Overview

overview

10

Static

static

10

f01423868e...fd.dll

windows7-x64

10

f01423868e...fd.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-09-2022 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd.dll

  • Size

    441KB

  • MD5

    28b46ec57a5718f69d3d4f6be0734bff

  • SHA1

    33f3969772bb028973142b53df2ab4bf665cc9f8

  • SHA256

    f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd

  • SHA512

    da054bf34e54fb89fb280ce32966b21c37563231b3e23d9c92e38ae2b524fedd799ebb6ec4cba4b110ad90738f085cae7349fdfd6591b39f1f78fa14ef887456

  • SSDEEP

    12288:ivk20fZkckJ+bFw3qlne22jdMuYeqWuC7kqL:sP0fZ+Juln5AMuk

Score
10/10
jokerinfostealertrojan

Malware Config

Signatures

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker
  • Blocklisted process makes network request 1 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4308
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious use of WriteProcessMemory
      PID:3292
      • C:\Users\Public\server.exe
        C:\Users\Public\server.exe
        3⤵
        • Executes dropped EXE
        PID:3892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\server.exe
    Filesize

    2.7MB

    MD5

    10e8774916d82a34156e1d0ed8bd7c5d

    SHA1

    835929854ac44529ef68788e55a68ec7c00a81f9

    SHA256

    a95b756fe3ec40a51a9e1b15e1fdfcc34d3c1c50d0b0d35bce19abab2239cfa8

    SHA512

    f01ab5f7483915305f8c182643d39b087c0c1a6c5ef97015fb67176e980c0754a490492d3295a598ff56f82354963ed8ec80f933ac6404dcf4b0b88cfd36905e

    Download Submit
  • C:\Users\Public\server.exe
    Filesize

    2.7MB

    MD5

    10e8774916d82a34156e1d0ed8bd7c5d

    SHA1

    835929854ac44529ef68788e55a68ec7c00a81f9

    SHA256

    a95b756fe3ec40a51a9e1b15e1fdfcc34d3c1c50d0b0d35bce19abab2239cfa8

    SHA512

    f01ab5f7483915305f8c182643d39b087c0c1a6c5ef97015fb67176e980c0754a490492d3295a598ff56f82354963ed8ec80f933ac6404dcf4b0b88cfd36905e

    Download Submit
  • memory/3292-132-0x0000000000000000-mapping.dmp
    Download
  • memory/3892-133-0x0000000000000000-mapping.dmp
    Download