joker | 3afb197f914c7e11a5d63f6632b1e3a9085d818bcd3cf18e51f82c24c0dc9195 | Triage

Sharing

General

Target

4edb8464adf5feddc64376986c92485f_JaffaCakes118
Size

11.0MB
Sample

240517-hhsqlaed85
MD5

4edb8464adf5feddc64376986c92485f
SHA1

12f51440768acbd163f44f427bc9f670f1d17822
SHA256

3afb197f914c7e11a5d63f6632b1e3a9085d818bcd3cf18e51f82c24c0dc9195
SHA512

d43869a64d53f045566b74b3606d6a5db73170f028d5d9a4ff33e000cdac2894e4402ffdb360c8bc281d70263ba0dfb5487032f5319a3cdbbcda00676950b591
SSDEEP

196608:LGmUp2pRzko1oUIhyTqPhPEhYGNN9RNiXWJ+zyoNjfCccIdd8hMhcsISNk/rckXB:VUp2zzP1eyTMEuKpN6WJToNbCXUmYc/R

Score

10^/10

joker android banker discovery persistence

Malware Config

Extracted

Family

joker

C2

http://loc.map.baidu.com/offline_loc

Targets

- Target
  
  4edb8464adf5feddc64376986c92485f_JaffaCakes118
- Size
  
  11.0MB
- MD5
  
  4edb8464adf5feddc64376986c92485f
- SHA1
  
  12f51440768acbd163f44f427bc9f670f1d17822
- SHA256
  
  3afb197f914c7e11a5d63f6632b1e3a9085d818bcd3cf18e51f82c24c0dc9195
- SHA512
  
  d43869a64d53f045566b74b3606d6a5db73170f028d5d9a4ff33e000cdac2894e4402ffdb360c8bc281d70263ba0dfb5487032f5319a3cdbbcda00676950b591
- SSDEEP
  
  196608:LGmUp2pRzko1oUIhyTqPhPEhYGNN9RNiXWJ+zyoNjfCccIdd8hMhcsISNk/rckXB:VUp2zzP1eyTMEuKpN6WJToNbCXUmYc/R
Score

8^/10

banker discovery persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Software Discovery

Security Software Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankerdiscoverypersistence

behavioral2

bankerdiscoverypersistence