Analysis
-
max time kernel
150s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
-
submitted
10-05-2024 01:34
General
-
Target
2cb26667f8f20ff642fbd2be4b936d32_JaffaCakes118.apk
-
Size
2.5MB
-
MD5
2cb26667f8f20ff642fbd2be4b936d32
-
SHA1
323086c2bfcd6685a877e367b56723de3b7376fd
-
SHA256
33509b8a70788bf8eccfce51d921f5e997777e163d0dcf8ea84638759c964d28
-
SHA512
8b36f197fe688a820b328ea7b0cf6d7aef07b551a7733a21ce190cc10f1e319ecae65c5c90e313a9e6cdafab05bff81219cd0414c55527ee765a1228e887c939
-
SSDEEP
49152:7byoM0s4D/QoYEqiQeNR91qSFfHKdab4oEYGgD1GNEHO+/FeW9j49dOB:a30L/QZZiQeznNFi4Udgj/dL9j4POB
Malware Config
Extracted
joker
http://120.78.31.198:8030/api
http://121.41.88.125:7070/
http://47.97.211.44:18888/idlecode/
http://data1011.doulaiwen.com:9841/mvideo/
Signatures
-
joker
Joker is an Android malware that targets billing and SMS fraud.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
crgr.cdrujl.vhiq.aegho.jqcgtsi1⤵
- Requests cell location
- Checks Android system properties for emulator presence.
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Reads the content of SMS inbox messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/crgr.cdrujl.vhiq.aegho.jqcgtsi/app_jifrjf_odex/webviewtest.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/crgr.cdrujl.vhiq.aegho.jqcgtsi/app_jifrjf_odex/oat/x86/webviewtest.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
cat /sys/class/net/wlan0/address2⤵
-
-
getprop2⤵
-
-
/system/bin/sh2⤵
-
cat /proc/version3⤵
-
-
-
/system/bin/sh2⤵
-
uname -a3⤵
-
-
-
getprop2⤵
-
-
cat /sys/class/android_usb/android0/idVendor2⤵
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/crgr.cdrujl.vhiq.aegho.jqcgtsi/app_jar/lpbia.jar --output-vdex-fd=93 --oat-fd=90 --oat-location=/data/user/0/crgr.cdrujl.vhiq.aegho.jqcgtsi/app_jar/oat/x86/lpbia.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
sh -c cat /sys/block/mmcblk0/device/cid2⤵
-
-
cat /sys/block/mmcblk0/device/cid2⤵
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD57522c100627472a6555966186b1139d9
SHA1cf48f15cd3897845483287b0bb0ddf4798ac8b9c
SHA25678d0e30e0ed213d77000cdc9625c38fe931a2470fb608da1b854cf76d0274095
SHA512f06f44e247f538fe62ccbf1446f5a45099c437bc83408a51fd39db38f0c77a1d6e62aeb9ae4f78776695d5b0234e690eccd19684f0de3a45f84df07c4bcb79ff
-
Filesize
190KB
MD5b99b18cabfc35f6fe9368f827b7e2a06
SHA13f9df62adfad3b0ac52a95f9be4393a1301227b8
SHA2565d91778e7bb7771a66d9c7a702e2d3297a51ed5c502897bc75bfcceff997d756
SHA5127a102da67cbc67f86b2743aebfb504a35b27b0253bd0974f0c784de1261fed6003dfaa4dd216a755f22b13f8d96cfb01eb13934380d34d31ed23777f80fe0808
-
Filesize
25KB
MD5087265c312597d18c740fa1d14442362
SHA1a1d5fdfe706cca968e5adc37613c15c202b9aada
SHA256d66df25395102eb65f4904b914a3302a3af54e1c912bd1cc522c88025530c040
SHA512e563d43279dd00c0843e07beab86728e0057e583fa8df1f135bb08777c4d42de2e03470002f2946549c95320fc863066f33161e91418853d301bc3b99c218043
-
Filesize
333KB
MD51391ae44c2322a1454de5b7bf696cee1
SHA1ba2ef523e55d9e37062c7392b5d847707368512f
SHA256f3b2fef1d848c51df2a1f572fd2a4534bfaa9fb49ad2d40524e62337afbff49e
SHA5129245151ccccafa2c179cc4f1a2c044e8d10868554d92e9cad25b705fe80e6da88ea395a826d1038c24a5dd85b109570eac7acacff1421a3fda2e8ee5d2a9dbd5
-
Filesize
185KB
MD5fd08b15c43ff410151956741c5b0ce91
SHA161cd52fb9851eb3f4486be21279627234eb88288
SHA256f26daf6529e110d1f6411d8f882e88d5ab4cb26a797f42b3dd430826f0bb6350
SHA512d1c1c27c024ea7866575b7c462955ab7103396e459556e8794cc2990d782ca0a29f8dbcb9760a2fde303d064b091fa635b3d5c13068a529bc81e9d7c3588e28c
-
Filesize
1KB
MD5a89e70927d81ab1260a6c991af2a0651
SHA142e7cfbe2482643aae88d1ea6d5e884dc00a2ff2
SHA2566e36aee054068efd784a6f614d0c051188fe6df9bc79be3cd57a89f223404af4
SHA512ab51972da567c7981cb784112040c98ececf9b12ba4c440e5c3f63f39975ba691f9f21fcabe4838f52e886f23357f8db43d9defca1d229fc265e637cb1539d10
-
Filesize
3.8MB
MD5ee22a3bde8ebd185c49dba782b4da126
SHA12ef76f1d760d38aced9966eac547c594099f7781
SHA256b1fc546460bbfbf8116ddcc943858035d0d64f027448da57df8e91c91f8094d3
SHA5126e88367ce11706e236d3006981274a736d992b9f9bff650936a2fab5191d8ced7c9fdd12f904d264529f6720a36f1d3b64de709c9d22ba1919727e8897e6b376
-
Filesize
976KB
MD5c9b1c9bfd842e16ced8ffccb7fa21d81
SHA1019d2cf97bb43ae162246063d3d69a3ec7d2d2fc
SHA256f2fc6a11ff46d633e975b375837a45f5dd7e09f041d718fecb7ac2942061d999
SHA51270982941dc4e3ec86a66e8202593c67832980726d60481fadce72b62bb5e43a14afb2b321f57ac466b387557ff996e6a2959fcd41b1b5effec4efa56b90563e8
-
Filesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
Filesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
Filesize
512B
MD57b625ec90691b72c5927b7166f441fb7
SHA128ac3b3d0437f8a606549bd5d1161e33aa437187
SHA2561e42a78f72e18d59db786c8ea128e329a39c1cef7c22b6415b69e8d6d717bb1c
SHA51221ed597e7c286d25bce39c173645bec25cc590a42a5d7bef425e2c30778edaa87ba1e08b3ca4c21b8d43820bf91b7f1cba356cbf6b495dd77965a5eccfa89e91
-
Filesize
48KB
MD573174eb271d95636fa231b00f2f67708
SHA1e14e583d3a9bfa451723c7b0be28c760c1671774
SHA2565ade4d0d76b51b5e9bdc30809ddd541fcca77e5685efea471542b6b14efa3510
SHA512045cd521038bc24cd8bd849dd592e4c3902bd9c7da50841596146d69dbe75d74784a46656ce51be755b614a84005dac3f1c3c98c7438d396b4a4c71c24600e75
-
Filesize
16KB
MD5c89f9e758b075d618bb94bc834879fda
SHA13466f106beb2393d3c4bbaefaf80cd8361dec4d0
SHA256c955390bcc47d7c41eb568d29adecbbc9aab055a9720196ddb68f04563d644f7
SHA5121f90036e6665d6baa8f8e35c061b7b7947955e45c7511f5b254dd3df76699bb91dbebb4c34d142b3bcf1d4748533f8669b814f5688517d1f1b2e294842507588
-
Filesize
44KB
MD5a072557c13ffe50f617819f08eb8e453
SHA167e36dd1b56ef6a2a6eb4efe039b9de612870697
SHA256d6e4da9d6ef70d6cf7b550a6446a8bce843ef397c1df2f0c6551881853e0403e
SHA512f176c3cacbf47811c508084ec1df66ddc16ee7abfdabd5a225e2fca8d3b5da9f41a8adb2c7b9ec3f79d972a70f4f65f1bdc07694a85dc35bad94411c3ef68678
-
Filesize
512B
MD529748e9e9beb2d7c226a4ca61c561c04
SHA131e53dd7e2ed10fcb59c063f0043709415428078
SHA25633dfcc86195c72ed86c473e7d5dc2ac9462f4ddb2893601d1fe0f5df48ca3fd4
SHA512b836e49b48326a3c5100f9f9ac2ae7f4dcad6685d3beb631643a16802630dd713253a28c606d6050106648354ece3526d75c41616c202f5bdeae194e2721f816
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
56KB
MD54a8383f5de3b478cd9c1a572c6789f57
SHA1677f14222fa71a04a6ecddd7cef6a94154264d1a
SHA256d32704e4a3d8c2e481e19e2b5aa38fc84f5178e85ecf9cf90b2ac45494f40c9e
SHA512fbb4f798b0d63e0ad7d58194f7cdd4a5f2b5611b8da09ca12d155d64aeafa287c3a549bce2ccb54754be8c0d0e610c5a2e2a0af3456d8f04b63984c0ba93c04b
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD52783cb1a1747e999b66a58f6198383a1
SHA1ff687c4d8c36f6400c3f91b0eaa70553e0e47d0a
SHA256e41f99c454cefdb5e352be198295dc02740fe98e7dc075ceee5d1d61b8c8fa4b
SHA5125a5e1d56f58fd235512c144a3518bbf855dac3f24f8cd6b40b8f871873c86b90ce9cfc65601dd17d4abbe00e6af055bc38e6e4a2b4234daf3ac54573c0213861
-
Filesize
20KB
MD5b0c3023bcd0ea8e4b63d41b3e8a41593
SHA14214403420ad38f265026418af5b49bd8c5c9703
SHA256a5b3bca63663952c7199c3df5eac591bd4c5785a4af0e5b733739f85d3f224ed
SHA512fc7a12e977e0eb7f5ad0e6c629c542c575949f1d7b13029134ceb7d7dd3f534f66d56fe41ef73ac2f40e972ea946cccbb43e740f5dfb7b48ba1b52be4efd35ff
-
Filesize
162B
MD55258ca4e9182fd64ce5855ce52160916
SHA150931b40d22162f7c33413ab9fb5fdc57283c03a
SHA2560f7dce20911558bfd63bfd9db4a748ee369a88d41ad87ccb6f60424a1979fcb0
SHA512ea6519ec656c53b22b75843d3e572fc1c06013faafbbd9611aba960b4fc8970b7bd92897facf04dca6f2347c3159b71efb14154734bb04a852f9b89cc5d0cc3e
-
Filesize
59B
MD5f7248fcf5349b4b71ee6f6a69a8ca000
SHA11016b38ead93ebba84240532fc6910cd4de38d5f
SHA2560c09f665a013be9a9ce600fed40e72438bed20bf082a472563846828a348c1f1
SHA512c5db372de46e7fe1f9f4ecaef66384043f458adf02a5cae01777a076d95492a2d9600183945f80a0dee57e9571635a13d992d5d65e0f7a906764343d50c3c0ca
-
Filesize
92B
MD5d55fae37998ec02241fd574a0d627beb
SHA18313640739059bc6e4a857ba602d4367fdae7fdd
SHA25644631a144edd24e3a1ac101eca4f2881f2ea0345cb2418323965f0eb15b7d0ca
SHA5126a5984d868c3b69e26a3ad86a8142d71c92e360973a21ececc75424c07cc8573f518ccbf5d5720a93981386fa147f50d008ed35e4863d9fd6b5017e73f807423
-
Filesize
415B
MD52a0cae9c3e8b5117885aac0f965280dd
SHA1481be699c9d06586c9960c0313177adf5f474087
SHA2560d58564e1c3471b725743df85be04e33525db31cefcbadcfb6443cfe7dceea78
SHA512dc44aa785d7860438689d0e1f3fd214710c8dd3b886fdb1def69c9478db8b4c2572372ded1d5df17d7c51239e7a4a76f86a446d2fc97d654e3732dc13a9dbf92
-
Filesize
174B
MD5786c0db4e909cc583ed2c707d43818f8
SHA1a57818012659b4de2f3288eff1f984c0b9e2f440
SHA25602010ac0a618076c12300cfd4b233a1c52952a43344695cbdc5c293b330c7da2
SHA51260745753071ac00f404f94c3773c0bb27e83832061e96c09a1e3a303edeb04f2404deb47f09df48e640e7d77344d9427e38e60c481ad1cb049ce5cb9051133e5
-
Filesize
174B
MD5d3fd61591f90c3baa33b78607f11bbec
SHA191ccfd157dc3758b9841f4fdbe2425dde193e5b5
SHA256958e0345b699137d29739bf9d278f8ea10967d3ffb6818c6dd339e539dc225fd
SHA512c6a42ac3ffe69853556d9ff7f6b4788f1b0e5d7f19a68e17400aaf995d32ea582dfe8293c1bc7109bb9cca484c0f1c0651e6b99389cbd097d1f7e32ee023b729
-
Filesize
174B
MD56033968a9a28cf56e4e102fabf7f8d62
SHA109b0045da376bb810b9f28a7130bdfbc51fa5e59
SHA25629f932a00299b146100549e931462c34b7fc8488c401347c902bb66a2ba0d59e
SHA51208a2e9f6f89685ef7efae1c3aae97558685c099f96973bcb8e7bbd079177e074d58663873ffe61aa3f5ad8f703daf521477c6ccd9d84a892b3965f58234e7e86
-
Filesize
68KB
MD5449c6f0927adc44c32cca08a94031232
SHA166920152ac87bd0dbe2819e3bfd1684510cf924f
SHA256fa1a3b368019df69c4a11f9ae77586f26b0cc4c0174e51f7367c16ee086586ea
SHA512a6d2b0a4fbfd108685dc4187d612f0910353c67526a2d19084b491485b8ef6242e96257b45cd8544bc7943a2ace180586340ccf93be40f9f4079106697b1b8a3
-
Filesize
68KB
MD578ec6128421bb1152d89143adc3eb98a
SHA1a1ac6200f63394c8b14d2f7a7916c850ff1a6014
SHA256df8e0d5ae23bfc11cbbb0b80f7428cbdf25f4dec5db2fb034fcc94e4e7fd3d1a
SHA512729fd885bbe53eaa35dfcd0a2a8d345ffb684a1436fb7d7e71a7aea40dc3e8dc9bf5594e1f444fe802599eb8e69fda00181fa66254888bf119841de4685f031b
-
Filesize
3.8MB
MD5c45de92dd761b787e969b1ec3b6e3c93
SHA142dcd45a273c7e0d06b0607442370f73eea30338
SHA2564cd5c4b059b6b7f835230480500f8f83945cb5a8a227a9fffbbf091946d43a8d
SHA512ebdd47f8e2f2db01a10c938585ffe70ef5324ae790a615d8c7bf04a9fc4bd071675641de486b9b39bc6e01b0c2816d9eb57a1edd8eeba42eb2639fffcabc5b09
-
Filesize
36B
MD5c2af98916e865409e444fdc5c618d797
SHA1724b37a3c794d2845213fc9c588fda1094f33a22
SHA256ed198aecf080c975d066ca798ae6aa68fa64cb8778e1a6930fe9d50d66b37b67
SHA512f8ffd925d850b397fab6a5c28b7380e8caee95bdec04ceaa0c0befd3a21e2802d12c335a17d040fce0a21ff14a7d379c9e60342d1033e428275d775f03657404
-
Filesize
27B
MD51760a5fb4056fb2d150da5b98a1b5304
SHA137f2190997f09c183c669a53a4c5038b2ae2dfd2
SHA2562ff6b1f7da9f7dcab6b3e04f4504e67857ebe62aad4ba8599790b57a830fffbb
SHA512444a2cc9f12c532e4af0608a1479bd5708469edb4d2a7b1f78e56558a34d892aa6bbe645f9f081c760e67e0d6c9cd33c6e3d94f85189a0738c9aa4337d9d157c
-
Filesize
29B
MD59b3888bfdf9618b157b5f119077252ae
SHA15e5ddb32e62df1763e213c5c5d1ab1b403437706
SHA256ee337c1296d81fe79335b8e62c92f8050aba8d041dce4bdecb2b032032c05f0b
SHA51294bd4cf83377e13e77d1d3b2938d454d2ba3409213fef40450001ee015548c3222b218a0f9b00c133b278d8ce406016334d89254a965a86121a017e5191d5efd
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
80B
MD5420a33ac4fafd55661e9f9fb6aa1e60b
SHA1112f11a4e2673b9df2d433545a0416a5ed69335d
SHA2562f9a741eda97cdac8130e785938cc5427c1dfc13e2e8fb3999e073a6a2635696
SHA5125c08045a65b66e3a8b5e6fe111a64fddc0da0c1836f11d96444b7eb22f5ebd40f30ff431de18298651b58a721a621eba844448f4bfb55e4f2c2199d7375bf114