Overview

overview

10

Static

static

db0276025a...17.exe

windows7-x64

8

db0276025a...17.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db0276025aad4d2c3fd05ec76e8a7bcc5801cbf0cf23b42e5ee4138b2d7c9c17

  • Size

    57KB

  • Sample

    221002-l88fhsaga5

  • MD5

    65357f682c11e1ba994a80106275ff6f

  • SHA1

    64d24fafbdbe9e1fc8afc113e7c60fba863e40a3

  • SHA256

    db0276025aad4d2c3fd05ec76e8a7bcc5801cbf0cf23b42e5ee4138b2d7c9c17

  • SHA512

    41d70e1b5c88f2c354519d5a67f62bf29c16e7c448c99945c7f71e79c5f0022e9e2080231fe00f15bb18c125268027b319da4d0bf1d4268c25c07b44e3cb5f6a

  • SSDEEP

    1536:+TbbFsJXt+zYI6evWmB05G4MkX9hqHvlLkrS:+ZMXE81b9Okb09GS

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      db0276025aad4d2c3fd05ec76e8a7bcc5801cbf0cf23b42e5ee4138b2d7c9c17

    • Size

      57KB

    • MD5

      65357f682c11e1ba994a80106275ff6f

    • SHA1

      64d24fafbdbe9e1fc8afc113e7c60fba863e40a3

    • SHA256

      db0276025aad4d2c3fd05ec76e8a7bcc5801cbf0cf23b42e5ee4138b2d7c9c17

    • SHA512

      41d70e1b5c88f2c354519d5a67f62bf29c16e7c448c99945c7f71e79c5f0022e9e2080231fe00f15bb18c125268027b319da4d0bf1d4268c25c07b44e3cb5f6a

    • SSDEEP

      1536:+TbbFsJXt+zYI6evWmB05G4MkX9hqHvlLkrS:+ZMXE81b9Okb09GS

    Score
    10/10
    evasionpersistencejokerinfostealertrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks