Overview

overview

10

Static

static

63b2e086fc...ce.exe

windows7-x64

1

63b2e086fc...ce.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63b2e086fc133ab32f3f1de0add964be64cad80110308976cb48c51a2ff0adce

  • Size

    54KB

  • Sample

    221002-rxz8nacdap

  • MD5

    6dca863db18526122faeb34d52ba7144

  • SHA1

    2e32561043f0b83013bcb61dfa334f44ef5b66b6

  • SHA256

    63b2e086fc133ab32f3f1de0add964be64cad80110308976cb48c51a2ff0adce

  • SHA512

    a4999a50c32cb6897fc320b23f2745ded82b1eaec606845add20b1330cd3f655a5f1647d9170ffef6210c22ae559a14ef8e3e28971b0013a0768b335f90113b9

  • SSDEEP

    1536:gQ7Uv00YEHGTYZzyh9/TNtfQUgNNVNJlkzS:gQ70YEFzgZTNXki+

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      63b2e086fc133ab32f3f1de0add964be64cad80110308976cb48c51a2ff0adce

    • Size

      54KB

    • MD5

      6dca863db18526122faeb34d52ba7144

    • SHA1

      2e32561043f0b83013bcb61dfa334f44ef5b66b6

    • SHA256

      63b2e086fc133ab32f3f1de0add964be64cad80110308976cb48c51a2ff0adce

    • SHA512

      a4999a50c32cb6897fc320b23f2745ded82b1eaec606845add20b1330cd3f655a5f1647d9170ffef6210c22ae559a14ef8e3e28971b0013a0768b335f90113b9

    • SSDEEP

      1536:gQ7Uv00YEHGTYZzyh9/TNtfQUgNNVNJlkzS:gQ70YEFzgZTNXki+

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks