joker | 382877d2ea21925cfc3848ead8856e65cf5d35a02b798cd6911c6160bfdbb141 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

382877d2ea...41.exe

windows7-x64

382877d2ea...41.exe

windows10-2004-x64

Sharing

General

Target

382877d2ea21925cfc3848ead8856e65cf5d35a02b798cd6911c6160bfdbb141
Size

764KB
Sample

220919-qtxgxsbad6
MD5

88c4e1a1d9f9118acc9c3579e4f7b663
SHA1

b3aec4198939bfd6b351fb47a5c5698dc1a5cec1
SHA256

382877d2ea21925cfc3848ead8856e65cf5d35a02b798cd6911c6160bfdbb141
SHA512

71031a7c7c5669114594c8cbff0f518735bacdac61793a4d8875762dc5eac9c49239ff8fbc48d41743319227b8e10d5ea027b7a7bb90fd625a20aedb84c5afd5
SSDEEP

12288:lmxdDo+PWNKGA9MSTaTHM6Wxxn7Jn2saxb5R50WMPZqxG598/LWG10ayy4RJRSwF:lsh1PWEPaTTWxxn52sapSBR159iWG19g

Score

10^/10

joker discovery infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

382877d2ea21925cfc3848ead8856e65cf5d35a02b798cd6911c6160bfdbb141.exe

Resource

win7-20220812-en

joker discovery infostealer trojan

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

382877d2ea21925cfc3848ead8856e65cf5d35a02b798cd6911c6160bfdbb141.exe

Resource

win10v2004-20220812-en

joker discovery infostealer persistence trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  382877d2ea21925cfc3848ead8856e65cf5d35a02b798cd6911c6160bfdbb141
- Size
  
  764KB
- MD5
  
  88c4e1a1d9f9118acc9c3579e4f7b663
- SHA1
  
  b3aec4198939bfd6b351fb47a5c5698dc1a5cec1
- SHA256
  
  382877d2ea21925cfc3848ead8856e65cf5d35a02b798cd6911c6160bfdbb141
- SHA512
  
  71031a7c7c5669114594c8cbff0f518735bacdac61793a4d8875762dc5eac9c49239ff8fbc48d41743319227b8e10d5ea027b7a7bb90fd625a20aedb84c5afd5
- SSDEEP
  
  12288:lmxdDo+PWNKGA9MSTaTHM6Wxxn7Jn2saxb5R50WMPZqxG598/LWG10ayy4RJRSwF:lsh1PWEPaTTWxxn52sapSBR159iWG19g
Score

10^/10

joker discovery infostealer trojan persistence
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerdiscoveryinfostealertrojan

behavioral2

jokerdiscoveryinfostealerpersistencetrojan

© 2018-2025

Terms | Privacy