Overview

overview

10

Static

static

8c63bf8ebb...2d.exe

windows7-x64

1

8c63bf8ebb...2d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c63bf8ebbf766912cf4fbc08dd5f005330e0f11d7e5b90e0eaf7b283831e82d

  • Size

    164KB

  • Sample

    220919-ezbxmafhc9

  • MD5

    80d6c71cca93f6d98839528013d873e1

  • SHA1

    44eb1b530010bbcfc09df2d7b40a81fa16a1752d

  • SHA256

    8c63bf8ebbf766912cf4fbc08dd5f005330e0f11d7e5b90e0eaf7b283831e82d

  • SHA512

    f4f4b7d854e2b299c031afff9404af02a747b3a01b9adf718dc77c1ce454d92c49017bb50109bafffe015c7f855789d3c0964796b7d3effe6bc04363bca75f33

  • SSDEEP

    3072:ShF7Du+WxLPt0fyCJBpn5Fu1k42FEmQ/ww:ShF7i+yVkJBpn5sJ2F65

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      8c63bf8ebbf766912cf4fbc08dd5f005330e0f11d7e5b90e0eaf7b283831e82d

    • Size

      164KB

    • MD5

      80d6c71cca93f6d98839528013d873e1

    • SHA1

      44eb1b530010bbcfc09df2d7b40a81fa16a1752d

    • SHA256

      8c63bf8ebbf766912cf4fbc08dd5f005330e0f11d7e5b90e0eaf7b283831e82d

    • SHA512

      f4f4b7d854e2b299c031afff9404af02a747b3a01b9adf718dc77c1ce454d92c49017bb50109bafffe015c7f855789d3c0964796b7d3effe6bc04363bca75f33

    • SSDEEP

      3072:ShF7Du+WxLPt0fyCJBpn5Fu1k42FEmQ/ww:ShF7i+yVkJBpn5sJ2F65

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks