joker | bf45c5b165a99ecd4463ce27d673cd4e7bfe415d5e146ace2c8f994ad1a96005 | Triage

Submit
Reports

Overview

overview

Static

static

bf45c5b165...05.exe

windows7-x64

bf45c5b165...05.exe

windows10-2004-x64

8

Sharing

General

Target

bf45c5b165a99ecd4463ce27d673cd4e7bfe415d5e146ace2c8f994ad1a96005
Size

57KB
Sample

220919-eywweafhb5
MD5

239683ff8cb34cb0381a9c2eb89fe835
SHA1

0c3d320882d7d57293df2da306c80a5b5eb6329c
SHA256

bf45c5b165a99ecd4463ce27d673cd4e7bfe415d5e146ace2c8f994ad1a96005
SHA512

083f33d705387e202f4d67677d49fcc19dac582d0be32a60c0ea025389241727b8a729b8aab2abf5a2bd4b50b389efaea32ca090b7e70238ce19adf13611ea1b
SSDEEP

1536:tQFeA65V6qWR0AMIAoUR+e3KOX4CflF+ccFBRQ:tvHr6n0Z/3ToCflF+JFHQ

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

bf45c5b165a99ecd4463ce27d673cd4e7bfe415d5e146ace2c8f994ad1a96005.exe

Resource

win7-20220901-en

joker evasion infostealer persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

bf45c5b165a99ecd4463ce27d673cd4e7bfe415d5e146ace2c8f994ad1a96005.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  bf45c5b165a99ecd4463ce27d673cd4e7bfe415d5e146ace2c8f994ad1a96005
- Size
  
  57KB
- MD5
  
  239683ff8cb34cb0381a9c2eb89fe835
- SHA1
  
  0c3d320882d7d57293df2da306c80a5b5eb6329c
- SHA256
  
  bf45c5b165a99ecd4463ce27d673cd4e7bfe415d5e146ace2c8f994ad1a96005
- SHA512
  
  083f33d705387e202f4d67677d49fcc19dac582d0be32a60c0ea025389241727b8a729b8aab2abf5a2bd4b50b389efaea32ca090b7e70238ce19adf13611ea1b
- SSDEEP
  
  1536:tQFeA65V6qWR0AMIAoUR+e3KOX4CflF+ccFBRQ:tvHr6n0Z/3ToCflF+JFHQ
Score

10^/10

joker evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerevasioninfostealerpersistencetrojan

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy