Overview

overview

10

Static

static

3f2423b591...f8.exe

windows7-x64

10

3f2423b591...f8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f2423b591bd2bd8dba0403f54dc721eabdada0feb4f768c93ce33989b3ca2f8

  • Size

    168KB

  • Sample

    220919-e1fbfacafp

  • MD5

    503fb279c621a20bb9e9eda95be50929

  • SHA1

    59f93e4d8ef0213b5bbb6dfeea5091f6e00e8363

  • SHA256

    3f2423b591bd2bd8dba0403f54dc721eabdada0feb4f768c93ce33989b3ca2f8

  • SHA512

    a04f05e62d8dcd546817d163d1e9420dc6d1ca9cf7312555518ecc2e8dcc6716f128389faf57f29295bdb1e0cdbcfbe2d1e616d18c4da88b0175c464ce928e8c

  • SSDEEP

    1536:KEQivQEwuyv+mMiIAkIxKmQHv51sksMDnHGIAYsMKWqD7WCDYVRazfjnfz+X:nnYLuyv+mMi5kWbWH71AJM3IymYVmD0

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      3f2423b591bd2bd8dba0403f54dc721eabdada0feb4f768c93ce33989b3ca2f8

    • Size

      168KB

    • MD5

      503fb279c621a20bb9e9eda95be50929

    • SHA1

      59f93e4d8ef0213b5bbb6dfeea5091f6e00e8363

    • SHA256

      3f2423b591bd2bd8dba0403f54dc721eabdada0feb4f768c93ce33989b3ca2f8

    • SHA512

      a04f05e62d8dcd546817d163d1e9420dc6d1ca9cf7312555518ecc2e8dcc6716f128389faf57f29295bdb1e0cdbcfbe2d1e616d18c4da88b0175c464ce928e8c

    • SSDEEP

      1536:KEQivQEwuyv+mMiIAkIxKmQHv51sksMDnHGIAYsMKWqD7WCDYVRazfjnfz+X:nnYLuyv+mMi5kWbWH71AJM3IymYVmD0

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks