Overview

overview

10

Static

static

8

上号器/...��.exe

windows7-x64

10

上号器/...��.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4636c84c774b8e817dc439e1da8a1c3a9bb22c185614ad21574daae039aaf18

  • Size

    5.9MB

  • Sample

    220908-1jsq4afhh6

  • MD5

    b9470798e8a167c89300cab5b8a4a9e5

  • SHA1

    8f0662b54029cddb4e662b5a30a1f73db4a51ea8

  • SHA256

    b4636c84c774b8e817dc439e1da8a1c3a9bb22c185614ad21574daae039aaf18

  • SHA512

    7a07e52303637893532278a6deae7258929972af8ea36faeef23dc3ae26a7186a903c47a868cb2312ffd4a95d403c9109ce1031e4d77b3633ee4483f3e4c7ff2

  • SSDEEP

    98304:mDxQU34Y6+jMI9y5NS784wYBfZynsppagz3+liMPuih3d1Oimr73IR02a6pECOsi:CD3T6+jMj5q8IBYspYgz6PxRd4ie3u0R

Score
10/10
jokerinfostealertrojanvmprotect

Malware Config

Extracted

Family

joker

C2

https://cfdage.oss-cn-beijing.aliyuncs.com

Targets

    • Target

      上号器/上号器.exe

    • Size

      6.0MB

    • MD5

      cd14f9dae4d69b7b1976cc53caa91c46

    • SHA1

      678711b546d421f8060e7716ec89a1cee55a607b

    • SHA256

      dd6b755f56b754ca4cd44389d559fd5155146248e69f1d3294e23763367b6efa

    • SHA512

      066269d8ed32a40d793b5dd999423fa52be9cf4bfcdd0b92e3f249ab8882910b9cab076768befd2e8bb9bdc43cb8f530d5e721e6c478089dac4117b21866c544

    • SSDEEP

      196608:m8K+ET5aFHHFymf/X8AKfjNxHjiw5e6nvNkyPuoEoHV6Q:fK+IaBFtXX8AKfRxHji76nlkymoEoHQQ

    Score
    10/10
    jokerinfostealertrojanvmprotect

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Drops file in Drivers directory

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks