Extracted

• • Target

    bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63

  • Size

    31KB

  • MD5

    6f855b0dcaf12e609058030cedf4c030

  • SHA1

    58a5630e99669bc1b35e55dcb7ed5d104f60b905

  • SHA256

    bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63

  • SHA512

    be69cee35355589582665a96a941d77ea00f35bacd2e982c35cf4d7a48b418fb1319c81a3bad341834fdb5b54280d0ee5938cba2bd4c251eee80b27fb1c70dfc

  • SSDEEP

    768:rg8q0xXJrLL/tvdUkTRQ75c0RJG7JxsLoIvCYR/9m:r7Z5HL1CkdQFc0RJpJL

  Score

  10^/10

  jokerbootkitinfostealerpersistencetrojanupx

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral1behavioral2