Overview

overview

10

Static

static

10

49ebd14ff2...18.apk

android-9-x86

8

facepp_res....0.apk

android-9-x86

facepp_res....0.apk

android-10-x64

facepp_res....0.apk

android-11-x64

paanydoor_...12.apk

android-9-x86

paanydoor_...12.apk

android-10-x64

paanydoor_...12.apk

android-11-x64

pawifi_res.apk

android-9-x86

pawifi_res.apk

android-10-x64

pawifi_res.apk

android-11-x64

xiaoan_res....0.apk

android-9-x86

xiaoan_res....0.apk

android-10-x64

xiaoan_res....0.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49ebd14ff200105a6476a6c3375fbc70_JaffaCakes118

  • Size

    25.7MB

  • Sample

    240516-hvjy8ahb5z

  • MD5

    49ebd14ff200105a6476a6c3375fbc70

  • SHA1

    61899b47f474266dfd85d66497eba2a56b72c530

  • SHA256

    58520971b8cbb0091fb4f4c1523c844359f5ca53eae3188c64bcf6c44d6a5128

  • SHA512

    802bbcde62369121ddeea29ce5839fb534e8e240aeb0d2da9a6140df7ba0a74c97b54771b864c21f038b229289851669ad5e959b5dd1a10d86f1f16cbb5d6ab6

  • SSDEEP

    393216:SrS/d44UPDcodOJ+l1Q56hx/5EdtEEroSaj5KYCzMgqTjCEhQDnGcLmWeVW:Se+TPDcoccU5+5EdXov5K9zMXCE6njBX

Score
10/10
jokerandroidcollectiondiscoveryevasionimpactpersistence

Malware Config

Extracted

Family

joker

C2

http://ubas.1qianbao.com

http://www.wanlitong.com/app1/

Targets

    • Target

      49ebd14ff200105a6476a6c3375fbc70_JaffaCakes118

    • Size

      25.7MB

    • MD5

      49ebd14ff200105a6476a6c3375fbc70

    • SHA1

      61899b47f474266dfd85d66497eba2a56b72c530

    • SHA256

      58520971b8cbb0091fb4f4c1523c844359f5ca53eae3188c64bcf6c44d6a5128

    • SHA512

      802bbcde62369121ddeea29ce5839fb534e8e240aeb0d2da9a6140df7ba0a74c97b54771b864c21f038b229289851669ad5e959b5dd1a10d86f1f16cbb5d6ab6

    • SSDEEP

      393216:SrS/d44UPDcodOJ+l1Q56hx/5EdtEEroSaj5KYCzMgqTjCEhQDnGcLmWeVW:Se+TPDcoccU5+5EdXov5K9zMXCE6njBX

    Score
    8/10
    collectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

    • Target

      facepp_resource_1.0.0.png

    • Size

      1.2MB

    • MD5

      9c6698ccf379d613d9225f6e7a9611d7

    • SHA1

      2b557c12c08ac846d144ff81ac3d58e1d04e5faa

    • SHA256

      d6fd50c96ae2c0c6f7fa55a3415f2db7dd9da932992202ea778b3bd5b9d16e19

    • SHA512

      f6f926c71b8a229888bae2f2adfbc4f83bc8c1f0171fb1dfa952f968c29bf890a86aaced1f6709a5ac637701228708f082e375737997c39cedf083338ee7181c

    • SSDEEP

      24576:Xz2XHC4gh29sv3jxUZPDNToAvFgJOj5ZgWUoxX6a0/XKKOqOXyknChP2MxzER4:XzZ2WvTMSUyONO9tFX7OqyBc2MNz

    Score
    1/10
    behavioral2behavioral3behavioral4

    • Target

      paanydoor_resource_3.3.0.12.png

    • Size

      478KB

    • MD5

      da0283e4fa2142f5820c86cda556aa28

    • SHA1

      34c91573e4c3109c8386e0c3b048bbe8ed89dcc5

    • SHA256

      c091b34a7624fbda376b016c3fe7dbe1ba6a44979a414c9f6555d7acbea092eb

    • SHA512

      c73a98d74b52d501190628de9e4bd4ba81c8d444151f90046087fc79f91c5b62717dcde0cc27eafda77b755963e2ddeecc456a6f5781a03ce14952d725c3c49f

    • SSDEEP

      12288:Aq6XcbIjAi8/8fNoa7WCUVA0L3TQsUILAfqYej8N55gbqIYbklGZlW:AVserNoajUh3Ttzjm55gmfW

    Score
    1/10
    behavioral5behavioral6behavioral7

    • Target

      pawifi_res.png

    • Size

      525KB

    • MD5

      62de758095e0a67927c3407f0a9c4297

    • SHA1

      7994e13647b30d97449bdbe1e8e7632903d012af

    • SHA256

      ce6c5cbf1afcd7d2fd3a129e8a6ff4abf4d87c86905d03cf2e253b6fa5878993

    • SHA512

      ab6dc67f460af19f363bf0b71ac98f8a258be2a2fc9d8d7ce265d7e02af2ef4f72a409983a33eeeff018fceb61710b94801be48149479387e1435c39ae15ccc8

    • SSDEEP

      6144:smM7v2Pl79RLcz/ocfT221KcPb7r3iWVj9O7801ExiuEa4Fp9mNk61RFBpTA:j6il/ojWLcPb7TVj21Exiuy9QNFBpTA

    Score
    1/10
    behavioral10behavioral8behavioral9

    • Target

      xiaoan_resource_1.0.0.png

    • Size

      64KB

    • MD5

      d8bb36913e0dcb67452c7009d13e9a7d

    • SHA1

      10e50cdf2327fcfce17cc452f2ac9b71e52dfadc

    • SHA256

      32d6ceca8dfb510aadd44aca6d1279ce82bcad931a10e8acbae5e8b6e0b36e76

    • SHA512

      07156a47a14fbafe761a200e86b0f444563d4a1fa2de8b09cb6979fac39952bc24941e8fe951bf59eaa821b8fc4d8b3933c0424d540adb8f8326b68a2a699a00

    • SSDEEP

      1536:oApdyJvCj/CL6qThK8zCb+Jd2Vr8BexM+bg2BY086zjB5Cj6fs:oo1j/Cj3CbGYVeWM4g2BTzjujx

    Score
    1/10
    behavioral11behavioral12behavioral13

MITRE ATT&CK Mobile v15

Tasks