Overview

overview

10

Static

static

41b8d73634...c4.exe

windows7-x64

10

41b8d73634...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41b8d73634f16f56e3684388a9c1e39b090340774eb3c9cebe3302d317d219c4

  • Size

    57KB

  • Sample

    220919-ey3nyscaak

  • MD5

    619444aaaccb2409893d167eb6fdce91

  • SHA1

    26431fa33a258eea1f5aca88f57a9c5874e18b4a

  • SHA256

    41b8d73634f16f56e3684388a9c1e39b090340774eb3c9cebe3302d317d219c4

  • SHA512

    9feef92dd0c85739e9b54de18190e6847d5219337ec967df139837100a72de97fb8e24b6e01dfab98f4c2725fe267dc0a9ab7c04c149140beb656f116e2a7c0d

  • SSDEEP

    1536:6qF+qJB0ODqnmmmcLLWBPkUZ9vAbOu/Ys5MpmMe4O:RF5J2OGnmmJLtogOu+mMLO

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      41b8d73634f16f56e3684388a9c1e39b090340774eb3c9cebe3302d317d219c4

    • Size

      57KB

    • MD5

      619444aaaccb2409893d167eb6fdce91

    • SHA1

      26431fa33a258eea1f5aca88f57a9c5874e18b4a

    • SHA256

      41b8d73634f16f56e3684388a9c1e39b090340774eb3c9cebe3302d317d219c4

    • SHA512

      9feef92dd0c85739e9b54de18190e6847d5219337ec967df139837100a72de97fb8e24b6e01dfab98f4c2725fe267dc0a9ab7c04c149140beb656f116e2a7c0d

    • SSDEEP

      1536:6qF+qJB0ODqnmmmcLLWBPkUZ9vAbOu/Ys5MpmMe4O:RF5J2OGnmmJLtogOu+mMLO

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks