Overview

overview

10

Static

static

4c73935480...c7.exe

windows7-x64

10

4c73935480...c7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c73935480bfcbe7a750100c35eec48a5da16bca5b44cd77ae025224d95cfac7

  • Size

    164KB

  • Sample

    221002-27pj1sgbgj

  • MD5

    6498891a348c588fad43b4645c090a00

  • SHA1

    fec1bb4e3a7bf313e4d6e4bb7e8c9b8da982fb45

  • SHA256

    4c73935480bfcbe7a750100c35eec48a5da16bca5b44cd77ae025224d95cfac7

  • SHA512

    2e091165379d056e55d4a436c1d179e102e1283db5712ee8485b3bc9cafc087f191839b1f48488376c042ec0256f5d5c5ef12fe5f15dc1aacf049b4fddb7c8fa

  • SSDEEP

    1536:fO2bUCAKF9gN72keUvYQKFUi4doJqaRQo9ioSlbfD4dDWRlWVRK8+m:doIqN7yw3zdoJbCo9mln4FLB

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      4c73935480bfcbe7a750100c35eec48a5da16bca5b44cd77ae025224d95cfac7

    • Size

      164KB

    • MD5

      6498891a348c588fad43b4645c090a00

    • SHA1

      fec1bb4e3a7bf313e4d6e4bb7e8c9b8da982fb45

    • SHA256

      4c73935480bfcbe7a750100c35eec48a5da16bca5b44cd77ae025224d95cfac7

    • SHA512

      2e091165379d056e55d4a436c1d179e102e1283db5712ee8485b3bc9cafc087f191839b1f48488376c042ec0256f5d5c5ef12fe5f15dc1aacf049b4fddb7c8fa

    • SSDEEP

      1536:fO2bUCAKF9gN72keUvYQKFUi4doJqaRQo9ioSlbfD4dDWRlWVRK8+m:doIqN7yw3zdoJbCo9mln4FLB

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks