joker | 6be5484d167ba3fadf873b0344fc1d9246644ad85bcffc7a37b21faa0bee62fc

Sharing

Copy URL

Twitter E-mail

General

Target

23de146d15a74316c9a3739a2c48535a_JaffaCakes118
Size

23.0MB
Sample

240508-jkj2xahh5s
MD5

23de146d15a74316c9a3739a2c48535a
SHA1

a5da6b2777537835e391f1708c543fd40b27494f
SHA256

6be5484d167ba3fadf873b0344fc1d9246644ad85bcffc7a37b21faa0bee62fc
SHA512

b18395845c9f9a569efe4d53865f779787dfa3d5cb0baa2754f7a878e2cb58178c62db9af53fe4881859124ad19ff5cdb7434e5bc07423bad4efdb31d8b33b3f
SSDEEP

393216:pBpgP9fjk6C3ZH0lRkdTQs5ptyonvxUxFSVoL4ro:pIFkfZU7kHsonvCxk+L4ro

Score

10^/10

Malware Config

Extracted

Family

joker

http://192.168.1.35:8090/

Targets

- Target
  
  23de146d15a74316c9a3739a2c48535a_JaffaCakes118
- Size
  
  23.0MB
- MD5
  
  23de146d15a74316c9a3739a2c48535a
- SHA1
  
  a5da6b2777537835e391f1708c543fd40b27494f
- SHA256
  
  6be5484d167ba3fadf873b0344fc1d9246644ad85bcffc7a37b21faa0bee62fc
- SHA512
  
  b18395845c9f9a569efe4d53865f779787dfa3d5cb0baa2754f7a878e2cb58178c62db9af53fe4881859124ad19ff5cdb7434e5bc07423bad4efdb31d8b33b3f
- SSDEEP
  
  393216:pBpgP9fjk6C3ZH0lRkdTQs5ptyonvxUxFSVoL4ro:pIFkfZU7kHsonvCxk+L4ro
Score

8^/10

banker collection discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
behavioral1
- Target
  
  CommonPlugin-3.3.apk
- Size
  
  509KB
- MD5
  
  ec827d1639a419693b723e38efbd6a78
- SHA1
  
  42efcb0c3789fac15b8eda95e2f33bd789ab7636
- SHA256
  
  8f878f0abe8357bfc4346a0abef3cc3437d62416d284d532cfcab113b4d96a92
- SHA512
  
  1bc3f90aac56d676e96c1acd037c59028819025597038baba06ac16883cb3a51f645a3f5ef26f4fb557d37c9135c59b280ec3bb353be52cf1b2a89873d83e8c5
- SSDEEP
  
  12288:9qMvZwLlgBiTBu//SpQmN5a+AjK4p5bRqbCRjGsrON8W0:NwZMiFu//SbM+eddd6N50
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  FrameworkPlugin-3.0.apk
- Size
  
  18KB
- MD5
  
  23dec9199a698f17dba2982c2a4dce53
- SHA1
  
  00d2498b25d7fe4b6797ad4745d356685301cb27
- SHA256
  
  7dbeddca1d878770c379ee00d5314f089423f9887b2648e5952d5a8d1575d062
- SHA512
  
  5d0dfb479565871ca463e89a4a7a742afac78baa91a521e330ffc9f605f534171a68791197c64874369f4d079a6d6e537e678d799837b24be3b79fdb3f61db25
- SSDEEP
  
  384:nP/UuSRfLCfkzxrqpMuMyWQ78xqUl1yVXAQv8mbrWR:UnXYpMyW1MUl0VQ5
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  WelcomePlugin-2.3.apk
- Size
  
  44KB
- MD5
  
  8ef2b798c30946b497e6038c8e5485cb
- SHA1
  
  a55036a3e51dcd9e71dd468790fd9bb1a037b67d
- SHA256
  
  d8a23c029bc13848dfbd56568a2c40696930c4a91c6b5f1764c561eafa7970d5
- SHA512
  
  a4263baaa5f093c8366cdd25cd0272ab7c60b86c9a412060ff382b87352599677471a37cc64bae1b978cf5e5a3b19d01511741872f1bd725304c3e52edade3b9
- SSDEEP
  
  768:nYirXFWLKxe7X+Fu9924EgUmy0GtzFavNedPtMoyb43b7B34mmErdcb:nXbgLKxe7wu7256Gtz4YdP33x3FJ0
Score

1^/10
behavioral10 behavioral8 behavioral9
- Target
  
  __pasys_remote_banner.jar
- Size
  
  108KB
- MD5
  
  5948ada226cad1ef6f0197f285d25038
- SHA1
  
  821337fbd9b513e6fb92d7a554e8d4a86605211d
- SHA256
  
  0ea61120f793513cfff6c477dc55dad5a0cbf651f2eaac8c17e4167342561c02
- SHA512
  
  a0321a8876d46e3d9fcd6aa027fb04991dfdc41b531b57d858b6724a5cc131654e9034e82a7de43a7bee8a3d526d33c226ad1fcdcafc8e3fc6de44424d6f5142
- SSDEEP
  
  3072:RnKm2F6+VudGAPnyJ6rzcgrRQpU+7Fl0ukzeIo:oZVudXyJ2LrRQT7Fzv
Score

1^/10
behavioral11 behavioral12 behavioral13
- Target
  
  gdtad.jar
- Size
  
  75KB
- MD5
  
  7068fc92af9e6dc686de8924e174180b
- SHA1
  
  e8c47cb6f40b058b96bc5ab1bbff6a0a1a2adf2b
- SHA256
  
  8b759e7358f706522f51d8774d38f264e13bd62dd49b1825b0ca7dfcc0c9e299
- SHA512
  
  05ab5cfb9df4cca02c43bbc81a8e8b10469dd27604d487591fe15d3620d8623bb19d30af9607430e0a73fd04df02ffbf551f5c1e58af24293f681c928395aaa0
- SSDEEP
  
  1536:P3AK+z0NSabIMKCxTEGDpCrLHgOnAOxyZV9r4L8fHROwbY3zZJYgwxx+p9/3:P3AKZNSafTrNkLxn36VVfYwbY3zZJY9W
Score

1^/10
behavioral14 behavioral15 behavioral16