joker | ae40d97e1a8a2b3c19ae35cd2d76b2664ceccf564c337eddbc868dec6e3fd681 | Triage

Analysis

max time kernel
123s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2022 09:25

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

284KB
MD5

0eda8d3edb0defad4b33d7e9dae5809e
SHA1

fe8fa55fbdccc5039ad8afe8e7538af247e6ae47
SHA256

ae40d97e1a8a2b3c19ae35cd2d76b2664ceccf564c337eddbc868dec6e3fd681
SHA512

f39e9fd2e147ccf82e021c2e7f922c5b5df54289d057382c39194e6d2deb1775379ea4c07befa1a222bb9d3833f16e4480fb7b10f20edd2de23f6b74457d4c21
SSDEEP

6144:MJ9X9cMrR7jfEsoAs3QX5aklL9y/iJ2Kjvfg5N7vgLoS:SNt7jxX5aGaSBjvfQFvaoS

Score

10^/10

joker infostealer trojan upx

Malware Config

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1884-132-0x0000000000400000-0x00000000004B8000-memory.dmp	upx
behavioral2/memory/1884-133-0x0000000000400000-0x00000000004B8000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1884	tmp.exe
1884	tmp.exe
1884	tmp.exe
1884	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-132-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/1884-133-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download