joker | 724e412f02185c8721fea47187d07cfeac03a42b2e1d776f8fc7eccb5143289f

Analysis

max time kernel
1807s
max time network
1766s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
10-04-2024 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Virusss yoker.apk
Size

6.4MB
MD5

1325ddc84a95033801f4043f260c8313
SHA1

9a63bec8f4602933b284729563249afb90eb0391
SHA256

724e412f02185c8721fea47187d07cfeac03a42b2e1d776f8fc7eccb5143289f
SHA512

a0aa271960cd3ad23eb7cc5fdd27d02b45f78ee2a7b58fa8380b3cb846c8c521b49c3852dc31e42d009b1ae35f8a186ed2e85cac2825527ff9fc7d9634b7aef9
SSDEEP

98304:0fArAqo/RtzwUsYSuBmy0d7DGZgoRimxf4jxH29LHZ4zLEcmuaHbTdDXy:0fAr1/uB7kaZHRdf4jY9L54zAcmJbTZy

Score

10^/10

joker discovery evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://homeward.oss-me-east-1.aliyuncs.com/nameplate

https://xjuys.oss-accelerate.aliyuncs.com/xjuys

http://139.177.180.78/hell

https://beside.oss-eu-west-1.aliyuncs.com/af2

https://xjuys.oss-accelerate.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.pdfview.reader.pdfscann

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.pdfview.reader.pdfscann/[email protected]	4295	com.pdfview.reader.pdfscann
/data/user/0/com.pdfview.reader.pdfscann/files/saudys	4295	com.pdfview.reader.pdfscann
/data/user/0/com.pdfview.reader.pdfscann/files/journey	4295	com.pdfview.reader.pdfscann
/data/user/0/com.pdfview.reader.pdfscann/files/Yang	4295	com.pdfview.reader.pdfscann

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.pdfview.reader.pdfscann

com.pdfview.reader.pdfscann
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4295

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-journal

Filesize
512B

MD5
e5285f0b672683ea90316ff98322ee9c

SHA1
5d9335c951add9c22c25d4fae6af2c7bfea8eb7f

SHA256
1c4b2f085ee4b776199e90a809a0ff8250a0240672097b88086ea52d51de0f2a

SHA512
bd0f488e72fd10c16728ce1f9b7dab13ae1dce3683cd273b968a6cb19a0d7c02af18be5070d7ca2a02c95b0bdd245592c3016a27ba7096a14389af59f1de17ee

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-wal

Filesize
16KB

MD5
f0efc0aef71226b8a48c549a308bdcd6

SHA1
8a003fade0037d60519ea40b2b0d766de29c435d

SHA256
5681846e5982d1ba4edd8711168226a32bf1aae4597017e71500743f5580617e

SHA512
a116e38999b71128870347d980d3010d4971b8a224ccb64c05da11ee4ab06f8600b7d3bfb82d09ea45ef900b89263b5372b9f52d0f397401f7083b4e7e22034b

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-wal

Filesize
44KB

MD5
05fb969c5e3ba4d0bbf6b0bf85b693f0

SHA1
62b41138f1ec75f5e4cd792c3c0312d665ce9c79

SHA256
2c1b403b67a992ad66b0695e14043fe081fdd4c9e066440e2c53f4cb6e7a9fc9

SHA512
48d791c81a4026e8cb9ff2e5f44b4183174c15fd6dfd5bda8b7c7d4e6a7128567f962f6d423b034c3f6835a1ae62489d88ce0e683883cc25aff4df57211e1afb

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/ads.db

Filesize
28KB

MD5
6e3408e58c5e855fd2132333ea411e3a

SHA1
25dd3a4b4e93ce369f58942ef041d4ad1936e953

SHA256
661abf058d82427a1e52cca2fe22f1ff6980f85772d6b53444abb5b22034f2ab

SHA512
f6983598ff15d892f80fec32fbe46fe04ff4a3676ef5cf6e7edfda0ebdb8be9dffbbe44a230e005216ec6226a4c73718c560c24bf3c0be437d475f4001451231

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/ads.db-journal

Filesize
512B

MD5
fa72c48a17a82532174d8bac71c67102

SHA1
2d727c578d8c1c5b11f156edfb1fb294aa5f043f

SHA256
21daf61add9fbaad63077b9284f898ea267e86ea666c57478d4292b8977399dd

SHA512
832f8b9b732817c2eaedcc7d0d3c16b45dcedb4d4f65fc4d2b56919226867ceb0325dbfc7d4e8b7f506cf9319a00ef011f19e85f0d177a8bc4ae49a6f9d19e67

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/ads.db-journal

Filesize
8KB

MD5
4111d1c03b7a428fd5787859ba48b260

SHA1
43799f9de92f7edcc3df294d19f808144c293f5d

SHA256
f20db96cda7e3d59452963ae452ec4f3d77ab5107544d70ba67e354e218baa8b

SHA512
8ae8effc2086fe13ea9d1e5290d90a85a3ab536343d3b937bf17a4751dbd5008bbc57bb26bcc05b901a717690287c1a1f5492ee91e08cbe849889ff01c7d9d17

