Tracking Android/Joker payloads with Medusa, static analysis
I am looking into a new sample of Android/Joker, reported on June 19, 2022 by @ReBensk:
afeb6efad25ed7bf1bc183c19ab5b59ccf799d46e620a5d1257d32669bedff6f
Android/Joker is known for using many payloads: a first payload loads another payload, which loads another one etc. Matryoshka dolls-style 😁. See an analysis of a previous Joker sample. This sample uses many payloads too, but the implementation to load the payloads is a bit different. I’ll detail. Tracking Android/Joker payloads with Medusa, static analysis