b43843b1417290c96e51484125fda725ba3e803

SHA256
cfae41d75f7d3189a5145046e49af344ca793366e14df6c0029d490379a412cd

SHA512
9b8f375829058cebf7def7a694ceb1ea3ea05424912610845493a1ff639e7a71d902d1e77c3d059d691b8775bc0ebba8d227d00e6ba718088802e2510830d601

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
16KB

MD5
c044c69b11efb51178599af43970a65b

SHA1
dd861332993473d23396f0333539e95e55880169

SHA256
74f271ca2598c5f2db2c40d5aacea9af103752d13351ca34aabbd335e8038cef

SHA512
75b3d4b16f1e95164231dfef7d4a4b3ee6fc4f1a1f5bdfc60d267df420a9f91b7f49560d70f6adbc489b65336e57056fec630caaccc10f7c7cee7cc24b9a85d3

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
12KB

MD5
28399a2982b47da7937a1e1c64f2158c

SHA1
d36fafcbccff118901d8532fd98a50cf886a8b2f

SHA256
4931c7d7714d59408e8905222bc3b801d39145f3fec2f486915ad4efdf8e98a5

SHA512
ab16fb45d595669019a14ea6d61993ef759fd8decb1d7825961c53a9d57a5a1a786b7a4682fcdaefcbf47e13097f5233682ddfa26ab416daf03850b5cc02a15e

Download Submit
/data/data/com.fo2fo.timestampcam/files/Yang

Filesize
25KB

MD5
7c3848adea0f96e350af53da0b7630d6

SHA1
ddae4ae390f480797a09979312e3f88d9a3daa50

SHA256
2da5ad942435714f52204d6955f7ae941d959dc275df75acd6aa15bfe81e653b

SHA512
53ce645b9ce664bfc41ee7b7024994e347873a35d0e3dbae581eec1c677c9f13d51c7ad8d88b7d2189bfa1e1962c8ba5fdf7b14ccf0eca2c24dad67800353067

Download Submit
/data/data/com.fo2fo.timestampcam/files/describedescribedescribedescribe

Filesize
5KB

MD5
5ba9822e9e7da2c7b80b032eeb5d5c5c

SHA1
1e18c4f20030d496c9153ba63f0ea10849f0a488

SHA256
505a4aa0703841632471cbfb7a2d8fb2d1708f2f1156ee144c0711995fed0f3b

SHA512
d3e0f941bff8ddbd7376b20de792eb311a1c83e87ab48aee3962170faf785434b8219ddade392e6c19cbf09f819f649cc1e92dee5d08826008a6e429e11a4537

Download Submit
/data/user/0/com.fo2fo.timestampcam/cache/1588462714860.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/com.fo2fo.timestampcam/files/Yang

Filesize
61KB

MD5
9066e9adbb920d5af43be2e0cefc4730

SHA1
a9613dd4a1023111b82be3b0b4cc66893de9650c

SHA256
dcc95c4e9c442b844fd68543d29cbc0da5581f615d63f4dc078280a9c82e4c96

SHA512
f89243d88c97834e16131e435a46ed4dcff7f3a4f32f6a95a921f7dd4b0b8c596294713032d157fed2f38cec159f20d4d0049c281ba52100bc166476354af13b

Download Submit
/data/user/0/com.fo2fo.timestampcam/files/describedescribedescribedescribe

Filesize
9KB

MD5
28d1636567236f852092f42e35e36ebd

SHA1
e94b782c6ca27ddeb01760847507f53041ebf494

SHA256
919ab7a9edfc242000493c54a2ac553be3aa2711b728f09dd74159b17cdf2a22

SHA512
487f9f2b7ce8a0d990484b0f00fca56dcbdcb810e44d4d48cb710b8f54cc79be07537ec909ed5d5e0fc100c5660f9fe4a2cb5e2f84c9ca513b97c516506cadde

Download Submit
/data/user/0/com.fo2fo.timestampcam/files/vKVS

Filesize
5KB

MD5
6b3a9e4c0ed3c3231e3d40181d6e0c02

SHA1
ea2313adb79e2f6c8bece04a63945904eeefc0d0

SHA256
22341dae4f97121a4d197d91c71415865477ff80b2a1cdbc9a1f273e17aef9fa

SHA512
1f39e33ad873efdbed4f81424449735a105dd1f564fcb5d6c2292500476e8801c8386b109debf2f40c9b73cb3151320ed64cec021782271a96a3b50c3bd5c489

Download Submit