joker | 00c1851b4d6be5c70241c9c0268e1a623ab9ccd5913399a870a6c64bb65f608e

Sharing

Copy URL

Twitter E-mail

General

Target

00c1851b4d6be5c70241c9c0268e1a623ab9ccd5913399a870a6c64bb65f608e.zip
Size

24.5MB
Sample

240520-ywfaesfb64
MD5

5e5fba142b81f9a6bd10404ffcfd023e
SHA1

cea2d35031731b97c4f9549bdb4c101eb40f2d5c
SHA256

00c1851b4d6be5c70241c9c0268e1a623ab9ccd5913399a870a6c64bb65f608e
SHA512

94613301ce630ca7bc8994e40a57efb4a7928f20dc45701ee2756f2ef5ba4eea0dfe55c94826974dfbc30988067ed1b64bc70c4f5d299b80b268befd8580082a
SSDEEP

786432:sJuvJLqZvnOt1PaqJOrDFGPKbHMhWbv9Be/E9lJFX4cws/xSO7HGZpug6f/Mhz+G:vvJLqFEerUqmju//e7

Score

10^/10

Malware Config

Extracted

Family

joker

http://u.m.taobao.com/reg/retrieve_pwd_index.htm?ttid=702669@xiami_android_3.2.4

Targets

- Target
  
  00c1851b4d6be5c70241c9c0268e1a623ab9ccd5913399a870a6c64bb65f608e.zip
- Size
  
  24.5MB
- MD5
  
  5e5fba142b81f9a6bd10404ffcfd023e
- SHA1
  
  cea2d35031731b97c4f9549bdb4c101eb40f2d5c
- SHA256
  
  00c1851b4d6be5c70241c9c0268e1a623ab9ccd5913399a870a6c64bb65f608e
- SHA512
  
  94613301ce630ca7bc8994e40a57efb4a7928f20dc45701ee2756f2ef5ba4eea0dfe55c94826974dfbc30988067ed1b64bc70c4f5d299b80b268befd8580082a
- SSDEEP
  
  786432:sJuvJLqZvnOt1PaqJOrDFGPKbHMhWbv9Be/E9lJFX4cws/xSO7HGZpug6f/Mhz+G:vvJLqFEerUqmju//e7
Score

8^/10

banker discovery evasion persistence
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
behavioral1
- Target
  
  CommonPlugin-4.1.apk
- Size
  
  509KB
- MD5
  
  d4f6436d0d9fc156e3ea696b04005c31
- SHA1
  
  88777a041c22151ff3c63a0928bfdf7db6b335aa
- SHA256
  
  4be301eff87b511ed26931ed486f504429979cfdc0e61d7f480689bbdc08e76f
- SHA512
  
  6b731916385f9429bc5969951c2d504c11bda8934159d7a394a84abb2c79133bc4e5af051e1a79f8bbd6ce73bc90aed91ef8a231a26a302ba1b713e49c89d794
- SSDEEP
  
  12288:DKcjYBGtLl82FVJq1dSAhhiUfkyWoUZT1iksBFok:2J0x9Vcb9hYU8y1UZT1+Buk
Score

1^/10
behavioral2 behavioral3 behavioral4
- Target
  
  FrameworkPlugin-3.2.apk
- Size
  
  18KB
- MD5
  
  4ac0847e047da5892813e64e1927ddf4
- SHA1
  
  5e9c0f2c16a69d33983105bf73ee402561965330
- SHA256
  
  31b32537914b462f177d31c48132c64191cc18292abe56a06923d27d88ead844
- SHA512
  
  8a017064e02b06eebcdf92473e20f4b2aa5b0d4f107cf0a36fb2175b8c6340f49b8c92fd2b8f60904d0ec88a219bb62d6292808bd33a579a1cdfec5474692c47
- SSDEEP
  
  384:nUdLURDsoy3RWnjnukNgWzauFqA28PWSjISsIC:UUDxy3mjneW+uh5ElIC
Score

1^/10
behavioral5 behavioral6 behavioral7
- Target
  
  LoopImagePlugin-2.4.apk
- Size
  
  36KB
- MD5
  
  a8cf8cb69ccf9e20c11784976a3d0e0a
- SHA1
  
  36b946902cb4c5a449861443c77f143060fd5675
- SHA256
  
  225da6726ecbeb746a6d3882f98b258d88d03d6095d63267a8fa16d99579f2df
- SHA512
  
  3aaf978f2b30a84bad909fa59a1d8d97690ec7bd7fa1537e504ada71dfc53d8f556fe880377faf9ee1c0ff09e308702140011dec0b622a1232db1900fdf7405a
- SSDEEP
  
  768:5P8ngm5ZrXFWLKxe7X+Fu9YZsdS1pVfk0plqPHs5Tdu4DqgiyfWMZi+T:ygm5ZbgLKxe7wu8sdS9k0pasPCyeM0+
Score

1^/10
behavioral10 behavioral8 behavioral9
- Target
  
  WelcomePlugin-2.7.apk
- Size
  
  35KB
- MD5
  
  425616bf98ecfaad03618ef2abbc8921
- SHA1
  
  fe738fbd71c28576cded03fe2b346bed2935d8c7
- SHA256
  
  b140fb86390c4a6223862a8fda272011d5f260bc0332a07aa3f0687c2f093eaf
- SHA512
  
  fe0d001e960b32d7fee60ed1dce02aea200f93bf125a84f17128e4a4847dbed11e9ae3ed2a2ecf36e69336d04251e57fe403ba80df9884e57e9c9b231b3fccad
- SSDEEP
  
  768:5erXFWLKxe7X+Fu95XKxJk0PttH2X9KMmzVsNyHKawRWnq9d:5ebgLKxe7wu/2k0TH2tKyNyqp8Q
Score

1^/10
behavioral11 behavioral12 behavioral13

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks CPU information

Checks memory information

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

MITRE ATT&CK Mobile v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13