Overview

overview

10

Static

static

3bc64ea4c5...52.exe

windows7-x64

8

3bc64ea4c5...52.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3bc64ea4c5dafc8152715efa70b1fb3087b5d60f0c99f4ecc4bda2bd73920752

  • Size

    164KB

  • Sample

    220919-e1gjhacafq

  • MD5

    c37ec8d508bf50f77320b6882a2ea991

  • SHA1

    665142591482ddc27df2ad94eb9954675b07fea9

  • SHA256

    3bc64ea4c5dafc8152715efa70b1fb3087b5d60f0c99f4ecc4bda2bd73920752

  • SHA512

    356fabd61cbce606f7f06b004f206d859bd6e983f857f404d713f3e1ab1e152925bc6e9e20c4e09d8d3d6dbbfedbbfad6bb1344b610067fafd9480f170a0c660

  • SSDEEP

    1536:/+ZKzEorr7NZCfkH/wUyhpGFCKZUPfm2kmk4txZhwOkS2KoF6goYxz7J+g:7YoDLCHUANKWfqmXXQIgogzJ

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      3bc64ea4c5dafc8152715efa70b1fb3087b5d60f0c99f4ecc4bda2bd73920752

    • Size

      164KB

    • MD5

      c37ec8d508bf50f77320b6882a2ea991

    • SHA1

      665142591482ddc27df2ad94eb9954675b07fea9

    • SHA256

      3bc64ea4c5dafc8152715efa70b1fb3087b5d60f0c99f4ecc4bda2bd73920752

    • SHA512

      356fabd61cbce606f7f06b004f206d859bd6e983f857f404d713f3e1ab1e152925bc6e9e20c4e09d8d3d6dbbfedbbfad6bb1344b610067fafd9480f170a0c660

    • SSDEEP

      1536:/+ZKzEorr7NZCfkH/wUyhpGFCKZUPfm2kmk4txZhwOkS2KoF6goYxz7J+g:7YoDLCHUANKWfqmXXQIgogzJ

    Score
    10/10
    evasionpersistencejokerinfostealertrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks