Overview

overview

10

Static

static

9b6ed840c9...0f.exe

windows7-x64

1

9b6ed840c9...0f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b6ed840c999b7681d4891d363a7f442195b0bca8b00da80f24ad2a600f6170f

  • Size

    33KB

  • Sample

    221002-ls1qqshhe7

  • MD5

    6d6df4c946be2b521855e1025eb8921f

  • SHA1

    05fcfd8d87f385cfc271d7463946563e4e41af6e

  • SHA256

    9b6ed840c999b7681d4891d363a7f442195b0bca8b00da80f24ad2a600f6170f

  • SHA512

    a7a0d64c31122ea70aa9ae53f8d62d9524061663b933d4f0b8bbe9ab02280caa3587edbe4eff7bc8d0c56b50101623d40489d3adf68621ea70e3f65b7296b38d

  • SSDEEP

    384:i401dRPExlCDAzGPeRUckO0nJCBlPfPU8fMyc3Qts706xIduUy1ay8hmYNek+vvw:i4URzuR4O0kHXPjKOuRcy8hmmlfR3

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      9b6ed840c999b7681d4891d363a7f442195b0bca8b00da80f24ad2a600f6170f

    • Size

      33KB

    • MD5

      6d6df4c946be2b521855e1025eb8921f

    • SHA1

      05fcfd8d87f385cfc271d7463946563e4e41af6e

    • SHA256

      9b6ed840c999b7681d4891d363a7f442195b0bca8b00da80f24ad2a600f6170f

    • SHA512

      a7a0d64c31122ea70aa9ae53f8d62d9524061663b933d4f0b8bbe9ab02280caa3587edbe4eff7bc8d0c56b50101623d40489d3adf68621ea70e3f65b7296b38d

    • SSDEEP

      384:i401dRPExlCDAzGPeRUckO0nJCBlPfPU8fMyc3Qts706xIduUy1ay8hmYNek+vvw:i4URzuR4O0kHXPjKOuRcy8hmmlfR3

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks