Overview

overview

10

Static

static

10

38ac5c33f2...d4.apk

android-9-x86

8

38ac5c33f2...d4.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38ac5c33f29c4b564622c00e8d736f589ad8143ab3ef7dfce7fc2948209346d4

  • Size

    10.8MB

  • Sample

    240523-jl2ckshg76

  • MD5

    6a38f9bca6eb67d89d9185659fb44fc3

  • SHA1

    d0a07bd63a26f648fbec8b88c66965cda34e9c07

  • SHA256

    38ac5c33f29c4b564622c00e8d736f589ad8143ab3ef7dfce7fc2948209346d4

  • SHA512

    ebe9868eae3c99b1b5363128b26daaa69fc5a1a3a102606862086249da89b4b286c1b3a41dcb0d774dc4d50d3cef2f1f098b2aecdf22f10a9fb4f8574381eff7

  • SSDEEP

    196608:0GmIP11/YoQBbcmhthdiM9KvA2ogzJQQLjCkYTcW2/B9SA4DgFsf4jp:7mIPneQWsw2WQ3YTcW2/B8fIp

Score
10/10
jokerandroidbankercollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Extracted

Family

joker

C2

http://ask.dcloud.net.cn/article/285

http://ofloc.map.baidu.com/offline_loc

http://open.weixin.qq.com/connect/sdk/qrconnect?appid=%s&noncestr=%s&timestamp=%s&scope=%s&signature=%s

Targets

    • Target

      38ac5c33f29c4b564622c00e8d736f589ad8143ab3ef7dfce7fc2948209346d4

    • Size

      10.8MB

    • MD5

      6a38f9bca6eb67d89d9185659fb44fc3

    • SHA1

      d0a07bd63a26f648fbec8b88c66965cda34e9c07

    • SHA256

      38ac5c33f29c4b564622c00e8d736f589ad8143ab3ef7dfce7fc2948209346d4

    • SHA512

      ebe9868eae3c99b1b5363128b26daaa69fc5a1a3a102606862086249da89b4b286c1b3a41dcb0d774dc4d50d3cef2f1f098b2aecdf22f10a9fb4f8574381eff7

    • SSDEEP

      196608:0GmIP11/YoQBbcmhthdiM9KvA2ogzJQQLjCkYTcW2/B9SA4DgFsf4jp:7mIPneQWsw2WQ3YTcW2/B8fIp

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistencecredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks