joker | 38ac5c33f29c4b564622c00e8d736f589ad8143ab3ef7dfce7fc2948209346d4

General

Target

38ac5c33f29c4b564622c00e8d736f589ad8143ab3ef7dfce7fc2948209346d4
Size

10.8MB
Sample

240523-jl2ckshg76
MD5

6a38f9bca6eb67d89d9185659fb44fc3
SHA1

d0a07bd63a26f648fbec8b88c66965cda34e9c07
SHA256

38ac5c33f29c4b564622c00e8d736f589ad8143ab3ef7dfce7fc2948209346d4
SHA512

ebe9868eae3c99b1b5363128b26daaa69fc5a1a3a102606862086249da89b4b286c1b3a41dcb0d774dc4d50d3cef2f1f098b2aecdf22f10a9fb4f8574381eff7
SSDEEP

196608:0GmIP11/YoQBbcmhthdiM9KvA2ogzJQQLjCkYTcW2/B9SA4DgFsf4jp:7mIPneQWsw2WQ3YTcW2/B8fIp

Score

10^/10

Malware Config

Extracted

Family

joker

C2

http://ask.dcloud.net.cn/article/285

http://ofloc.map.baidu.com/offline_loc

http://open.weixin.qq.com/connect/sdk/qrconnect?appid=%s&noncestr=%s&timestamp=%s&scope=%s&signature=%s

Targets

- Target
  
  38ac5c33f29c4b564622c00e8d736f589ad8143ab3ef7dfce7fc2948209346d4
- Size
  
  10.8MB
- MD5
  
  6a38f9bca6eb67d89d9185659fb44fc3
- SHA1
  
  d0a07bd63a26f648fbec8b88c66965cda34e9c07
- SHA256
  
  38ac5c33f29c4b564622c00e8d736f589ad8143ab3ef7dfce7fc2948209346d4
- SHA512
  
  ebe9868eae3c99b1b5363128b26daaa69fc5a1a3a102606862086249da89b4b286c1b3a41dcb0d774dc4d50d3cef2f1f098b2aecdf22f10a9fb4f8574381eff7
- SSDEEP
  
  196608:0GmIP11/YoQBbcmhthdiM9KvA2ogzJQQLjCkYTcW2/B9SA4DgFsf4jp:7mIPneQWsw2WQ3YTcW2/B8fIp
Score

8^/10

banker collection discovery evasion impact persistence credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Requests cell location
  Uses Android APIs to to get current cell information.
  collection discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2