General
-
Target
Joker.exe
-
Size
649KB
-
Sample
210117-13dmhlbfvs
-
MD5
182f7543c3686426512511c74548e724
-
SHA1
3f114d85370d2014004e06bd7b10ab2ac435b482
-
SHA256
49c578bf49fba965320ea05c3d1c8ef2bf37d3c8943988b50ac72fd6c3d109b7
-
SHA512
3f4fc19e3687b1a4b5cb7719f21b6b51d0f7f29ed82ce51a95c1b18ecd7660391ed116df9ed132f91c10ff639875451d67baa9414721f5b52441d3d905e65e87
Static task
static1
Behavioral task
behavioral1
Sample
Joker.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Joker.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\Desktop\CryptoJoker Recovery Information.txt
1yh3eJjuXwqqXgpu8stnojm148b8d6NFQ
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
theemailtologin@gmail.com - Password:
thepasswordoftheaccount
Extracted
C:\Users\Admin\Desktop\CryptoJoker Recovery Information.txt
1yh3eJjuXwqqXgpu8stnojm148b8d6NFQ
Targets
-
-
Target
Joker.exe
-
Size
649KB
-
MD5
182f7543c3686426512511c74548e724
-
SHA1
3f114d85370d2014004e06bd7b10ab2ac435b482
-
SHA256
49c578bf49fba965320ea05c3d1c8ef2bf37d3c8943988b50ac72fd6c3d109b7
-
SHA512
3f4fc19e3687b1a4b5cb7719f21b6b51d0f7f29ed82ce51a95c1b18ecd7660391ed116df9ed132f91c10ff639875451d67baa9414721f5b52441d3d905e65e87
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-