joker | 724e412f02185c8721fea47187d07cfeac03a42b2e1d776f8fc7eccb5143289f | Triage

Sharing

General

Target

Virusss yoker.apk
Size

6.4MB
Sample

240410-y7brdaaf65
MD5

1325ddc84a95033801f4043f260c8313
SHA1

9a63bec8f4602933b284729563249afb90eb0391
SHA256

724e412f02185c8721fea47187d07cfeac03a42b2e1d776f8fc7eccb5143289f
SHA512

a0aa271960cd3ad23eb7cc5fdd27d02b45f78ee2a7b58fa8380b3cb846c8c521b49c3852dc31e42d009b1ae35f8a186ed2e85cac2825527ff9fc7d9634b7aef9
SSDEEP

98304:0fArAqo/RtzwUsYSuBmy0d7DGZgoRimxf4jxH29LHZ4zLEcmuaHbTdDXy:0fAr1/uB7kaZHRdf4jY9L54zAcmJbTZy

Score

10^/10

joker android discovery evasion infostealer trojan

Malware Config

Extracted

Family

joker

C2

https://homeward.oss-me-east-1.aliyuncs.com/nameplate

https://xjuys.oss-accelerate.aliyuncs.com/xjuys

http://139.177.180.78/hell

https://beside.oss-eu-west-1.aliyuncs.com/af2

https://xjuys.oss-accelerate.aliyuncs.com/fbhx

Targets

- Target
  
  Virusss yoker.apk
- Size
  
  6.4MB
- MD5
  
  1325ddc84a95033801f4043f260c8313
- SHA1
  
  9a63bec8f4602933b284729563249afb90eb0391
- SHA256
  
  724e412f02185c8721fea47187d07cfeac03a42b2e1d776f8fc7eccb5143289f
- SHA512
  
  a0aa271960cd3ad23eb7cc5fdd27d02b45f78ee2a7b58fa8380b3cb846c8c521b49c3852dc31e42d009b1ae35f8a186ed2e85cac2825527ff9fc7d9634b7aef9
- SSDEEP
  
  98304:0fArAqo/RtzwUsYSuBmy0d7DGZgoRimxf4jxH29LHZ4zLEcmuaHbTdDXy:0fAr1/uB7kaZHRdf4jY9L54zAcmJbTZy
Score

10^/10

joker discovery evasion infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerdiscoveryevasioninfostealertrojan