joker | 8af58a68e28acf0d9ec0fc23e7987d02f27483f205d9ae9ffbf1585efb3c8e8a | Triage

Submit
Reports

Overview

overview

Static

static

8af58a68e2...8a.exe

windows7-x64

1

8af58a68e2...8a.exe

windows10-2004-x64

Sharing

General

Target

8af58a68e28acf0d9ec0fc23e7987d02f27483f205d9ae9ffbf1585efb3c8e8a
Size

54KB
Sample

220919-abdzvsbggr
MD5

34465507ec320bfb232633648ab42022
SHA1

0420fe927bbeb3b7664ec65ad216dd60a28a60e2
SHA256

8af58a68e28acf0d9ec0fc23e7987d02f27483f205d9ae9ffbf1585efb3c8e8a
SHA512

304ad0e5d3103f290dc7e26810a573479615d787a620ea01ce9f1ea2045e9b379ab2383a2100889711f9498629c62dff3fd12a18caad39b87e82a645e256ed61
SSDEEP

768:yeJV08uVsgHgUDpiCqFYVO+1WlC1uxEtYk9cPWfuQdiHIWrwnvXv0wWo:LaCQDDpiC4uO+1lcytyPWfutwnEwWo

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

8af58a68e28acf0d9ec0fc23e7987d02f27483f205d9ae9ffbf1585efb3c8e8a.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

8af58a68e28acf0d9ec0fc23e7987d02f27483f205d9ae9ffbf1585efb3c8e8a.exe

Resource

win10v2004-20220812-en

joker evasion infostealer persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  8af58a68e28acf0d9ec0fc23e7987d02f27483f205d9ae9ffbf1585efb3c8e8a
- Size
  
  54KB
- MD5
  
  34465507ec320bfb232633648ab42022
- SHA1
  
  0420fe927bbeb3b7664ec65ad216dd60a28a60e2
- SHA256
  
  8af58a68e28acf0d9ec0fc23e7987d02f27483f205d9ae9ffbf1585efb3c8e8a
- SHA512
  
  304ad0e5d3103f290dc7e26810a573479615d787a620ea01ce9f1ea2045e9b379ab2383a2100889711f9498629c62dff3fd12a18caad39b87e82a645e256ed61
- SSDEEP
  
  768:yeJV08uVsgHgUDpiCqFYVO+1WlC1uxEtYk9cPWfuQdiHIWrwnvXv0wWo:LaCQDDpiC4uO+1lcytyPWfutwnEwWo
Score

10^/10

joker evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

jokerevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy