joker | 724e412f02185c8721fea47187d07cfeac03a42b2e1d776f8fc7eccb5143289f

Analysis

max time kernel
1811s
max time network
1673s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10-04-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Virusss yoker.apk
Size

6.4MB
MD5

1325ddc84a95033801f4043f260c8313
SHA1

9a63bec8f4602933b284729563249afb90eb0391
SHA256

724e412f02185c8721fea47187d07cfeac03a42b2e1d776f8fc7eccb5143289f
SHA512

a0aa271960cd3ad23eb7cc5fdd27d02b45f78ee2a7b58fa8380b3cb846c8c521b49c3852dc31e42d009b1ae35f8a186ed2e85cac2825527ff9fc7d9634b7aef9
SSDEEP

98304:0fArAqo/RtzwUsYSuBmy0d7DGZgoRimxf4jxH29LHZ4zLEcmuaHbTdDXy:0fAr1/uB7kaZHRdf4jY9L54zAcmJbTZy

Score

10^/10

joker discovery evasion infostealer trojan

Malware Config

Extracted

Family

joker

https://homeward.oss-me-east-1.aliyuncs.com/nameplate

https://xjuys.oss-accelerate.aliyuncs.com/xjuys

http://139.177.180.78/hell

https://beside.oss-eu-west-1.aliyuncs.com/af2

https://xjuys.oss-accelerate.aliyuncs.com/fbhx

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.pdfview.reader.pdfscann

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.pdfview.reader.pdfscann/files/audience_network.dex	5046	com.pdfview.reader.pdfscann
/data/user/0/com.pdfview.reader.pdfscann/files/audience_network.dex	5046	com.pdfview.reader.pdfscann
/data/user/0/com.pdfview.reader.pdfscann/files/saudys	5046	com.pdfview.reader.pdfscann
/data/user/0/com.pdfview.reader.pdfscann/files/journey	5046	com.pdfview.reader.pdfscann
/data/user/0/com.pdfview.reader.pdfscann/files/Yang	5046	com.pdfview.reader.pdfscann

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.pdfview.reader.pdfscann

com.pdfview.reader.pdfscann
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:5046

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-journal

Filesize
512B

MD5
b314605b180c749ac1ae0aeb27b8a644

SHA1
63acb8eaca8b8fb907b5a659786e75ee9750b94c

SHA256
5a6c12da70666faac4b3b6e1abac48b4fd53598a7537fb7d31b3a6f821a7d8ea

SHA512
b86cd173a131f13663fa439d2328d98fe6e77f7681223e23a70b48cf25d8a356c2b1072ebe7e686902876698b97d88bc44e2e17185499e5e88bc8b303c09ce92

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-wal

Filesize
16KB

MD5
fd3f535dc4413a39573d700e05b90f95

SHA1
b6a32a268ee0622566f6b5e00e73af498baae7b6

SHA256
ce473359485ef322a89da5f71314ca63f86189cbdd0acd9e74fe61905221cecf

SHA512
8f8c0b68446a0068e7c677ce1a9833773917f313cd3ee85da66b466a28a4be6d64e89fe864b393a88962d9f31b3ef59ac992594ea725a213269da9b7309b1147

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/SETJUPDFReader.db-wal

Filesize
44KB

MD5
756c6269e108524ce833f7d31bdecfc2

SHA1
1b72d2dc2ddbb1008b3ba2c4e4a2aa0cc2ed7cca

SHA256
b7431fd1c19aceeae9528e1340d82777a914b6d54a98bbb9f1ba0b47d9dd2a0c

SHA512
4b1334c367350c19d873ad06d44ef138f56dd28caab9b0189956ab09dd9df7a1566d71b9f796328cf62092f6ee3093650cc262ac6a00115ed02a406b734e9ca7

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/ads.db

Filesize
28KB

MD5
f3759e00506a558a23d3f744b83d6fe9

SHA1
8a1c1c79cb335220d5aef502c391909d7a42fdd8

SHA256
9fec976a75481715d45ccbbaf9171cf3629dba061ff443639a0174164a482c04

SHA512
7d38d7cbc8760f13bda4e49063f352604e979b24f8d03b7f9c2a94220aff8e76d25e85b9b44c6d7c8dc3f7a93bd7d2202cb4e13a4fb5cbeaa09205ef16621570

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/ads.db-journal

Filesize
512B

MD5
31bee81b5389ca464250d6308a0d6417

SHA1
32274cbc2e5c17692fb2e3bef74f60166f956cf4

SHA256
a549e7068cb66617a7c70e4c0e9c79adb4b8f642deb709a92b206a6b4ede8678

SHA512
7d9dc7d5f5969f58e0a960b6cb3628367a9edbbd39d3a102ead386af77a9d1d2d31a6b1f0bfcf9228dcc144f6153ccab5911240e56a64446a22945b74b4654b3

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/ads.db-journal

Filesize
8KB

MD5
a790af9a92c7f896bd2e14529c60b36f

SHA1
7b6ae9cb688c8d2956314043259722fcc1617731

SHA256
5980644df02fecdd2f901972db681ea873ef8f149dadb76d217cad786abe8af0

SHA512
8e45ad5ff35b10fd9d362af894c577b6559cca37939b5115f696d70f6e7c278c30f6c76c1b97828ea8236297f866ab0d2fcfc9425f627093c577ec8a76438cb3

Download Submit
/data/data/com.pdfview.reader.pdfscann/databases/ads.db-journal

Filesize
8KB

MD5
22c30f2439acf50536d5dcb2d5574ea8

SHA1
98865329b26ca01904a024ff9bf347ac1ddfb085

SHA256
f44c1d2174cebf0efbb5e24ecd42d7e2c0834ed63502d157c7773fb48f1fbf36

SHA512
64d641c168ec883f1628eef1a8e3694587923f07238c9c28e8747f0f9731e144da141a40cc60e528fc71fd00bae92e5d359232666a7ee7fbebea8d86e1302043

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/Yang

Filesize
25KB

MD5
31217fab7722f55e60245ac48a48560a

SHA1
a8f33b9cfbb3858eefa45eb9ec23edacaf83b972

SHA256
78bf941588cddb91fa62f11410c616c572508b341f505c704712faee0501a042

SHA512
7d5be7c756f70dbf085b3332ae59f01ffdf3697bbe83de702231a920ab9304ef0f1502cebf42c1264c31dfe26663c2e7e762b41061650f9812388af14cb4b2a5

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/audience_network.dex

Filesize
3.2MB

MD5
692c6b1b89702297c59bd34c4bd1fa53

SHA1
f38cac946f03d7e869018acbdfe0ed272e11b106

SHA256
920e465a87a2409fc8d7186ea4e319c613c04d156bec75e8b91cb4d07b1deb75

SHA512
927048402fb314ef2624776b27317a6f996ea6b3d697d66b8b213d5be9559f24ae0dca8d2f8a9350d32310b8cab071933936640641d297ba522b3af60424df63

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/journey

Filesize
6KB

MD5
9af052da1567a096350f9fc5d3629084

SHA1
2805050d51348f8584c0c5f95ea0aecb194632b0

SHA256
c83385b0370b18b75ced66aa0803b878deab447d97bf3d7dfd3f1ac9d88f4186

SHA512
31fb530718c7f0a79e6b19eaa9c5d6c19547ac8054f29231d5c963cc1c4b9d915a7c57a3a2caf30b33239817d066ccdd94bec857113b2a899773585e3cca3f39

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/oat/audience_network.dex.cur.prof

Filesize
2KB

MD5
47cc3b7687d5956317eb988320dc309a

SHA1
c1479328e49d839970d36ca22d3827253623401c

SHA256
79b34909d592311f1b14fbb2ec7a8130482e5d2ddf425aa7612dc251a357209d

SHA512
dd839b0a7c724778f3ff459383623cd062266869928557cc462deba53d3aa5c9ffee015515f44d2d49227b6e0bdd795e01b5a14d706558d32fbb4d2ba5d84fa2

Download Submit
/data/data/com.pdfview.reader.pdfscann/files/saudys

Filesize
3KB

MD5
43911fa1ce6a2a2ba7c45f36b6187faf

SHA1
4543ad7ed05726464af38d5f047ebaedcb0d5498

SHA256
b4e67aa7674c1a439ce27c2a706a7c8ab2a6c7a0fdbb752781acec0d5413d851

SHA512
d2ed6c04bc142672d2be8fe443e44990f5fa405e1a3b4496a9a3f09bee07fb2f40e0d70126965707d6934673f7ea9801c2a284482113b99c17127550aab96af3

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/files/Yang

Filesize
59KB

MD5
6039552d12f80cadba4f5380d2a6956e

SHA1
f1d5e6526673b121b78f33dae74ce03e5c9ae75a

SHA256
64968aff752918e06ef849e623c6fc601cff69b28a5499891408a58f421b5e27

SHA512
55a7d9a0a421596ab16e66d0c490a224903954e7721bb28a43658f5e64695411021c0155a3ccbe11539ee24f02b0d1f72e1f42e1c7396a9f2ff9ed1da92c6d3c

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/files/journey

Filesize
9KB

MD5
c409d388c70ea8ad4fa9360865c761f9

SHA1
1def633ee910d31f50f9f415ae8768149c45dcee

SHA256
2f0fe95c8a02ac85f9383cf7ef5d9937ac93cdc75d75c1f79dd48638ae2eeb1f

SHA512
797d61aa6da7f15404fde84354b833253f9814113649f286162aa766753bf3ab5c678c5aa31805e7eebb6a457a5670e4c06e1ea0486636db464c71cb7c0a50ef

Download Submit
/data/user/0/com.pdfview.reader.pdfscann/files/saudys

Filesize
5KB

MD5
1aa1f9493f5a62883d5512df3ee1c32c

SHA1
d5f6599a22445575bb7b7e21958071d5c87cd170

SHA256
62188b7f0f9f71a33356bcd9019822d4f4f1b077fd715c1236b9ab27598ec376

SHA512
95ce0f1dc39c6309dd826abfe1f5f1f1aff374ce41ae50da12fe6f3d35da60babbc72da8bdb256dd7ab75830e0aeb4fe9e3b1a8ba42753d6f7e7a2e0b3428c12

Download Submit