Overview

overview

10

Static

static

ebbe3e1f35...66.exe

windows7-x64

1

ebbe3e1f35...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebbe3e1f351dc9612f1a26c366bd8853c1e8418ee911156112cc5780fde10766

  • Size

    54KB

  • Sample

    221002-rxzxwsagh2

  • MD5

    452a9f86b73df33d595adf4524749feb

  • SHA1

    efda76fcaa721dfa70d71704a60cb26c18e202d3

  • SHA256

    ebbe3e1f351dc9612f1a26c366bd8853c1e8418ee911156112cc5780fde10766

  • SHA512

    3c5013251a4789d1bb2d20c35e2efe1a28f299ee6f6a1ee2a0a907d880ccff15bdd37c2e880f6f7a0238c1166f2593bb550ca47290ad5096b51fe799bf5682e7

  • SSDEEP

    1536:gQ7Uv00YEHGTYZzyh9/TNtfQUgNNVNJlkP:gQ70YEFzgZTNXkiP

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      ebbe3e1f351dc9612f1a26c366bd8853c1e8418ee911156112cc5780fde10766

    • Size

      54KB

    • MD5

      452a9f86b73df33d595adf4524749feb

    • SHA1

      efda76fcaa721dfa70d71704a60cb26c18e202d3

    • SHA256

      ebbe3e1f351dc9612f1a26c366bd8853c1e8418ee911156112cc5780fde10766

    • SHA512

      3c5013251a4789d1bb2d20c35e2efe1a28f299ee6f6a1ee2a0a907d880ccff15bdd37c2e880f6f7a0238c1166f2593bb550ca47290ad5096b51fe799bf5682e7

    • SSDEEP

      1536:gQ7Uv00YEHGTYZzyh9/TNtfQUgNNVNJlkP:gQ70YEFzgZTNXkiP

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks