joker | 2e812b6b5ef4b43cc457c609aa625924fcb9bae76175e4f5d355ee864c219198

Sharing

Copy URL

Twitter E-mail

General

Target

0ef1812b12b096aeea49493db5f8e144_JaffaCakes118
Size

9.7MB
Sample

240502-tetz2aed54
MD5

0ef1812b12b096aeea49493db5f8e144
SHA1

c6019aa08f1158110c2738d7df0d63685660b5d8
SHA256

2e812b6b5ef4b43cc457c609aa625924fcb9bae76175e4f5d355ee864c219198
SHA512

cf9b75cca98f755b6d196ad198b6170288ca934006ef794e4d3168cfca70e27402294866d7f245de24784031e7253bfc138457514401570a3ca4a6a2cce9dcb6
SSDEEP

196608:Dr21hKhjNcwKWfKr2CJgwW1UaxIDoRXKriz60rv6BsizddiU49q+P1:DrYQBxKfr2eZaxIDoRE/pdcfP1

Score

10^/10

Malware Config

Extracted

Family

joker

http://config.inmobi.com/config-server/v1/config/secure.cfg

http://i.w.inmobi.com/showad.asm

Targets

- Target
  
  0ef1812b12b096aeea49493db5f8e144_JaffaCakes118
- Size
  
  9.7MB
- MD5
  
  0ef1812b12b096aeea49493db5f8e144
- SHA1
  
  c6019aa08f1158110c2738d7df0d63685660b5d8
- SHA256
  
  2e812b6b5ef4b43cc457c609aa625924fcb9bae76175e4f5d355ee864c219198
- SHA512
  
  cf9b75cca98f755b6d196ad198b6170288ca934006ef794e4d3168cfca70e27402294866d7f245de24784031e7253bfc138457514401570a3ca4a6a2cce9dcb6
- SSDEEP
  
  196608:Dr21hKhjNcwKWfKr2CJgwW1UaxIDoRXKriz60rv6BsizddiU49q+P1:DrYQBxKfr2eZaxIDoRE/pdcfP1
Score

7^/10

discovery evasion persistence
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Requests dangerous framework permissions
behavioral1
- Target
  
  BannerPlugin-3.0.apk
- Size
  
  44KB
- MD5
  
  5bbd555eeb5d930e8bd99ef13a350e62
- SHA1
  
  93d2af67b527059e0d90588875c88e9c9ccfb50c
- SHA256
  
  dd28222be3e000f397f2285cfc71d883b624ebdec5bad905066dadc95e49557b
- SHA512
  
  3fd89211f9e4e2ddc301c7025d9ec922281a5ac4a488a01d36d5d168ac36d6dc2a6f7221b46aa16b441aba6b12630bdfd68fa52fc537d6333651379bd50fc4d4
- SSDEEP
  
  768:AjdB6MIt03WP87H7S7dcZFuYqUW8mxPoSjA37kN4d3HEyPzEKoB5lf43:MdB6MNvG7dEeLjjuBEIIKoVg3
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  CommonPlugin-4.6.apk
- Size
  
  505KB
- MD5
  
  ac4168f38642684606f6566567a2c2a0
- SHA1
  
  b7e0563ca9793db5860c24fa4c853a1e7eac9a06
- SHA256
  
  45ceacb3b5c716224e0e71acc4bef8af48a0e435669d5db8c53bbf4ef19b8f34
- SHA512
  
  d88d343eb2f27c2ebabdd244bddf09723e325f925f5f2d1c32ca086cf497f6ff5be5b8feeaecdfd4c8cc0b1e38c096393f9b346b0a2c9967ac7231763a0bce2d
- SSDEEP
  
  6144:PHGp6MtOHwh8jLPTKYXOJ14IDCXqFFVnDcZW5C61Irjj0QEiJ7wQyml9rOcpww1+:PmpwwajzmYXel3Rz5C6irvE+ww9yxFu0
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  FrameworkPlugin-3.4.apk
- Size
  
  18KB
- MD5
  
  367dad014f883598f13b649225e4218f
- SHA1
  
  5b59279d2e243d0ea0d95bd3ff13a98207effa51
- SHA256
  
  4a99f0fdec8d646f96ee4ee70fa021a978e8b1068b123923e0c1bf2192c8ecef
- SHA512
  
  61bea143afdcaf10511779fbf3d5cc71c2ea4174c519fdf00069f4253663da084eff6b8c0faba151dd183f6a0fc90af98324b257f85f5fcbf58066f103ad9745
- SSDEEP
  
  384:EvBU3+URJOVgjTUTiYEuA+EbHVQVXjuU5SAwXfYr+MmLIQlo2jig1rGewe:Ev63RE9BEuA+ERQ9d8U+MmLRlo2jig1r
Score

1^/10
behavioral10 behavioral8 behavioral9
- Target
  
  __xadsdk__remote__final__.jar
- Size
  
  83KB
- MD5
  
  607e65052147713115dd87f0866d504c
- SHA1
  
  5ff2a1c2ebedeb61236c56edfde6406828a05c6c
- SHA256
  
  fe2fe2810faab43ae935927bfde6faafb8c74532f760afbecff9585d4404e741
- SHA512
  
  2bc7144ac0c6dfbcf097f778ee110405d9c58f4fc4901356c2cf2622d7a4f6b12ce30a51f168962a8c81fbab9c46a65c2b219633dd2a80cc345dbf255cebf2a1
- SSDEEP
  
  1536:eKSS1UbomStT19s4G0/GZzgrF2nPOgfbexVK8RV+0XUv5VzUxwh3MPeUivu5iy:DSYsStT1ZT/ugrFsmgsHWzUxq3MPeUi8
Score

1^/10
behavioral11 behavioral12 behavioral13
- Target
  
  gdtadv2.jar
- Size
  
  128KB
- MD5
  
  d33b3ec7def68b71f2fed86f8816651c
- SHA1
  
  0365fa5845cc259d449b33af352e858b654353c9
- SHA256
  
  83b17bee6712defbd2c6a91c4f5c8e3a4b1d9c69d7fafaa0dedff1676b4bf687
- SHA512
  
  9cb8af47bec4402a148cb4950780fb96686b79c897530316c02964d917ab92a1554a3034f186ac6da6a15a7ad1f7d7fa8ea145cae5bb1d540c877d753ba052f6
- SSDEEP
  
  3072:tlyPwIT8y7NhgXbxdo+i0kgs5jU9HlJ67B3RzUqujrasu/:tlyPwKo30lguwJYB3RzCpu/
Score

1^/10
behavioral14 behavioral15 behavioral16

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16