joker | 47401ea1a374382c5a3356612a00757c782856b22c8ea0c496052c9c832545d3 | Triage

Submit
Reports

Overview

overview

Static

static

47401ea1a3...d3.exe

windows7-x64

8

47401ea1a3...d3.exe

windows10-2004-x64

Sharing

General

Target

47401ea1a374382c5a3356612a00757c782856b22c8ea0c496052c9c832545d3
Size

57KB
Sample

221002-l89zcaaga6
MD5

40a49a34fe9339ab55be68d526999df8
SHA1

3c4efc3b6088030e1cc77dc8cf5e9582df9d7348
SHA256

47401ea1a374382c5a3356612a00757c782856b22c8ea0c496052c9c832545d3
SHA512

0645744d8bc1a55a2d94e4e2b2877ea58b3ca54111300273e0331849260cad5bffc30f736d610261c2d1c7cfe9760b4cfd15d3beefbb26bb2650128354365327
SSDEEP

768:hBRMLJshpXC1tlRiYTqyFN9Mwxgb+qi90sG3gGaru+6o6cAT5LZwmChDkGBh9OHX:hBFwt8Om/sPruWOLZwmChgGzg+fPVG6g

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

47401ea1a374382c5a3356612a00757c782856b22c8ea0c496052c9c832545d3.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

47401ea1a374382c5a3356612a00757c782856b22c8ea0c496052c9c832545d3.exe

Resource

win10v2004-20220812-en

joker evasion infostealer persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  47401ea1a374382c5a3356612a00757c782856b22c8ea0c496052c9c832545d3
- Size
  
  57KB
- MD5
  
  40a49a34fe9339ab55be68d526999df8
- SHA1
  
  3c4efc3b6088030e1cc77dc8cf5e9582df9d7348
- SHA256
  
  47401ea1a374382c5a3356612a00757c782856b22c8ea0c496052c9c832545d3
- SHA512
  
  0645744d8bc1a55a2d94e4e2b2877ea58b3ca54111300273e0331849260cad5bffc30f736d610261c2d1c7cfe9760b4cfd15d3beefbb26bb2650128354365327
- SSDEEP
  
  768:hBRMLJshpXC1tlRiYTqyFN9Mwxgb+qi90sG3gGaru+6o6cAT5LZwmChDkGBh9OHX:hBFwt8Om/sPruWOLZwmChgGzg+fPVG6g
Score

10^/10

evasion persistence joker infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

jokerevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy