Overview

overview

10

Static

static

b897b6b0ab...c0.exe

windows7-x64

10

b897b6b0ab...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b897b6b0ab04f40c82baee47e302a5201adb0efe6a70131f57f0c9bc023f3cc0

  • Size

    58KB

  • Sample

    220919-aake9afhd8

  • MD5

    3d03d06498147d9797b194483343e7bc

  • SHA1

    82a6fc72b53a6172552f5652eeff3978193c4bd5

  • SHA256

    b897b6b0ab04f40c82baee47e302a5201adb0efe6a70131f57f0c9bc023f3cc0

  • SHA512

    dfb51b709a006baf3da587c681c93cbc94802aa0e47daae3ce5ecb97c4a9a7296527528335482b05cfbcc278b5f5651e10179dc9ef3a913015f3cd102370e84c

  • SSDEEP

    768:61tCn/5uXkmSAV+HIJVtGTdLbRbMlvgIMYToQFTZJK536KQyi/7cgqT:WqoX8AV+otOdfIgIMYToQF9JKl3iTcgq

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      b897b6b0ab04f40c82baee47e302a5201adb0efe6a70131f57f0c9bc023f3cc0

    • Size

      58KB

    • MD5

      3d03d06498147d9797b194483343e7bc

    • SHA1

      82a6fc72b53a6172552f5652eeff3978193c4bd5

    • SHA256

      b897b6b0ab04f40c82baee47e302a5201adb0efe6a70131f57f0c9bc023f3cc0

    • SHA512

      dfb51b709a006baf3da587c681c93cbc94802aa0e47daae3ce5ecb97c4a9a7296527528335482b05cfbcc278b5f5651e10179dc9ef3a913015f3cd102370e84c

    • SSDEEP

      768:61tCn/5uXkmSAV+HIJVtGTdLbRbMlvgIMYToQFTZJK536KQyi/7cgqT:WqoX8AV+otOdfIgIMYToQF9JKl3iTcgq

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks