Overview

overview

10

Static

static

57e84377d7...a7.exe

windows7-x64

8

57e84377d7...a7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57e84377d71a6017828eef007574f31838ff487f5318817668c35a36ee5de9a7

  • Size

    74KB

  • Sample

    220919-aadygabgcr

  • MD5

    2bbe0c466cd442c9d414d015a5d92d31

  • SHA1

    a467af9a966d6d000282a4256ff6d17a7b0247df

  • SHA256

    57e84377d71a6017828eef007574f31838ff487f5318817668c35a36ee5de9a7

  • SHA512

    f079732452fa730ac73acba4fe353a7cba1c235b779c469e4859379690627c24b2618f3108036cfc3c616dd7e9cb6e31bf36a7cf4d35741df30e02a8406f66fa

  • SSDEEP

    1536:wUBCVCilCsiPLIF5C7WLoFSurN6b4PFweJHwt3S/Bd9x57N89h0eb:wUBCCil7CaMWLokHMPy3+Nwb

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      57e84377d71a6017828eef007574f31838ff487f5318817668c35a36ee5de9a7

    • Size

      74KB

    • MD5

      2bbe0c466cd442c9d414d015a5d92d31

    • SHA1

      a467af9a966d6d000282a4256ff6d17a7b0247df

    • SHA256

      57e84377d71a6017828eef007574f31838ff487f5318817668c35a36ee5de9a7

    • SHA512

      f079732452fa730ac73acba4fe353a7cba1c235b779c469e4859379690627c24b2618f3108036cfc3c616dd7e9cb6e31bf36a7cf4d35741df30e02a8406f66fa

    • SSDEEP

      1536:wUBCVCilCsiPLIF5C7WLoFSurN6b4PFweJHwt3S/Bd9x57N89h0eb:wUBCCil7CaMWLokHMPy3+Nwb

    Score
    10/10
    evasionjokerinfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks