Overview

overview

10

Static

static

1e96088faf...db.exe

windows7-x64

10

1e96088faf...db.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e96088fafe648ddc1450dbb629706ea99a48999f667e47f0d843f94bfbc24db

  • Size

    798KB

  • Sample

    220919-qtypzsehbk

  • MD5

    abec9291db0fd4f02cd0ed2ad1a4b7ef

  • SHA1

    42594e521b500a78ad64e600abc4b5555f5ffa34

  • SHA256

    1e96088fafe648ddc1450dbb629706ea99a48999f667e47f0d843f94bfbc24db

  • SHA512

    77b3c38246bf4fcd5bca9832bca3e08b1bf9fc380e668afaa9efa1ec9dfa77b4519df0f23bd4a8decab50528f43dcc6c6f0e5363da5af521ada737e921db1392

  • SSDEEP

    24576:IPf1+qa9/TqHS/zuZy7o+oDIaEKKnCUgLcfqqxu+7r:FrdQZy7o+oD0KdxkuYr

Score
10/10
jokerbootkitinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      1e96088fafe648ddc1450dbb629706ea99a48999f667e47f0d843f94bfbc24db

    • Size

      798KB

    • MD5

      abec9291db0fd4f02cd0ed2ad1a4b7ef

    • SHA1

      42594e521b500a78ad64e600abc4b5555f5ffa34

    • SHA256

      1e96088fafe648ddc1450dbb629706ea99a48999f667e47f0d843f94bfbc24db

    • SHA512

      77b3c38246bf4fcd5bca9832bca3e08b1bf9fc380e668afaa9efa1ec9dfa77b4519df0f23bd4a8decab50528f43dcc6c6f0e5363da5af521ada737e921db1392

    • SSDEEP

      24576:IPf1+qa9/TqHS/zuZy7o+oDIaEKKnCUgLcfqqxu+7r:FrdQZy7o+oD0KdxkuYr

    Score
    10/10
    jokerbootkitinfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks