joker | 3c76275f27d83c1b3c5e83dd0bf3ff8a_JaffaCakes118

General

Target

3c76275f27d83c1b3c5e83dd0bf3ff8a_JaffaCakes118
Size

79.5MB
MD5

3c76275f27d83c1b3c5e83dd0bf3ff8a
SHA1

3d2c6927c8941de9027245d7bffd10cf4459fb2f
SHA256

6f0bb57865034949176feef96fc7ac88fe2ab5e269039d82fa1f9e20f54b8432
SHA512

6eda60721f6cd1c4b1ec7bda531ad12a845f8bbc9679b0b74bbd6a26f12d8f080f5cf183db1d896cdcd9a24bc406f26dbd70200153ee11d8671018affc3face3
SSDEEP

1572864:DE4ceDeOsZ5D4woBUTcjmpPkLnffgj/S3VCoicBCweGXBQMNLU6JyiCR:rceyRZ6nB6+mpP+nHIK3V+7wHjN7ghR

Score

10^/10

joker

Malware Config

Extracted

Family

joker

C2

http://androidsdk.ads.mp.mydas.mobi/getAd.php5?

http://i.w.inmobi.com/showad.asm

http://www.tumblr.com/connect/login_success.html

https://androidads23.adcolony.com/configure

https://d.appsdt.com/download/tracker/iatsdkconfs?

https://data.flurry.com/aap.do

https://proton.flurry.com/sdk/v1/config

Signatures

Joker family
joker

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA

Files

3c76275f27d83c1b3c5e83dd0bf3ff8a_JaffaCakes118
.apk android arch:arm arch:x86

com.cocoplay.girlspjparty

com.tabtale.publishing.ttunity.TTUnityPlayerNativeActivity

Activities

com.tabtale.publishing.ttunity.TTUnityPlayerNativeActivity

android.intent.action.MAIN

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
com.android.vending.BILLING
android.permission.VIBRATE
android.permission.CAMERA

Receivers

com.appsflyer.MultipleInstallBroadcastReceiver

com.android.vending.INSTALL_REFERRER

com.tabtale.publishingsdk.monetization.appshelf.WebViewService

com.tabtale.publishingsdk.monetization.appshelf.WebViewActivity.APPSHELF_LINK
com.tabtale.publishingsdk.monetization.appshelf.WebViewActivity.APPSHELF_SHOW
com.tabtale.publishingsdk.monetization.appshelf.WebViewActivity.APPSHELF_PLAY_SOUND
com.tabtale.publishingsdk.monetization.appshelf.WebViewActivity.APPSHELF_START_ANIMATION_ENDED

com.tabtale.publishingsdk.monetization.promotionpage.PromotionPageWebView

com.tabtale.publishingsdk.monetization.promotionpage.PromotionPageWebViewActivity.PROMOTION_PAGE_LINK
com.tabtale.publishingsdk.monetization.promotionpage.PromotionPageWebViewActivity.PROMOTION_PAGE_SHOW
com.tabtale.publishingsdk.monetization.promotionpage.PromotionPageWebViewActivity.PROMOTION_PAGE_PLAY_SOUND
com.tabtale.publishingsdk.monetization.promotionpage.PromotionPageWebViewActivity.PROMOTION_PAGE_START_ANIMATION_ENDED

com.amazon.device.iap.ResponseReceiver

com.amazon.inapp.purchasing.NOTIFY

Services

Android Permissions

3c76275f27d83c1b3c5e83dd0bf3ff8a_JaffaCakes118

Permissions

android.permission.ACCESS_NETWORK_STATE

android.permission.INTERNET

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.ACCESS_WIFI_STATE

com.android.vending.BILLING

android.permission.VIBRATE

android.permission.CAMERA

Sharing

General

Malware Config

Extracted

Signatures

Files

com.cocoplay.girlspjparty

com.tabtale.publishing.ttunity.TTUnityPlayerNativeActivity

Activities

com.tabtale.publishing.ttunity.TTUnityPlayerNativeActivity

Permissions

Receivers

com.appsflyer.MultipleInstallBroadcastReceiver

com.tabtale.publishingsdk.monetization.appshelf.WebViewService

com.tabtale.publishingsdk.monetization.promotionpage.PromotionPageWebView

com.amazon.device.iap.ResponseReceiver

Services

Android Permissions

3c76275f27d83c1b3c5e83dd0bf3ff8a_JaffaCakes118