joker

General

Target

9d77877a6ca2fcb1f906206306f65fb808c6fe5a41f7710f9e21bbbe6109daf8
Size

1.8MB
Sample

220919-esm2babfdp
MD5

a9b65941b1e2699990eeb88578cbada0
SHA1

4ed5e25d2331b91ae24a4264fcda9fe3e284c3cb
SHA256

9d77877a6ca2fcb1f906206306f65fb808c6fe5a41f7710f9e21bbbe6109daf8
SHA512

ea48fefad256404a1921a666a3c8f56abfa4f4dec652d249a973d2c2a33962661749cc511638ffa830d4121b4686a95e8baa515a38c216fcae2a6a71e213b4e9
SSDEEP

49152:qVoLi7328VWH/qHfQqcvzQKrmwUh0HWqZ:qVoLiTDxY4T01Z

Score

10^/10

Malware Config

Targets

- Target
  
  wg.dat
- Size
  
  1.8MB
- MD5
  
  5017e4642ffb6fed42235d37fab16273
- SHA1
  
  91a00dfa17737092c79cce3002f6d428c4b47ed2
- SHA256
  
  4b8bc86b3ba5dd3fb7ad3ca3f3f3e62af0e13679c3eb8cd630d36b03eabf7f6b
- SHA512
  
  71dcb7efee14707a70e32c11d40b798b8a70f17b81548b52f67213bf2767d1d6deba570ef9b2668bc26c362964c9f5364af8ad88593e6d001627a0f83e28e058
- SSDEEP
  
  49152:GZp4kJNahggTdaVS8wzZrhyL7Y6Xl55PA8DXl5IkyjGY:GZ+gMhfdaVS8otyw6r5PpDV5Iky3
Score

10^/10

joker aspackv2 evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  炫舞助手抽奖挂3.0.9-B秒抽版.exe
- Size
  
  32KB
- MD5
  
  919ff2f4140ec176c7e601bc1628fd90
- SHA1
  
  e62c286586952335be84ee874e968ffb00c262c6
- SHA256
  
  c9d04a8514692f3451d4e9c04ecf04ec7e4dd408274cd5dab6f42a679ac6dee9
- SHA512
  
  8ef647fd456903403bf7d24d80f2abebad040aa823792e01a0d5c802e1e15406715dc5c7a61cda9d02dcac0c3967690e4ddf678be50f19d6bf995a8e811edf53
- SSDEEP
  
  384:s85ujj+jr85eEVPBytTlN1M+YCuQcPP4YBAmqZP4YBAmq8k:stjyjw5eEVPstTlzM+YnQcl+/+8k
Score

10^/10

joker aspackv2 evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4