joker | e1f2ea8188f875f18a03c17014a4d772050846c0578b87f3fcf877e18049f7b1

General

Target

47c3afe0e694eb4d16fa8a16f8e98a1b_JaffaCakes118
Size

7.2MB
Sample

240515-yl2exaha2z
MD5

47c3afe0e694eb4d16fa8a16f8e98a1b
SHA1

a321504d96043583c15ab12f6d185aa4658b334a
SHA256

e1f2ea8188f875f18a03c17014a4d772050846c0578b87f3fcf877e18049f7b1
SHA512

f3adf8c38f691f7f36522f38282d5df098d646691cd47c1f30c700595599dcfc2a0c0aaabb6ca86a8525d86da594636e6696ada6a5a457226a14da4a5a4916d0
SSDEEP

196608:vZ0CCV27+Ps5LxIKQ7wCgWOwrvKCiI8M6sow2:vOCC65nCbOwrvKzA6sow2

Score

10^/10

Malware Config

Extracted

Family

joker

C2

http://api.exc.mob.com:80

http://loc.map.baidu.com/offline_loc

https://www.itoumi.com/

Targets

- Target
  
  47c3afe0e694eb4d16fa8a16f8e98a1b_JaffaCakes118
- Size
  
  7.2MB
- MD5
  
  47c3afe0e694eb4d16fa8a16f8e98a1b
- SHA1
  
  a321504d96043583c15ab12f6d185aa4658b334a
- SHA256
  
  e1f2ea8188f875f18a03c17014a4d772050846c0578b87f3fcf877e18049f7b1
- SHA512
  
  f3adf8c38f691f7f36522f38282d5df098d646691cd47c1f30c700595599dcfc2a0c0aaabb6ca86a8525d86da594636e6696ada6a5a457226a14da4a5a4916d0
- SSDEEP
  
  196608:vZ0CCV27+Ps5LxIKQ7wCgWOwrvKCiI8M6sow2:vOCC65nCbOwrvKzA6sow2
Score

8^/10

banker collection discovery evasion impact persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
behavioral1
- Target
  
  UPPayPluginExPro.apk
- Size
  
  657KB
- MD5
  
  c51fa8f0e3934ccf55e2e7aa0442bf0e
- SHA1
  
  3e8fea3099028ecd23fa8679db4827b2d1c07a46
- SHA256
  
  2097dfea31969ce031131ad4830a8c1c93caf231048fec9c2a68ee94bfe9416d
- SHA512
  
  622be5e4ae2321486f34581a0cd7e2a0477c3d79fe677010ed02a7948ba21c15517f634f74b4a88aae9e54963df1e012063861ccece04994bce34e8dbb2a166d
- SSDEEP
  
  12288:dfYWNM0QfgMak+PUMMOjhZiHb6L2mjNQ+cSeWrCiCqMMeYWLbnhkG:dfTN/BMzRMMOjhZiHGym2+cSlAMeY4KG
Score

1^/10
behavioral2 behavioral3