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/ads.db-journal

Filesize
8KB

MD5
922989d5d2db939572aeda386eb9f5a5

SHA1
7150e8a4dcbab60bf0b122f658af25800185c273

SHA256
fc0a73e003abc60100c7d9a05146a4cee7c61a9372afaaf6d6302f63f0f10060

SHA512
31c0ca6d2155c248dbaedfd4986a69b22a1c02a4d78a5ac0418bc826440207fbe599ac48887f4476b437468c4c11a58a9ddf0436b99c48ca6f0c453d935abb57

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/Yang

Filesize
25KB

MD5
31217fab7722f55e60245ac48a48560a

SHA1
a8f33b9cfbb3858eefa45eb9ec23edacaf83b972

SHA256
78bf941588cddb91fa62f11410c616c572508b341f505c704712faee0501a042

SHA512
7d5be7c756f70dbf085b3332ae59f01ffdf3697bbe83de702231a920ab9304ef0f1502cebf42c1264c31dfe26663c2e7e762b41061650f9812388af14cb4b2a5

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/journey

Filesize
6KB

MD5
9af052da1567a096350f9fc5d3629084

SHA1
2805050d51348f8584c0c5f95ea0aecb194632b0

SHA256
c83385b0370b18b75ced66aa0803b878deab447d97bf3d7dfd3f1ac9d88f4186

SHA512
31fb530718c7f0a79e6b19eaa9c5d6c19547ac8054f29231d5c963cc1c4b9d915a7c57a3a2caf30b33239817d066ccdd94bec857113b2a899773585e3cca3f39

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/saudys

Filesize
3KB

MD5
43911fa1ce6a2a2ba7c45f36b6187faf

SHA1
4543ad7ed05726464af38d5f047ebaedcb0d5498

SHA256
b4e67aa7674c1a439ce27c2a706a7c8ab2a6c7a0fdbb752781acec0d5413d851

SHA512
d2ed6c04bc142672d2be8fe443e44990f5fa405e1a3b4496a9a3f09bee07fb2f40e0d70126965707d6934673f7ea9801c2a284482113b99c17127550aab96af3

Download Submit
/data/data/com.pdfview.reader.pdfscann/oat/x86_64/[email protected]

Filesize
59KB

MD5
5157f484add9484c074b6a21c5612030

SHA1
53890a7d1008f83d056fb9e601a91eda94e7257c

SHA256
6910e6f782f7451f0c1e011bafb73ee78dd02f5598a8c2bc2f88cc6bde1b6e00

SHA512
7c266dca921aede9ec15dd12273ec171bd5ddb8ca6450b474f10bea4807a709ff82219aa1508453553a566859f6a6f13d74a4cadfabe3ddad00c40b18f2fa7f5

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/[email protected]

Filesize
3.2MB

MD5
692c6b1b89702297c59bd34c4bd1fa53

SHA1
f38cac946f03d7e869018acbdfe0ed272e11b106

SHA256
920e465a87a2409fc8d7186ea4e319c613c04d156bec75e8b91cb4d07b1deb75

SHA512
927048402fb314ef2624776b27317a6f996ea6b3d697d66b8b213d5be9559f24ae0dca8d2f8a9350d32310b8cab071933936640641d297ba522b3af60424df63

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/files/Yang

Filesize
59KB

MD5
6039552d12f80cadba4f5380d2a6956e

SHA1
f1d5e6526673b121b78f33dae74ce03e5c9ae75a

SHA256
64968aff752918e06ef849e623c6fc601cff69b28a5499891408a58f421b5e27

SHA512
55a7d9a0a421596ab16e66d0c490a224903954e7721bb28a43658f5e64695411021c0155a3ccbe11539ee24f02b0d1f72e1f42e1c7396a9f2ff9ed1da92c6d3c

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/files/journey

Filesize
9KB

MD5
c409d388c70ea8ad4fa9360865c761f9

SHA1
1def633ee910d31f50f9f415ae8768149c45dcee

SHA256
2f0fe95c8a02ac85f9383cf7ef5d9937ac93cdc75d75c1f79dd48638ae2eeb1f

SHA512
797d61aa6da7f15404fde84354b833253f9814113649f286162aa766753bf3ab5c678c5aa31805e7eebb6a457a5670e4c06e1ea0486636db464c71cb7c0a50ef

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/files/saudys

Filesize
5KB

MD5
1aa1f9493f5a62883d5512df3ee1c32c

SHA1
d5f6599a22445575bb7b7e21958071d5c87cd170

SHA256
62188b7f0f9f71a33356bcd9019822d4f4f1b077fd715c1236b9ab27598ec376

SHA512
95ce0f1dc39c6309dd826abfe1f5f1f1aff374ce41ae50da12fe6f3d35da60babbc72da8bdb256dd7ab75830e0aeb4fe9e3b1a8ba42753d6f7e7a2e0b3428c12

Download Submit