joker | 47c3afe0e694eb4d16fa8a16f8e98a1b_JaffaCakes118

General

Target

47c3afe0e694eb4d16fa8a16f8e98a1b_JaffaCakes118
Size

7.2MB
MD5

47c3afe0e694eb4d16fa8a16f8e98a1b
SHA1

a321504d96043583c15ab12f6d185aa4658b334a
SHA256

e1f2ea8188f875f18a03c17014a4d772050846c0578b87f3fcf877e18049f7b1
SHA512

f3adf8c38f691f7f36522f38282d5df098d646691cd47c1f30c700595599dcfc2a0c0aaabb6ca86a8525d86da594636e6696ada6a5a457226a14da4a5a4916d0
SSDEEP

196608:vZ0CCV27+Ps5LxIKQ7wCgWOwrvKCiI8M6sow2:vOCC65nCbOwrvKzA6sow2

Score

10^/10

joker

Malware Config

Extracted

Family

joker

C2

http://api.exc.mob.com:80

http://loc.map.baidu.com/offline_loc

https://www.itoumi.com/

Signatures

Joker family
joker

Requests dangerous framework permissions 7 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Files

47c3afe0e694eb4d16fa8a16f8e98a1b_JaffaCakes118
.apk android arch:arm

com.yixin.itoumi

com.yixin.itoumi.SplashActivity

Activities

com.yixin.itoumi.SplashActivity

android.intent.action.MAIN

com.mob.tools.MobUIShell

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.GET_TASKS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_LOGS
android.permission.CALL_PHONE
android.permission.RUN_INSTRUMENTATION
com.android.launcher.permission.READ_SETTINGS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.RECEIVE_USER_PRESENT
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_SETTINGS
android.permission.MEDIA_CONTENT_CONTROL
android.permission.VIBRATE
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH
com.yixin.itoumi.permission.MIPUSH_RECEIVE

Receivers

com.tendcloud.appcpa.ReferralReceiver

com.android.vending.INSTALL_REFERRER

com.yixin.itoumi.receiver.MessageReceiver

com.xiaomi.mipush.RECEIVE_MESSAGE
com.xiaomi.mipush.MESSAGE_ARRIVED
com.xiaomi.mipush.ERROR

com.xiaomi.push.service.receivers.NetworkStatusReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.xiaomi.push.service.receivers.PingReceiver

com.xiaomi.push.PING_TIMER

Services

com.baidu.location.f

com.baidu.location.service_v2.2
UPPayPluginExPro.apk
.apk android arch:arm arch:mips arch:x86

com.unionpay.uppay

com.unionpay.uppay.PayActivity

Activities

com.unionpay.uppay.PayActivity

android.intent.action.Run
android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.ACCESS_WIFI_STATE
org.simalliance.openmobileapi.SMARTCARD
com.tencent.mtt.extension.Player
android.webkit.permission.PLUGIN
android.permission.RECORD_AUDIO
android.permission.MODIFY_AUDIO_SETTINGS

Services

com.UCMobile.PayPlugin.PayPluginService

android.webkit.PLUGIN

com.unionpay.mobile.android.vipos.colorful.CSwiperCallStateService

.CALL_STATE

Android Permissions

47c3afe0e694eb4d16fa8a16f8e98a1b_JaffaCakes118

Permissions

android.permission.INTERNET

android.permission.READ_PHONE_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.GET_TASKS

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.READ_LOGS

android.permission.CALL_PHONE

android.permission.RUN_INSTRUMENTATION

com.android.launcher.permission.READ_SETTINGS

com.android.launcher.permission.INSTALL_SHORTCUT

android.permission.RECEIVE_USER_PRESENT

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.WRITE_SETTINGS

android.permission.MEDIA_CONTENT_CONTROL

android.permission.VIBRATE

android.permission.BLUETOOTH_ADMIN

android.permission.BLUETOOTH

com.yixin.itoumi.permission.MIPUSH_RECEIVE

Sharing

General

Malware Config

Extracted

Signatures

Files

com.yixin.itoumi

com.yixin.itoumi.SplashActivity

Activities

com.yixin.itoumi.SplashActivity

com.mob.tools.MobUIShell

Permissions

Receivers

com.tendcloud.appcpa.ReferralReceiver

com.yixin.itoumi.receiver.MessageReceiver

com.xiaomi.push.service.receivers.NetworkStatusReceiver

com.xiaomi.push.service.receivers.PingReceiver

Services

com.baidu.location.f

com.unionpay.uppay

com.unionpay.uppay.PayActivity

Activities

com.unionpay.uppay.PayActivity

Permissions

Services

com.UCMobile.PayPlugin.PayPluginService

com.unionpay.mobile.android.vipos.colorful.CSwiperCallStateService

Android Permissions

47c3afe0e694eb4d16fa8a16f8e98a1b_JaffaCakes118