joker | 414511c6a3497dc4b1c22cf57fa7a62d674f1c13a3f8ad34596b01d3bc7997fb | Triage

Submit
Reports

Overview

overview

Static

static

1

414511c6a3...fb.exe

windows7-x64

414511c6a3...fb.exe

windows10-2004-x64

Sharing

General

Target

414511c6a3497dc4b1c22cf57fa7a62d674f1c13a3f8ad34596b01d3bc7997fb
Size

258KB
Sample

221002-29gbesgcem
MD5

073a7a4183c3be2f8e17e330f7f14a3e
SHA1

1dccd1ea3b1f8cb85802a959100e28a03c69c88d
SHA256

414511c6a3497dc4b1c22cf57fa7a62d674f1c13a3f8ad34596b01d3bc7997fb
SHA512

c4dadb6da3825f1bc58f43d0979cb661ad8e276e3f7ee92bc1d75fac7ed58eca3dce5dbf657dc3131d8e80676021c2df9abf19b5caf8c69f70c890b244150de0
SSDEEP

6144:lhRpgKLfAX79/Gh++wSR284Z/azGN44XtjxwXiKEeDzwHk/Z7EUaXMal:D+Ls2n84ZCCNPtjxwXiKEenwHk/Zxaf

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

414511c6a3497dc4b1c22cf57fa7a62d674f1c13a3f8ad34596b01d3bc7997fb.exe

Resource

win7-20220901-en

joker evasion infostealer persistence trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

414511c6a3497dc4b1c22cf57fa7a62d674f1c13a3f8ad34596b01d3bc7997fb.exe

Resource

win10v2004-20220812-en

joker evasion infostealer persistence trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  414511c6a3497dc4b1c22cf57fa7a62d674f1c13a3f8ad34596b01d3bc7997fb
- Size
  
  258KB
- MD5
  
  073a7a4183c3be2f8e17e330f7f14a3e
- SHA1
  
  1dccd1ea3b1f8cb85802a959100e28a03c69c88d
- SHA256
  
  414511c6a3497dc4b1c22cf57fa7a62d674f1c13a3f8ad34596b01d3bc7997fb
- SHA512
  
  c4dadb6da3825f1bc58f43d0979cb661ad8e276e3f7ee92bc1d75fac7ed58eca3dce5dbf657dc3131d8e80676021c2df9abf19b5caf8c69f70c890b244150de0
- SSDEEP
  
  6144:lhRpgKLfAX79/Gh++wSR284Z/azGN44XtjxwXiKEeDzwHk/Z7EUaXMal:D+Ls2n84ZCCNPtjxwXiKEenwHk/Zxaf
Score

10^/10

joker evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Adds policy Run key to start application
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

jokerevasioninfostealerpersistencetrojan

behavioral2

jokerevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy