joker | 869c12efbd277144b37b161d76089b0264b6d8f9b7397e5a0757848e2a74e0d1

Analysis

max time kernel
2363240s
max time network
146s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20-12-2023 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

869c12efbd277144b37b161d76089b0264b6d8f9b7397e5a0757848e2a74e0d1.apk
Size

6.5MB
MD5

c585f9d1cf27bde20749b9b5c854f572
SHA1

b83a3f3bce2cf444058e8493c8eb25394ca5ad46
SHA256

869c12efbd277144b37b161d76089b0264b6d8f9b7397e5a0757848e2a74e0d1
SHA512

1208bbeba9971696059ba52985ac1ce7e04b0e1cbef337ee21080d7dbeada7c40d22b01374c326d9e2e0f1abfcc5a2471ad899455b88646525886f73ffd3451c
SSDEEP

98304:KqMwrdXx8Yf1lF6WROXbInGds8DikIlSBLk7ak3ElvwV/Wt6e22:KqMwRB8YJ6WRO3s8hIlSBLWEJUu122

Score

10^/10

joker evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://joyjo.oss-us-east-1.aliyuncs.com/timestampcam

https://canbye.oss-accelerate.aliyuncs.com/canbye

https://canbye.oss-accelerate.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.fo2fo.timestampcam/files/vKVS	4628	com.fo2fo.timestampcam
/data/user/0/com.fo2fo.timestampcam/files/describedescribedescribedescribe	4628	com.fo2fo.timestampcam
/data/user/0/com.fo2fo.timestampcam/cache/1588462714860.jar	4628	com.fo2fo.timestampcam
/data/user/0/com.fo2fo.timestampcam/files/Yang	4628	com.fo2fo.timestampcam

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.fo2fo.timestampcam

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fo2fo.timestampcam

com.fo2fo.timestampcam
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fo2fo.timestampcam/cache/1588462714860.jar

Filesize
9KB

MD5
86066e62936fea939b14bdc2a636ff1c

SHA1
c0faa2f4c6f206b92bd611323c8f81b02dc8f16c

SHA256
e4270ee2c7c624bde9dacf923066032fd734e12cd70c8c70c949aee553896ef2

SHA512
1c0dee21b55c6ee6d4cbfe8c7c13f03bd39fbe26c329e77b87d0b13505e91242f93d1dd541f08c66bb701c591ad75c3d0b5ca846a2498b1a28e38a365875ecaf

Download Submit
/data/data/com.fo2fo.timestampcam/cache/mt-download-3936/0.part

Filesize
3KB

MD5
298b116ace4d5a14b2e3b1890fb99216

SHA1
d3d51c45b33bcbe93fca0f1097e3298da141544d

SHA256
0823e009b7b81264ac7bec755c32ec1202ee75b98c5db4c42994a385508412cc

SHA512
470ff8228db0e66efe03af13e3d2007a98c3041270e35e91200c20372ffa82fae46d0cfc06e392003d3fca2e382514bbaec58b7499ae2d1718b23ab4f8f5924b

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db

Filesize
12KB

MD5
f41f531c07d4141546a531ff9caffdcd

SHA1
9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

SHA256
bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

SHA512
e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
512B

MD5
cf91247e1364dc7e27c9853b0fec96aa

SHA1
ed59776f8a1e7d26291a9fc9988aa96f5e482d10

SHA256
90338a77b274145a0326aca5ce8991b0128294f4b8dcee7bf46fe4209a8a3b1a

SHA512
94bf1e6e796b329dea578b4f082c6bbb9cd139fbcd51f60101fb6a90f3dd4bdfd1462a2a7c66a6d7aaec3491402aa1db33b3d23a0288602c4c79a90b71106856

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
8KB

MD5
6d67b92dc077c590a0d15d0860289700

SHA1
9f94d25e4318526b31a4085008e26c562f147fe1

SHA256
0d1b2e99e4c267b81d552de3b6093d8244f76b99b6790339f819c2a347b6d031

SHA512
54be51f9dccee3ed21aa2ea8955e239123201ede2b4c4803a397fd3d99ace559d940b79b226753b4ce99e467c28098211d69f78cba8d89a076cdb7a0aed78cf4

