joker | 45ac35c5bfe1493f29ccac61955d3d88651711637699ab430444d235a16f9f8c | Triage

Sharing

General

Target

2814db335078649763ab613a13ce60ba_JaffaCakes118
Size

22.2MB
Sample

240509-dy66psfh9y
MD5

2814db335078649763ab613a13ce60ba
SHA1

46ba736539bfb717558d974a0ff48f4bf498af28
SHA256

45ac35c5bfe1493f29ccac61955d3d88651711637699ab430444d235a16f9f8c
SHA512

64670639f7a0b495cfa8fe9a8f29c9e5f3721afb9d0b766d49f807148443eb1ecde41ac2da2efa014fdf02ca939b2493bcc367ed4364fc52f3e5f0e34843ced8
SSDEEP

393216:1g5DRtCAE/cJsUuFH/A7OX9/JV/eiN+S0//uVyaN5RJB4oB5kG/wsRGSVtSzm0u:1ggAE/cju1Jde3S0//uwaNjDwTcek

Score

10^/10

joker android collection discovery evasion impact persistence

Malware Config

Extracted

Family

joker

C2

http://widget.weibo.com/invitation/appinfo.php?

https://api.weibo.com/2/proxy/sdk/statistic.json

http://open.weixin.qq.com/connect/sdk/qrconnect?appid=%s&noncestr=%s&timestamp=%s&scope=%s&signature=%s

http://push.mse.sogou.com/sdk_remove

http://vr2.mse.sogou.com/{0}?keyword={1}&width={2}{3}

https://plus.sogou.com

Targets

- Target
  
  2814db335078649763ab613a13ce60ba_JaffaCakes118
- Size
  
  22.2MB
- MD5
  
  2814db335078649763ab613a13ce60ba
- SHA1
  
  46ba736539bfb717558d974a0ff48f4bf498af28
- SHA256
  
  45ac35c5bfe1493f29ccac61955d3d88651711637699ab430444d235a16f9f8c
- SHA512
  
  64670639f7a0b495cfa8fe9a8f29c9e5f3721afb9d0b766d49f807148443eb1ecde41ac2da2efa014fdf02ca939b2493bcc367ed4364fc52f3e5f0e34843ced8
- SSDEEP
  
  393216:1g5DRtCAE/cJsUuFH/A7OX9/JV/eiN+S0//uVyaN5RJB4oB5kG/wsRGSVtSzm0u:1ggAE/cju1Jde3S0//uwaNjDwTcek
Score

8^/10

collection discovery evasion impact persistence
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
behavioral1
- Target
  
  hackdex.jar
- Size
  
  1KB
- MD5
  
  0a53db95371adcc92d85253aac16bca7
- SHA1
  
  2eec4b620fcf0bd5bc020dc1f230e3fdf6615e12
- SHA256
  
  b90650d8dc095d2c3802fda82320e865c1c368e193466bd99706c1c77ee74c20
- SHA512
  
  90a9f29b8fc6baf34463f518e111531591d9137b4b2b8ff2578547cb894eea9523dc7d894c9b428b17c3a01453e42ac0ba30804b7b89b834675a2469d567e917
Score

1^/10
behavioral2 behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Execution Guardrails

Geofencing

Credential Access

Discovery

Location Tracking

System Network Connections Discovery

Lateral Movement

Collection

Location Tracking

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

collectiondiscoveryevasionimpactpersistence

behavioral2

behavioral3

behavioral4