Request a Demo
Rewterz
Rewterz Threat Alert – Trickbot Malware- Active IOCs
April 12, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-29302 – TP-Link TL-WR802N and Archer_C50v5_US devices buffer overflow
April 13, 2021

Rewterz Threat Alert – Joker Malware Variant Found in Google Play

Severity

Medium

Analysis Summary

Joker is a malicious code as a system app and allows attackers to perform a broad range of malicious operations, including damage the Google Play Protect service, install malicious apps, generate fake reviews. spyware successfully steal data of SMS messaging, contact list. Upon downloading and executing the apparently harmless apps, they worked as users would have expected to avoid raising suspicion. To pass the Google checks on apps, the author of Joker basically used an obfuscation technique to hide its malicious code in the application as Base64 encoded strings. Once the malware is executed it connects to the C&C server to receive the necessary configuration and download and launch one of the additional components. The example shown in researchers report is an app for providing images of flowers to use as wallpaper.

Impact

  • Information theft
  • Exposure of sensitive information

Indicators of Compromise

MD5

  • 9e002e7ae6affb9884525460829f67f6
  • 3563ba38e91b7cbc0881c658fcfc5c39
  • a29a7defb272e28ee46dd98ea54f72da
  • b371156bf3d2f009d8e9eb4c212c4669
  • 49e0c708c9f3eee0bcfb4c3bf01730c3
  • 94897962d82e1bd91c1a5dda8738a06a
  • c053b986cd6ef5900aeaa8a7ddd2bc1b
  • 72751e41f35487424249cd7373418076
  • 7408a9d7b3dafae98184d5637769d88d
  • 59371990093b2abd21857a56bc054b29

SHA-256

  • 83ae26ab92cb5cc07a5216e1f537d22ca861703e91b8b155dfb9e8340e4dce9f
  • ebb35e5de3f64c7abea33e70f9af1299fe2505b992a00e3836a54eeb320a4532
  • 4c1c7a7ce82cbfd8a137fdeaf0ad082b6c625a6f29d1aa899f8cec4e45f9ccb8
  • a439747209282f8c3e7df8675c9f65727039e96410d2522e7559ae7effaa7f81
  • e7c7dd13997a470d8eee79b6f12949d19e5cae9b5dbf0a57694eeaa818e3f8dd
  • 314de858ed8d816213020c71ef78a8c4616bac91a171349b703e44747832fca3
  • bec337e7bf5fbd3cdd7afcae1fe977402594c8db8eb12b98d018a7da5eee1613
  • 13b91058c2f4dcf2d4b715fb0f5a5315adf414879e275a2d0610d62f71b70700
  • dd01578a84145d6348ae53e0155ce814002b5d64b742640ded8de3b037e5812c
  • ac7020cb73b45076937ee1a6a38f4ab7a1e995e96dcff4eeb1f6585a4b4801de

SHA1

  • 2349b2c0238dcc52e072500ea402128de0a216cf
  • 0cfb4dd79fcfda7ecfcab7fd238f9f73ab8543d8
  • 443c73e1ee2cc7c9301ac4dfe14411762689baf5
  • ddebecf001fd0c7ce03bf4a3eb7b6abe779f0d2d
  • f1b49a444f554bb942fd8f5a9ff2a212d8db6247
  • 9dcc00513144612fdfcdb57278b2a54654b996ec
  • 3950c89eb27c973dce8c1c0ea3ae30baa0f7544e
  • 9d2337047ca59d1375c898cf7d0361fe56c3576c
  • 57148c6e040fb15723e5ca040740ae8901fd2dae
  • fb184efe017debc57eba118ab7aee17fd946e1ec

Remediation

  • Block all threat indicators at your respective controls. 
  • Always download recommended/ legitimate applications from playstore.