joker | 5c4655b513f7c645a3549966aef30f94ec6ce60ea66f8047920a71a09eb3fab3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8beead19f1...0b.exe

windows7-x64

8beead19f1...0b.exe

windows10-2004-x64

Sharing

General

Target

8beead19f19ceaa357d46eb78b65ad0b
Size

132KB
Sample

220920-ve5l7shebl
MD5

8beead19f19ceaa357d46eb78b65ad0b
SHA1

18dcea4f9e302d4e430b093d2cb516cb765f577d
SHA256

5c4655b513f7c645a3549966aef30f94ec6ce60ea66f8047920a71a09eb3fab3
SHA512

b498e621119f832aa7326731b803c7dabdac5e8b7f40c5ccc06042d87246e4c71399f6c64a8068fdd267b76d8e6a9c1d7d4ba024a2cf251b5510a24254e9d0b8
SSDEEP

3072:81i/NU8bOMYcYYcmy5K/40g3nan3vx9kGSYng76s5YmMOMYcYY51i/NU87:qi/NjO5u//g+UGSYnum3Oai/Nj

Score

10^/10

joker infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

8beead19f19ceaa357d46eb78b65ad0b.exe

Resource

win7-20220812-en

joker infostealer persistence trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

8beead19f19ceaa357d46eb78b65ad0b.exe

Resource

win10v2004-20220812-en

joker infostealer persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  8beead19f19ceaa357d46eb78b65ad0b
- Size
  
  132KB
- MD5
  
  8beead19f19ceaa357d46eb78b65ad0b
- SHA1
  
  18dcea4f9e302d4e430b093d2cb516cb765f577d
- SHA256
  
  5c4655b513f7c645a3549966aef30f94ec6ce60ea66f8047920a71a09eb3fab3
- SHA512
  
  b498e621119f832aa7326731b803c7dabdac5e8b7f40c5ccc06042d87246e4c71399f6c64a8068fdd267b76d8e6a9c1d7d4ba024a2cf251b5510a24254e9d0b8
- SSDEEP
  
  3072:81i/NU8bOMYcYYcmy5K/40g3nan3vx9kGSYng76s5YmMOMYcYY51i/NU87:qi/NjO5u//g+UGSYnum3Oai/Nj
Score

10^/10

joker infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerinfostealerpersistencetrojan

behavioral2

jokerinfostealerpersistencetrojan

© 2018-2025

Terms | Privacy