Overview

overview

10

Static

static

cfad669e9b...4f.exe

windows7-x64

1

cfad669e9b...4f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfad669e9b339fe0f4361e4565e9e4120c3da48a40b3553296b40c00bccd2e4f

  • Size

    57KB

  • Sample

    220919-ey932acabj

  • MD5

    2394a9802df2ca41ed6b930106a03177

  • SHA1

    f462bba05cf4103252891b1a80da81399fb83302

  • SHA256

    cfad669e9b339fe0f4361e4565e9e4120c3da48a40b3553296b40c00bccd2e4f

  • SHA512

    59c922cf8d15978206b63bd44fd5ee7a470bf6aba05ad034c28e31d1cc9635750268ce40d4fb227437571c48ed90b4df2ce8dadad8dc4e431880f72fc0d903ed

  • SSDEEP

    1536:bsPjsxbfdYfVnN2FeUnY0VqcyJcgSrTkKCyYceAx6O9Qev0wp:bsmTCVnN2UYYyqcA0TNMAxFQRwp

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      cfad669e9b339fe0f4361e4565e9e4120c3da48a40b3553296b40c00bccd2e4f

    • Size

      57KB

    • MD5

      2394a9802df2ca41ed6b930106a03177

    • SHA1

      f462bba05cf4103252891b1a80da81399fb83302

    • SHA256

      cfad669e9b339fe0f4361e4565e9e4120c3da48a40b3553296b40c00bccd2e4f

    • SHA512

      59c922cf8d15978206b63bd44fd5ee7a470bf6aba05ad034c28e31d1cc9635750268ce40d4fb227437571c48ed90b4df2ce8dadad8dc4e431880f72fc0d903ed

    • SSDEEP

      1536:bsPjsxbfdYfVnN2FeUnY0VqcyJcgSrTkKCyYceAx6O9Qev0wp:bsmTCVnN2UYYyqcA0TNMAxFQRwp

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks