joker | 791f85acd61443d522c32d8c21e3f447dfcfb50a60ebce3cf026b409df8222a7 | Triage

Submit
Reports

Overview

overview

Static

static

791f85acd6...a7.exe

windows7-x64

791f85acd6...a7.exe

windows10-2004-x64

8

Sharing

General

Target

791f85acd61443d522c32d8c21e3f447dfcfb50a60ebce3cf026b409df8222a7
Size

18KB
Sample

220919-dbq6zahagj
MD5

9eadf7f4b39bb189b8025eacb883fa78
SHA1

5708d5c2e9fc4adc3bb5c0dfaf53785b0708face
SHA256

791f85acd61443d522c32d8c21e3f447dfcfb50a60ebce3cf026b409df8222a7
SHA512

bbd46731e00555163f13cf6997038aaab7b7fa8ed9ffe95a22f0511c26758b8852ab694a8ff8e84a6fdf1b2bbc59b96730068b621804cabb67d84aa3e1d1f6a6
SSDEEP

384:yp8GQKhqticjYNhNoT84bCecusshb1vcWLr2amWvWUEzB1My/:nwhqticooZjcusshBLr2afEt1b

Score

10^/10

joker infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

791f85acd61443d522c32d8c21e3f447dfcfb50a60ebce3cf026b409df8222a7.exe

Resource

win7-20220812-en

joker infostealer persistence trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

791f85acd61443d522c32d8c21e3f447dfcfb50a60ebce3cf026b409df8222a7.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  791f85acd61443d522c32d8c21e3f447dfcfb50a60ebce3cf026b409df8222a7
- Size
  
  18KB
- MD5
  
  9eadf7f4b39bb189b8025eacb883fa78
- SHA1
  
  5708d5c2e9fc4adc3bb5c0dfaf53785b0708face
- SHA256
  
  791f85acd61443d522c32d8c21e3f447dfcfb50a60ebce3cf026b409df8222a7
- SHA512
  
  bbd46731e00555163f13cf6997038aaab7b7fa8ed9ffe95a22f0511c26758b8852ab694a8ff8e84a6fdf1b2bbc59b96730068b621804cabb67d84aa3e1d1f6a6
- SSDEEP
  
  384:yp8GQKhqticjYNhNoT84bCecusshb1vcWLr2amWvWUEzB1My/:nwhqticooZjcusshBLr2afEt1b
Score

10^/10

joker infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerinfostealerpersistencetrojan

behavioral2

© 2018-2025

Terms | Privacy