Overview

overview

10

Static

static

8463e6aa72...f7.exe

windows7-x64

1

8463e6aa72...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8463e6aa7209ff76d4d5d4fca1909bca0645321cd4663b2d335c820bde2c64f7

  • Size

    54KB

  • Sample

    220919-aa7ksabggk

  • MD5

    4d734606f4dbada669170fcb6d263f4f

  • SHA1

    14e715a9efa0e9bcbcbaa7a06d35dc87ffa3c82b

  • SHA256

    8463e6aa7209ff76d4d5d4fca1909bca0645321cd4663b2d335c820bde2c64f7

  • SHA512

    4b44a91717334d49bd244d360cadbee064ebff08772bc96b1b76d2b782e66ee935e7c9ed8801b1ee2dd3ecebdcf6f268cc3710e50a3043d85738a37698ab11ea

  • SSDEEP

    1536:ubC0VUv2FU9hP51w5YgUZM4gf8fLllccIL:u4R9Z51w5YgSM48eocIL

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      8463e6aa7209ff76d4d5d4fca1909bca0645321cd4663b2d335c820bde2c64f7

    • Size

      54KB

    • MD5

      4d734606f4dbada669170fcb6d263f4f

    • SHA1

      14e715a9efa0e9bcbcbaa7a06d35dc87ffa3c82b

    • SHA256

      8463e6aa7209ff76d4d5d4fca1909bca0645321cd4663b2d335c820bde2c64f7

    • SHA512

      4b44a91717334d49bd244d360cadbee064ebff08772bc96b1b76d2b782e66ee935e7c9ed8801b1ee2dd3ecebdcf6f268cc3710e50a3043d85738a37698ab11ea

    • SSDEEP

      1536:ubC0VUv2FU9hP51w5YgUZM4gf8fLllccIL:u4R9Z51w5YgSM48eocIL

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks