joker | 144ed9088577cf27bad63078f1a3b303db97170dda2dcdfb0b5bf1f9da27871f

Sharing

Copy URL

Twitter E-mail

General

Target

07fcb3e2a959b57dc43627afaf5c24ac_JaffaCakes118
Size

30.4MB
Sample

240429-swe2rsea24
MD5

07fcb3e2a959b57dc43627afaf5c24ac
SHA1

31e0d004b2b23ce9228de5734f3ec727fdcafbb0
SHA256

144ed9088577cf27bad63078f1a3b303db97170dda2dcdfb0b5bf1f9da27871f
SHA512

a5bd937e0d1255b6800d725f83bcf93e251a9deff49714f2bf3d7c92b4db350d948779f463c76b479aee42b26990f56e77a7dc5c20e9e731f43792804763e806
SSDEEP

786432:V2tAGCI1gtBpEp04mAZ8Bqtgb2aziWGlYDNEAYb:MvCIqp+04mAZa9ziWGYuAw

Score

10^/10

Malware Config

Extracted

Family

joker

http://adashx.m.taobao.com/rest/gc2

http://api.exc.mob.com:80

Targets

- Target
  
  07fcb3e2a959b57dc43627afaf5c24ac_JaffaCakes118
- Size
  
  30.4MB
- MD5
  
  07fcb3e2a959b57dc43627afaf5c24ac
- SHA1
  
  31e0d004b2b23ce9228de5734f3ec727fdcafbb0
- SHA256
  
  144ed9088577cf27bad63078f1a3b303db97170dda2dcdfb0b5bf1f9da27871f
- SHA512
  
  a5bd937e0d1255b6800d725f83bcf93e251a9deff49714f2bf3d7c92b4db350d948779f463c76b479aee42b26990f56e77a7dc5c20e9e731f43792804763e806
- SSDEEP
  
  786432:V2tAGCI1gtBpEp04mAZ8Bqtgb2aziWGlYDNEAYb:MvCIqp+04mAZa9ziWGYuAw
Score

8^/10

banker discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks known Qemu files.
  Checks for known Qemu files that exist on Android virtual device images.
  evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Requests dangerous framework permissions
behavioral1
- Target
  
  BannerPlugin-3.1.apk
- Size
  
  44KB
- MD5
  
  458bd2eb1e0a271f496506a8b4e6d7ca
- SHA1
  
  9db7ed38066a5f384418c5ac57bd38e75e648aad
- SHA256
  
  caae73fa384f925b512ccf1fdc01873a361324087889a80369fc67316d974b26
- SHA512
  
  c9b1fefc4bb19b68530dfc7b0c27add15ab380f4089a4f28c1298c2491933ac7feeb11e43fcf3ca63735ab9811194a005f9fa9fe8290e2141ac42b7b7fb8baa4
- SSDEEP
  
  768:ZxBjQIt03WP81BojmO2d8377WgwdfHVzy9/GpGt9MTqEV+yYeKCw9877uWf3dE7:ZxBjQN5BojmO2d83fWgwdPgFOM9hEyLt
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  CommonPlugin-4.7.apk
- Size
  
  508KB
- MD5
  
  a8cea9a97c2b3334bf9bc0cadc91740e
- SHA1
  
  ce5a3561f8ba7b332c35370cf00a16d06b7df790
- SHA256
  
  4b56379d87e572582d6e1bcd2e33b96b03b2584feea34ab4fc812cc25856baaa
- SHA512
  
  1ab841cd8edda0f3c1444ee2d8825b60100675b918a4dc506b590a882a9cd6a561e9f7d0f71685fe6ca4b65d97af9c8c0785eb474201eea61ead9bf036b50af7
- SSDEEP
  
  12288:XX5o+tee1jL6fLn35ECc2nZFdBzjStccqkWJT1ISY:HHFGLnSgZFbXlkuBY
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  FrameworkPlugin-3.4.apk
- Size
  
  18KB
- MD5
  
  367dad014f883598f13b649225e4218f
- SHA1
  
  5b59279d2e243d0ea0d95bd3ff13a98207effa51
- SHA256
  
  4a99f0fdec8d646f96ee4ee70fa021a978e8b1068b123923e0c1bf2192c8ecef
- SHA512
  
  61bea143afdcaf10511779fbf3d5cc71c2ea4174c519fdf00069f4253663da084eff6b8c0faba151dd183f6a0fc90af98324b257f85f5fcbf58066f103ad9745
- SSDEEP
  
  384:EvBU3+URJOVgjTUTiYEuA+EbHVQVXjuU5SAwXfYr+MmLIQlo2jig1rGewe:Ev63RE9BEuA+ERQ9d8U+MmLRlo2jig1r
Score

1^/10
behavioral10 behavioral8 behavioral9
- Target
  
  InsertPlugin-2.9.apk
- Size
  
  45KB
- MD5
  
  9f2b0e626d1d13350742fa1dfe640b5b
- SHA1
  
  adffde9a2402f6fc24bfe9ee8d487ce19fa7f391
- SHA256
  
  005c61e1f50885544d440b173fdc0081a16d1333237e845239c1193b65c66c62
- SHA512
  
  580828f521c7a0f906d7dcad87f11400f1e47ff155f516c3b4bedb8e694ba484d89ca76776e36f96481b753df1b799ea30e4c5ac9f6db7c1beb445f68170c364
- SSDEEP
  
  768:KjRV35GsyNFnxjIt03WP8VocCGMyPM4W+CeIaYMe2oZi:KjIsWFnxjNOckmCeIaYM7Z
Score

1^/10
behavioral11 behavioral12 behavioral13
- Target
  
  WelcomePlugin-3.3.apk
- Size
  
  31KB
- MD5
  
  0f6cb1da81cc9c511cd12a5180447498
- SHA1
  
  84b8302ce8d50f456d0d15230416241a0a1d1523
- SHA256
  
  c968c214ca3366b3bb7213bb9ae905a4561d43e511818e9f5763d34d7801a4b5
- SHA512
  
  cb73ff5a97adfcf993b441a46b8216eda3a15f1c1d65ebf6cae4e63fbe4bcd8c47e2349021055be959dd194d795cc371790aa27a880e62a7523d4c648bf8efc9
- SSDEEP
  
  768:LNSrXFWLKxe7X+Fu9ApwuN6zatksT8LjgImx8Swf6NCHEvjVd1qhC:BSbgLKxe7wuyp96za7ILMt8FfbHEZ
Score

1^/10
behavioral14 behavioral15 behavioral16
- Target
  
  gdtadv2.jar
- Size
  
  128KB
- MD5
  
  d33b3ec7def68b71f2fed86f8816651c
- SHA1
  
  0365fa5845cc259d449b33af352e858b654353c9
- SHA256
  
  83b17bee6712defbd2c6a91c4f5c8e3a4b1d9c69d7fafaa0dedff1676b4bf687
- SHA512
  
  9cb8af47bec4402a148cb4950780fb96686b79c897530316c02964d917ab92a1554a3034f186ac6da6a15a7ad1f7d7fa8ea145cae5bb1d540c877d753ba052f6
- SSDEEP
  
  3072:tlyPwIT8y7NhgXbxdo+i0kgs5jU9HlJ67B3RzUqujrasu/:tlyPwKo30lguwJYB3RzCpu/
Score

1^/10
behavioral17 behavioral18 behavioral19

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Tasks

Sharing

General

Malware Config

Extracted

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks CPU information

Checks known Qemu files.

Checks known Qemu pipes.

Checks memory information

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Reads information about phone network operator.

Requests dangerous framework permissions

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19