joker | d4a068fb20501d18a5d55c7ce5aee30e4130e380cba8c9fc0e969d701f46bcbb

Analysis

max time kernel
7s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
03-05-2024 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ffd4124786d4eef3eb4611b217d19a8_JaffaCakes118.apk
Size

29.2MB
MD5

0ffd4124786d4eef3eb4611b217d19a8
SHA1

a7af2714c43fa52a3634cfcd8b120d3e9567110e
SHA256

d4a068fb20501d18a5d55c7ce5aee30e4130e380cba8c9fc0e969d701f46bcbb
SHA512

b883b1dd9adb4e1ca84c9a0cf6c81c167f9d290ee7047d155afaf1306a7d0482f53d6c1c183d578f234f70cc35eed44e6079ae2327c58ce285a7cb7ec32833dd
SSDEEP

786432:96Q07tmga9twC3Ct//up/WUt3FkmM+oe2n:96Q6totwC3Ct//+/9rkmMBn

Score

10^/10

joker discovery evasion infostealer trojan

Malware Config

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.jiaming.ko

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.jiaming.ko/.jiagu/classes.dex	4454	com.jiaming.ko
/data/user/0/com.jiaming.ko/.jiagu/classes.dex!classes2.dex	4454	com.jiaming.ko
/data/user/0/com.jiaming.ko/[email protected]	4454	com.jiaming.ko

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jiaming.ko

com.jiaming.ko
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4454

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jiaming.ko/cache/weex/libs/weexjsb/x86/libweexjsb.so

Filesize
6KB

MD5
9bb067cd33b490d30f2c88054c732574

SHA1
d95a11e2be5c7a1fab9820e34cdd9e482523ea86

SHA256
fb993dc086feddf19af9700c7428386e3e4a5c67f273711c371ff4460a830ae9

SHA512
0b721c51332313c50ae466fff1b4bdb48a71791bca67ee83d2882a19e8abb59dc1406ed15d6dabbcd3ba922167fbf68a3828fd82edf4b2270ff0191b8fed0dbc

Download Submit
/data/user/0/com.jiaming.ko/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
ed73a80eb949bacc52428b8d5a087fa5

SHA1
07e973549a2cee61ffeeb6439abc419cd8a489a9

SHA256
f0ead1ad60e0cc310c1a40685c28fc7a69aa346604552816c51dd3c1718a1e76

SHA512
4bc26c18ca3a2edfe38ca1e14ad1e1415268b4a69cdff3c0f8e2b8fa910c67c2e4bc4f32c21274e586e8e139122ea3dbde7ec507c4722b4a9a778ee2598090b8

Download Submit
/data/user/0/com.jiaming.ko/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
5061e4948844f7d366972ac8005e9f13

SHA1
a2b79a1c79afb095ddebf0f16a1f9db64482bcaf

SHA256
3aa6caecfcd101531539147e01382bc530b4fdc61e98937d63cc4648793c6a45

SHA512
223d18ce248912df18cdea3c8e864ea5e6ec058ca42cc5fde738188c54abcd260d7f24ac53d4987d3e32f4ae3e1e40e01354054d035bb100eef51b2d695f5299

Download Submit
/data/user/0/com.jiaming.ko/.jiagu/classes.dex

Filesize
6.0MB

MD5
0f70acb31553f711af7b8795290c4b4b

SHA1
a2683ef85dc044e8f4d5522e16445632a28119b5

SHA256
2485518dc22d657184fc19e54c292d738cce375d5076e663474a6596678d942a

SHA512
9d76a157eee354acf9c9e072bc1fab0964b560fc4ad26cb62421ac4e29f02986eca62c5aa9e7e7a700bf0a0f67aeef2870918532d4ebd634e64c1651edad3d5b

Download Submit
/data/user/0/com.jiaming.ko/.jiagu/classes.dex!classes2.dex

Filesize
5.1MB

MD5
85bfcb34106441e320cb9668bd63cead

SHA1
a017af11d75bec9cd1cec7197fdff29eb73bfc15

SHA256
0ec053f123e1d99772856a802c68aa1267c2c75d407a43d1a00a049508bc21db

SHA512
2e76c9837a3e11ef91b48eea3f2cd6109d7d4267e599713e74cc77766fd82bc3108c2998a8eab5dda7a60b8cd181df6aba1eda40b9628558b6e1c5cd01fe338f

