joker | 0f20af4a90fb5070fc602682a6117dd787d7d5a96a2645528b4fada310de06b7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Goby_Red_T...lop.7z

windows10-2004-x64

3

goby-win-x...by.exe

windows10-2004-x64

Sharing

General

Target

Goby_Red_Team_2.0.5_crack_by_hlop.7z
Size

118.3MB
Sample

220921-ef69esaebq
MD5

5aaf46451cdc6bca8db526bf76484026
SHA1

592bdfdf9f49e9fc2d2267aac08b80937d40f510
SHA256

0f20af4a90fb5070fc602682a6117dd787d7d5a96a2645528b4fada310de06b7
SHA512

3e28ac7eb716c3d2d49dd3d0cc9e7dc2f5e114872b408f8a945a6c3f72665831a1fed122c007d43c03f934288cc79e7fa350fd4590f3adcefad75ce26a98ceef
SSDEEP

3145728:u9cbifXK5iVux/hmPMVa5VjD7nmW8xK+b7Y2xiuI6ghKLGj:Wcbif65iVux/hwMSDCWgnHzxiuI6ghr

Score

10^/10

joker discovery infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Goby_Red_Team_2.0.5_crack_by_hlop.7z

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

300 seconds

Behavioral task

behavioral2

Sample

goby-win-x64-2.0.5-redteam-cracked_by_hlop/Goby.exe

Resource

win10v2004-20220812-en

joker discovery infostealer persistence trojan

windows10-2004-x64

29 signatures

300 seconds

Malware Config

Targets

- Target
  
  Goby_Red_Team_2.0.5_crack_by_hlop.7z
- Size
  
  118.3MB
- MD5
  
  5aaf46451cdc6bca8db526bf76484026
- SHA1
  
  592bdfdf9f49e9fc2d2267aac08b80937d40f510
- SHA256
  
  0f20af4a90fb5070fc602682a6117dd787d7d5a96a2645528b4fada310de06b7
- SHA512
  
  3e28ac7eb716c3d2d49dd3d0cc9e7dc2f5e114872b408f8a945a6c3f72665831a1fed122c007d43c03f934288cc79e7fa350fd4590f3adcefad75ce26a98ceef
- SSDEEP
  
  3145728:u9cbifXK5iVux/hmPMVa5VjD7nmW8xK+b7Y2xiuI6ghKLGj:Wcbif65iVux/hwMSDCWgnHzxiuI6ghr
Score

3^/10
behavioral1
- Target
  
  goby-win-x64-2.0.5-redteam-cracked_by_hlop/Goby.exe
- Size
  
  133.2MB
- MD5
  
  27bd09efcf2746a98312f507d6d96f7e
- SHA1
  
  ae156478009b0c89ac132af3d63249c85cf2ce17
- SHA256
  
  ae12cfdb41c3dc3fc383ce5e4e2856b28cd8dee6352b047b9981b1dd51e55ce1
- SHA512
  
  6bb6823809cc407aa99f53a3d5acfe5bc8ce7503fbe87bfd5dee8349dc2679562c10ea9913c48cc9865c7320df8a7424d3abac7131462247750030e12bded3e6
- SSDEEP
  
  786432:vdWnQaBaRvHGYJKQSXPz9T/G2nXpf/EtBfamfrpcvFBJFoF2PScuNWqW:VxTRvHF8QS/z9zGud/ET3fcCWq
Score

10^/10

joker discovery infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

jokerdiscoveryinfostealerpersistencetrojan

© 2018-2025

Terms | Privacy