joker | a7512330defaefb7c72f084d0ad4630f0a81e112ece5de559a5791a1ce978bef | Triage

Sharing

General

Target

01f48b9f14971968f541dee3d34c07b9_JaffaCakes118
Size

22.1MB
Sample

240426-3zyy6aff51
MD5

01f48b9f14971968f541dee3d34c07b9
SHA1

db317fd638ff69296d5821422203efdb4aa81119
SHA256

a7512330defaefb7c72f084d0ad4630f0a81e112ece5de559a5791a1ce978bef
SHA512

8efb7970d6af4264ca66856e777dcde5a45950c822ab54ffc44a1bb958457e79e04e0fc3121822be1be36bbe06aa709cee4ac65862c19559fb56b43619b68ce6
SSDEEP

393216:EFgwuTq7RUrBfVg4OI4M15YWKC6LbxHt8fA6AaegF7q/EFyGtH/f+M:ogE7RUVfVgNKY3nxHB7E5dOM

Score

10^/10

joker android discovery evasion persistence

Malware Config

Extracted

Family

joker

C2

http://airdownload2.adobe.com/air?

http://pay.youxiplus.cn/v5/Unit/query_ads/

Targets

- Target
  
  01f48b9f14971968f541dee3d34c07b9_JaffaCakes118
- Size
  
  22.1MB
- MD5
  
  01f48b9f14971968f541dee3d34c07b9
- SHA1
  
  db317fd638ff69296d5821422203efdb4aa81119
- SHA256
  
  a7512330defaefb7c72f084d0ad4630f0a81e112ece5de559a5791a1ce978bef
- SHA512
  
  8efb7970d6af4264ca66856e777dcde5a45950c822ab54ffc44a1bb958457e79e04e0fc3121822be1be36bbe06aa709cee4ac65862c19559fb56b43619b68ce6
- SSDEEP
  
  393216:EFgwuTq7RUrBfVg4OI4M15YWKC6LbxHt8fA6AaegF7q/EFyGtH/f+M:ogE7RUVfVgNKY3nxHB7E5dOM
Score

7^/10

discovery evasion persistence
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1
- Target
  
  gp_sdk_plugin.apk
- Size
  
  9.3MB
- MD5
  
  40fe1d1e71506fb26a93dde90a94ca95
- SHA1
  
  ff9271a377fe88cd181dbc0e234d6e797e7a12a2
- SHA256
  
  6a9c7cb59f3b33deb0f93a4cd46ef10cd5609fdefbe4fc4af466dcc1d437667a
- SHA512
  
  cdfe1b2cbc1498b3a23e5086d2adaee34df6001e4c4f7b2482fcb105fc03273564d9fc734104017d5c9e22b69409968ed911925fdc0a4ba06d6b61e250ae1743
- SSDEEP
  
  196608:NKcPaWmWG1BGx0es+ZhKM1Logc6KZL5rSz3JCFR54bbtPPiS8m5Flksf2gBAnKd3:NKcPwuRh51LPFKTcCF34NPum5CgBAe3
Score

1^/10
behavioral2 behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Hide Artifacts

User Evasion

Credential Access

Discovery

Process Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

behavioral3

behavioral4