joker | f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd | Triage

Submit
Reports

Overview

overview

Static

static

f01423868e...fd.dll

windows7-x64

f01423868e...fd.dll

windows10-2004-x64

Sharing

General

Target

f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd
Size

441KB
Sample

220913-k326wafbe5
MD5

28b46ec57a5718f69d3d4f6be0734bff
SHA1

33f3969772bb028973142b53df2ab4bf665cc9f8
SHA256

f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd
SHA512

da054bf34e54fb89fb280ce32966b21c37563231b3e23d9c92e38ae2b524fedd799ebb6ec4cba4b110ad90738f085cae7349fdfd6591b39f1f78fa14ef887456
SSDEEP

12288:ivk20fZkckJ+bFw3qlne22jdMuYeqWuC7kqL:sP0fZ+Juln5AMuk

Score

10^/10

joker purplefox infostealer rootkit trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd.dll

Resource

win7-20220901-en

joker purplefox infostealer rootkit trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd.dll

Resource

win10v2004-20220812-en

joker infostealer trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

joker

C2

https://feichina.oss-cn-hongkong.aliyuncs.com

Targets

- Target
  
  f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd
- Size
  
  441KB
- MD5
  
  28b46ec57a5718f69d3d4f6be0734bff
- SHA1
  
  33f3969772bb028973142b53df2ab4bf665cc9f8
- SHA256
  
  f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd
- SHA512
  
  da054bf34e54fb89fb280ce32966b21c37563231b3e23d9c92e38ae2b524fedd799ebb6ec4cba4b110ad90738f085cae7349fdfd6591b39f1f78fa14ef887456
- SSDEEP
  
  12288:ivk20fZkckJ+bFw3qlne22jdMuYeqWuC7kqL:sP0fZ+Juln5AMuk
Score

10^/10

joker purplefox infostealer rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

jokerpurplefoxinfostealerrootkittrojan

behavioral2

jokerinfostealertrojan

© 2018-2024

Terms | Privacy