Overview

overview

10

Static

static

0da04b28ba...b6.exe

windows7-x64

10

0da04b28ba...b6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0da04b28bae6ce3c0b62e1c3bda81fa001bf016cdc375eb234ad851cfb6af4b6

  • Size

    57KB

  • Sample

    220919-e1kk6afhh4

  • MD5

    0d78c4a6febf4fec9088291e1e93836a

  • SHA1

    32457a451a63a1d3d95332c82e11b711877bfafd

  • SHA256

    0da04b28bae6ce3c0b62e1c3bda81fa001bf016cdc375eb234ad851cfb6af4b6

  • SHA512

    06912945293172bcee4d80c578e35c20eec0a918894d68e78811ade5a9f8db2d5830ff606328707fe5efc16fbaa5914c74593cdb783cb204a41be608faa71e35

  • SSDEEP

    768:iewE87j9Htl4XseDJRgVacu35yglPZ+BLWS2v6d634vAevTb0gzsg5utVue:DWkXt1EtMQshv6d44IePDIVz

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      0da04b28bae6ce3c0b62e1c3bda81fa001bf016cdc375eb234ad851cfb6af4b6

    • Size

      57KB

    • MD5

      0d78c4a6febf4fec9088291e1e93836a

    • SHA1

      32457a451a63a1d3d95332c82e11b711877bfafd

    • SHA256

      0da04b28bae6ce3c0b62e1c3bda81fa001bf016cdc375eb234ad851cfb6af4b6

    • SHA512

      06912945293172bcee4d80c578e35c20eec0a918894d68e78811ade5a9f8db2d5830ff606328707fe5efc16fbaa5914c74593cdb783cb204a41be608faa71e35

    • SSDEEP

      768:iewE87j9Htl4XseDJRgVacu35yglPZ+BLWS2v6d634vAevTb0gzsg5utVue:DWkXt1EtMQshv6d44IePDIVz

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks