General
-
Target
e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484
-
Size
24.1MB
-
Sample
240515-sjrj2afc32
-
MD5
46a8237ecbe0e5917ef9ce670c7ce422
-
SHA1
3842bc1cd7589b011e1e86289d18f6f3526b29f6
-
SHA256
e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484
-
SHA512
8d25a58cffef4e5c78732e2cacd439acf67fa03cc584c340f3391623c876dd7c39bc5b6067b1e8eeed4f0cf7bf984254bce0b8ec4a1fe73849600b51388bc135
-
SSDEEP
393216:07KWMxmZpoM2W+wO9JtjQ19ggc5KbK7ylv4Os1rgnp7h+FJhlsxbjCTASe+oqNhi:ZWHZ1UrF2g95OieSUN8PGxRF+owad
Behavioral task
behavioral1
Sample
e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
amap_resource1_0_0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
amap_resource1_0_0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
amap_resource1_0_0.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
joker
http://abroad.apilocate.amap.com/mobile/binary
http://apilocate.amap.com/mobile/binary
Targets
-
-
Target
e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484
-
Size
24.1MB
-
MD5
46a8237ecbe0e5917ef9ce670c7ce422
-
SHA1
3842bc1cd7589b011e1e86289d18f6f3526b29f6
-
SHA256
e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484
-
SHA512
8d25a58cffef4e5c78732e2cacd439acf67fa03cc584c340f3391623c876dd7c39bc5b6067b1e8eeed4f0cf7bf984254bce0b8ec4a1fe73849600b51388bc135
-
SSDEEP
393216:07KWMxmZpoM2W+wO9JtjQ19ggc5KbK7ylv4Os1rgnp7h+FJhlsxbjCTASe+oqNhi:ZWHZ1UrF2g95OieSUN8PGxRF+owad
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
-
-
Target
amap_resource1_0_0.png
-
Size
24KB
-
MD5
94a2a5f84a3fd6f0fd9134708ae1b81e
-
SHA1
1e21afaa48ed86cb31aaf7b17c3514315364cc99
-
SHA256
fc0c21884d4edfa4d93282139a309f204b27271a111a5b158edbc048f730b461
-
SHA512
24a175d15cb5cf8d23f0d53b004ed5c9a47646129c816fcae1b46aedabd95bb2c6dd2958d39d6f98f36dec3cd55d6af2d9b8f7013ced4b37a30db566e9a44923
-
SSDEEP
384:SevEWnTSCwukBdJ4dVCHyP7MPi3oqYXgnJk:3vEWnSue4+Sf3opQa
Score1/10 -
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2