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
8KB

MD5
bb2e3b0de3c54e966fbfeff9bf7b413e

SHA1
26ff00380c4b75b65ca7b63659119e6614011ee5

SHA256
4e96ed06dbf6b14f0a1aa5b914070b817d5c55a37df43844fc32e6856241adb9

SHA512
1929180914b26b6ab0a26ef6ed04cabf82053a8a45e0b6bba6a1fffc6c44834bf2dc60ad2bdf39f9d52b5cc82d02d2c388ccdfe236b8147a82c1568ce72e8068

Download Submit
/data/data/com.fo2fo.timestampcam/databases/ttopensdk.db-journal

Filesize
16KB

MD5
cda1956a59a8b9d821dbc16b36d56b55

SHA1
ff20543599865e7acc48058a1f851a38aa487000

SHA256
b903b2d90887ee290dfc70e049b8e25c9900005029981e520767143d3ab88d1d

SHA512
53809946759d3492d1910eef54e8e0312476b4975a0d0fc6961d952b7c68499f902cdb02e0482bc61ef51a7ca36d921fe66d7345871f095e477ffe4c163f49c0

Download Submit
/data/data/com.fo2fo.timestampcam/files/Yang

Filesize
25KB

MD5
7c3848adea0f96e350af53da0b7630d6

SHA1
ddae4ae390f480797a09979312e3f88d9a3daa50

SHA256
2da5ad942435714f52204d6955f7ae941d959dc275df75acd6aa15bfe81e653b

SHA512
53ce645b9ce664bfc41ee7b7024994e347873a35d0e3dbae581eec1c677c9f13d51c7ad8d88b7d2189bfa1e1962c8ba5fdf7b14ccf0eca2c24dad67800353067

Download Submit
/data/data/com.fo2fo.timestampcam/files/describedescribedescribedescribe

Filesize
5KB

MD5
5ba9822e9e7da2c7b80b032eeb5d5c5c

SHA1
1e18c4f20030d496c9153ba63f0ea10849f0a488

SHA256
505a4aa0703841632471cbfb7a2d8fb2d1708f2f1156ee144c0711995fed0f3b

SHA512
d3e0f941bff8ddbd7376b20de792eb311a1c83e87ab48aee3962170faf785434b8219ddade392e6c19cbf09f819f649cc1e92dee5d08826008a6e429e11a4537

Download Submit
/data/user/0/com.fo2fo.timestampcam/cache/1588462714860.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/com.fo2fo.timestampcam/files/Yang

Filesize
61KB

MD5
9066e9adbb920d5af43be2e0cefc4730

SHA1
a9613dd4a1023111b82be3b0b4cc66893de9650c

SHA256
dcc95c4e9c442b844fd68543d29cbc0da5581f615d63f4dc078280a9c82e4c96

SHA512
f89243d88c97834e16131e435a46ed4dcff7f3a4f32f6a95a921f7dd4b0b8c596294713032d157fed2f38cec159f20d4d0049c281ba52100bc166476354af13b

Download Submit
/data/user/0/com.fo2fo.timestampcam/files/describedescribedescribedescribe

Filesize
9KB

MD5
28d1636567236f852092f42e35e36ebd

SHA1
e94b782c6ca27ddeb01760847507f53041ebf494

SHA256
919ab7a9edfc242000493c54a2ac553be3aa2711b728f09dd74159b17cdf2a22

SHA512
487f9f2b7ce8a0d990484b0f00fca56dcbdcb810e44d4d48cb710b8f54cc79be07537ec909ed5d5e0fc100c5660f9fe4a2cb5e2f84c9ca513b97c516506cadde

Download Submit
/data/user/0/com.fo2fo.timestampcam/files/vKVS

Filesize
5KB

MD5
6b3a9e4c0ed3c3231e3d40181d6e0c02

SHA1
ea2313adb79e2f6c8bece04a63945904eeefc0d0

SHA256
22341dae4f97121a4d197d91c71415865477ff80b2a1cdbc9a1f273e17aef9fa

SHA512
1f39e33ad873efdbed4f81424449735a105dd1f564fcb5d6c2292500476e8801c8386b109debf2f40c9b73cb3151320ed64cec021782271a96a3b50c3bd5c489

Download Submit