joker | 1634cd31bc5c8b50aa4efe86d8c5611cc15d2f6d7e9a4441d059189e1efd1cf5 | Triage

Submit
Reports

Overview

overview

Static

static

4cf13e6374...ca.exe

windows7-x64

4cf13e6374...ca.exe

windows10-2004-x64

Sharing

General

Target

4cf13e6374b590864851a7d078c6c0ca
Size

132KB
Sample

220920-vegkdaheap
MD5

4cf13e6374b590864851a7d078c6c0ca
SHA1

7af06765aa146779df01a40dfa95eb666237205c
SHA256

1634cd31bc5c8b50aa4efe86d8c5611cc15d2f6d7e9a4441d059189e1efd1cf5
SHA512

06b6f67f054976d19b6dee7e6d6fb5181dd79450f10becf33e58251a482c1be969f6207138d8a8800ec80b827030b98da233628b42873d9993ca56f113f35c93
SSDEEP

3072:z1i/NU8bOMYcYYcmy5K/40g3nan3vx9kGSYng76s5YmMOMYcYY51i/NU8m:Bi/NjO5u//g+UGSYnum3Oai/Nu

Score

10^/10

joker infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

4cf13e6374b590864851a7d078c6c0ca.exe

Resource

win7-20220812-en

joker infostealer persistence trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

4cf13e6374b590864851a7d078c6c0ca.exe

Resource

win10v2004-20220812-en

joker infostealer persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  4cf13e6374b590864851a7d078c6c0ca
- Size
  
  132KB
- MD5
  
  4cf13e6374b590864851a7d078c6c0ca
- SHA1
  
  7af06765aa146779df01a40dfa95eb666237205c
- SHA256
  
  1634cd31bc5c8b50aa4efe86d8c5611cc15d2f6d7e9a4441d059189e1efd1cf5
- SHA512
  
  06b6f67f054976d19b6dee7e6d6fb5181dd79450f10becf33e58251a482c1be969f6207138d8a8800ec80b827030b98da233628b42873d9993ca56f113f35c93
- SSDEEP
  
  3072:z1i/NU8bOMYcYYcmy5K/40g3nan3vx9kGSYng76s5YmMOMYcYY51i/NU8m:Bi/NjO5u//g+UGSYnum3Oai/Nu
Score

10^/10

joker infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerinfostealerpersistencetrojan

behavioral2

jokerinfostealerpersistencetrojan

© 2018-2025

Terms | Privacy