joker | 32e8c546a41fa3d40e9b0b96939057987f1960b48c9e7c682b723277997ae84d | Triage

Sharing

General

Target

32e8c546a41fa3d40e9b0b96939057987f1960b48c9e7c682b723277997ae84d
Size

985KB
Sample

220919-h26rkadga5
MD5

4b1d3f699476f6185e12bd8d46317d8e
SHA1

0cdc8a594af2d8289388e71d5271a8576e448f6f
SHA256

32e8c546a41fa3d40e9b0b96939057987f1960b48c9e7c682b723277997ae84d
SHA512

ccc0080fd664547c2299b6b01c38aef442a3d150a420aa6a6cb1aaae77c0f7f2c389152d3cfc627f91e7a320a58973fe7050ac732ac64e054ee266c271c282b2
SSDEEP

24576:LpSlf2f0qufRhXQB2Gz/VB/VcYayYmAc7qf:t++f0qiRhXQF7VBNZgJ

Score

10^/10

joker evasion infostealer trojan

Malware Config

Targets

- Target
  
  cfwoniu/CF蜗牛透视0909.exe
- Size
  
  1016KB
- MD5
  
  52bb4df9e091a7a0c27e62481966f181
- SHA1
  
  162e48b79867bcd49906116daea00d218dd7dced
- SHA256
  
  eda75b14cdf6e9ade722437c6eed06ed38b64103cc132a7852c835e8f0393266
- SHA512
  
  73e1adb93add7a207d662129621bf1d867f3a6acca02ceec791a6ef68c72c6dbde151e25d1ac1b2f49903164d3ff8ea73d4b2555f29adc15d958bb34e77b1866
- SSDEEP
  
  24576:MhjbAhMR07WEC3cPIxsRibbDQJMmkcUnh07PkW934F/Z:MhXAoIWdyIxiijQic9y
Score

10^/10

joker evasion infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  cfwoniu/检查更新.url
- Size
  
  475B
- MD5
  
  1290822fa30e4b1a7ed1f1ec59af47ff
- SHA1
  
  404b0b6eb759b57568c1e3bbda4ad514375e4c42
- SHA256
  
  ba09d1ee4b9b95f433aec1e0603faa5ea2b326c4880c5c01de7da4b08f06a921
- SHA512
  
  e3e6267f4329cb38ca5054ad30c4893d9d68817cc224df3378f0efb1cb7acbbf6ebb6909f1cd50cae6a52dfc674f8a08b71fd1b63120502eb7d1d40795e26168
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerevasioninfostealertrojan

behavioral2

behavioral3

behavioral4