joker

General

Target

32c25f32973977f55948bcd9896964b98a948ff4a9af600fd0a3cb280993e307
Size

1.2MB
Sample

220919-xm9l8sdcf2
MD5

cfd0e9e4015c96fed70acf25be8d06a9
SHA1

d2f25c364248ba9c4b342ad3417d1ee27c0ec177
SHA256

32c25f32973977f55948bcd9896964b98a948ff4a9af600fd0a3cb280993e307
SHA512

c8215e6dc8de1f8602758a95ae1351cb3d3c54a5d1632664ddb53a8918a6e5191854fd85a7085d43d3d81c8b06f17439ca91e5d1b0ffbfcaef7db827787728bf
SSDEEP

24576:dURcqxQHvxXvKHEVVoAftlYl3J62x7JUi7CbkSk4dlVtefEoY1j+p0IqqU:scwQHvQHEkAzgJ62x77CoSk4dgfE1U0v

Score

10^/10

Malware Config

Extracted

Family

joker

C2

https://yongheng002.oss-cn-hangzhou.aliyuncs.com

https://wtsu6.oss-cn-hangzhou.aliyuncs.com

https://myqs7.oss-cn-shanghai.aliyuncs.com

https://qeuk7.oss-cn-hangzhou.aliyuncs.com

https://sqym9.oss-cn-shenzhen.aliyuncs.com

Targets

- Target
  
  六六辅助免费版1.0/Jsy66.dll
- Size
  
  156KB
- MD5
  
  d401c0a925e0f4a775e53908401182d4
- SHA1
  
  23f0f9cc11a20b38d78b15d9934798f77381ad14
- SHA256
  
  cc7bdf67d938aa2c24d9e01e41aff793045496371ae0df105a83250b77d35225
- SHA512
  
  d771a011701de1261b15b1ef7bc9c27e999e51faf719559d238f0fae23c45321953283276b930c3f6a356df69dabc4a84db7b2967fed8151a40cd458d320188d
- SSDEEP
  
  3072:jxDlLWcsv6rf3gaqDynFycRwfGv0Tkk1H1oxWyBury9NX0r26pGSyj4:jxxLWcsgqDyFycRwxTZoxWybiw
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2
- Target
  
  六六辅助免费版1.0/传奇加速器_小贴士辅助[双挂开法]_66辅助_轻中变战调法 -原创视频在线观看视频下载-56网视频.url
- Size
  
  66B
- MD5
  
  700315508f4b36eba56def8e8ba77d22
- SHA1
  
  dd407612ddea9189eb3a639cc9078ca28fd8dcdf
- SHA256
  
  a63aff424214eebe05de0772bc143f06880e591cc8dacb8480a3364523d3ebae
- SHA512
  
  f113e77be6ed9836693deccc9892a6a113f1f4fd1df643381298794f3900f71d97433c2b2ee1d6d13eec8cbfefec70a16300b5ddd2a2085388a6f50cf862f2c6
Score

1^/10
behavioral3 behavioral4
- Target
  
  六六辅助免费版1.0/六六辅助.exe
- Size
  
  1.2MB
- MD5
  
  fce4812edcfaccbc3bc8053ae2e8bc66
- SHA1
  
  3298b165d077c27d452ff50f4715b399acaa5af1
- SHA256
  
  318737f063c673871de810d81ed6818757d24f0b64e8b470bc571ce377ab64df
- SHA512
  
  5bd854fef0d09e7799e74b0267669d1a707c6db9eccc20eab546681aba842fa400ed94855f31f2925e22a8dbf12355df703822516aa01921f9558a560c894d16
- SSDEEP
  
  24576:O8ccmTY/Yoadge0GHKP+Zf/ErNc1y0s7L7CHk/xlq5B+:R8kgdgexqP8novZn+EZlu
Score

10^/10

joker infostealer themida trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

VMProtect packed file

Themida packer

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6