Download Submit
/data/user/0/com.jiaming.ko/.jiagu/libjiagu.so

Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/user/0/com.jiaming.ko/lib-main/dso_deps

Filesize
380B

MD5
c4db67bff7e051f5e011562d6cafc602

SHA1
11da1ea4b36f423701623bbbe3b69f46cdc28e75

SHA256
d33362d46cc63b2e4991f5fd4f4e1105b76bfd592e21967d61955d42d7f803dc

SHA512
9859e448a5391778282168340a371e73e4d92dd4461a09ac7a9aef42490987b95896da073dac9502769190453a9e155661be3ac4a382d1306c9eac1e8044843c

Download Submit
/data/user/0/com.jiaming.ko/lib-main/dso_manifest

Filesize
362B

MD5
b384268280bf9da4cef70db405923eae

SHA1
c9dd9e67ce2aad163424f1b0ac3419e94b1be8e1

SHA256
49f92518c56b9a75e4c9de311738b3fa5d60459c68da885dd6f411a195d0c7fe

SHA512
28d02fcd000366e2fcc4411279ad655aaffe026c93f5cb4d25560974c0801a16c4cb1edca32cb39ee9b945aad7e048ef977d34c7b90af6f509652149f958f9d7

Download Submit
/data/user/0/com.jiaming.ko/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/user/0/com.jiaming.ko/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/user/0/com.jiaming.ko/lib-main/libNativeUtil.so

Filesize
21KB

MD5
a5dae3912a5a4f66743e9b6a02385059

SHA1
1a1555d9103410f29a289237b6f3b49278060775

SHA256
f5a134aa6241058cf47103710fa93a1cc9a32163669271a5ae485367591320ab

SHA512
c85f0b9b61914b972bdc3a3582d9f76e2023747f3cdad3e405419be4bd6dd6b7c34c87e865bd0d01b8c2f6b162308c2b5d18ff90113ff6fd70a37dead07f85d9

Download Submit
/data/user/0/com.jiaming.ko/lib-main/libutility.so

Filesize
29KB

MD5
031a7b4ea21484caea064a1e8f12cbf7

SHA1
2d78aa57abfb396e928257d2ee630d9eadaa9f63

SHA256
95174a6389dd46aa848433cec80bd58cef4fe371a6d525a78b97e620ce56c8e9

SHA512
d82eaf6ed1d2fb0a870010d7726e0eecbda86d967b91fd010f3e0295e7ab15c85ba9f8da4b0a5e5f8e433168aa9cac2b5cde314f65d33aca7176d1abc7771f8e

Download Submit
/data/user/0/com.jiaming.ko/lib-main/libweibosdkcore.so

Filesize
21KB

MD5
b07c039c9b31590ef75c32bda8e432c8

SHA1
701c4e1106480d5ffb8cc664b20d6fc044ceceb0

SHA256
ed419bb2248afda2e6990f26e944b7c30c18a97c16475001d5fca2bcab177699

SHA512
e4acf837af985998f143e5d945e86ed948f6776351cf68a6c0becfdc328b99797525e14bacfbda35d2429846206a5fd5bb57ccd2e2a61a02ab3db97fa570a350

Download Submit
/data/user/0/com.jiaming.ko/lib-main/libwind.so

Filesize
33KB

MD5
04b6dba3efd02ee63209d15edc5c57ef

SHA1
0bbc0fbbf06b969e53fc2f89097d4db065fad922

SHA256
3bb22bef3be3db53a5cc9e0a518b1bdfe9c6df85b0b5023eb47f6848d0a00db1

SHA512
ae3b969a8975414e2ef163b4191cfb57cb365a722c267c1e55360550ae0cb8fc77a58f3e47b90292b4c41fbc4e4b7271e57466d9a7a42b4bc4a265efa03e8915

Download Submit