joker | 4c2e12d2945b6c40dc46ebfdd49a53fc9b1d2daefd1dd2eb57799e2ed790d3ec | Triage

Submit
Reports

Overview

overview

Static

static

4c2e12d294...ec.exe

windows7-x64

4c2e12d294...ec.exe

windows10-2004-x64

Sharing

General

Target

4c2e12d2945b6c40dc46ebfdd49a53fc9b1d2daefd1dd2eb57799e2ed790d3ec
Size

164KB
Sample

220919-eyzx3afhb8
MD5

e3b7e6ca34263c011486a1423417ea90
SHA1

b1ed476193a566032aa48beb5e098c4d3f4ec1db
SHA256

4c2e12d2945b6c40dc46ebfdd49a53fc9b1d2daefd1dd2eb57799e2ed790d3ec
SHA512

89d986359b2d5ef94982bc83bf92ecc4ce49e632b3b16e12f6e1153b22a31e74559e24a9675c309d46466aaf04160923d69a5cf7e8a3bc8cdc165d7a3d4bb4ec
SSDEEP

1536:TyZ7DUDBiGSlwERCk5yKR2byvh5eO950yvS6eX8TmS1W6udQc49fDEN+wtBa101v:CHUDsB5tD6X8TmSg6sV49fDw66t

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

4c2e12d2945b6c40dc46ebfdd49a53fc9b1d2daefd1dd2eb57799e2ed790d3ec.exe

Resource

win7-20220812-en

joker evasion infostealer persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

4c2e12d2945b6c40dc46ebfdd49a53fc9b1d2daefd1dd2eb57799e2ed790d3ec.exe

Resource

win10v2004-20220812-en

joker evasion infostealer persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  4c2e12d2945b6c40dc46ebfdd49a53fc9b1d2daefd1dd2eb57799e2ed790d3ec
- Size
  
  164KB
- MD5
  
  e3b7e6ca34263c011486a1423417ea90
- SHA1
  
  b1ed476193a566032aa48beb5e098c4d3f4ec1db
- SHA256
  
  4c2e12d2945b6c40dc46ebfdd49a53fc9b1d2daefd1dd2eb57799e2ed790d3ec
- SHA512
  
  89d986359b2d5ef94982bc83bf92ecc4ce49e632b3b16e12f6e1153b22a31e74559e24a9675c309d46466aaf04160923d69a5cf7e8a3bc8cdc165d7a3d4bb4ec
- SSDEEP
  
  1536:TyZ7DUDBiGSlwERCk5yKR2byvh5eO950yvS6eX8TmS1W6udQc49fDEN+wtBa101v:CHUDsB5tD6X8TmSg6sV49fDw66t
Score

10^/10

joker evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerevasioninfostealerpersistencetrojan

behavioral2

jokerevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy