joker | 19cd2c2e12987623dc1eb4e5d0e439994eb74c6871a07b08638ba7ba6208b090 | Triage

Submit
Reports

Overview

overview

Static

static

19cd2c2e12...90.exe

windows7-x64

19cd2c2e12...90.exe

windows10-2004-x64

Sharing

General

Target

19cd2c2e12987623dc1eb4e5d0e439994eb74c6871a07b08638ba7ba6208b090
Size

234KB
Sample

221003-1jwgzsggaj
MD5

de64daa4bbc8b6178e6389893d6de8f2
SHA1

422467f497fd81226d7cf2849cf78c4d6d16e528
SHA256

19cd2c2e12987623dc1eb4e5d0e439994eb74c6871a07b08638ba7ba6208b090
SHA512

c1e5aae2b49653d79c49e3fbf769145fc89ddb4d1f6fce136aa8f9c191d693ba65968222c85186a8b0a859da0924590dfe444f261808ff02def673c592fa0fd1
SSDEEP

6144:LVLxh5MCavp86MyOIqfV1fRbFnmnaEcI8tKoSLr:L535MCavpB+j9dBcnaEqAoSLr

Score

10^/10

joker bootkit infostealer persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

19cd2c2e12987623dc1eb4e5d0e439994eb74c6871a07b08638ba7ba6208b090.exe

Resource

win7-20220812-en

joker bootkit infostealer persistence trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

19cd2c2e12987623dc1eb4e5d0e439994eb74c6871a07b08638ba7ba6208b090.exe

Resource

win10v2004-20220901-en

joker bootkit infostealer persistence trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

joker

C2

https://lssfot.oss-cn-hangzhou.aliyuncs.com

Targets

- Target
  
  19cd2c2e12987623dc1eb4e5d0e439994eb74c6871a07b08638ba7ba6208b090
- Size
  
  234KB
- MD5
  
  de64daa4bbc8b6178e6389893d6de8f2
- SHA1
  
  422467f497fd81226d7cf2849cf78c4d6d16e528
- SHA256
  
  19cd2c2e12987623dc1eb4e5d0e439994eb74c6871a07b08638ba7ba6208b090
- SHA512
  
  c1e5aae2b49653d79c49e3fbf769145fc89ddb4d1f6fce136aa8f9c191d693ba65968222c85186a8b0a859da0924590dfe444f261808ff02def673c592fa0fd1
- SSDEEP
  
  6144:LVLxh5MCavp86MyOIqfV1fRbFnmnaEcI8tKoSLr:L535MCavpB+j9dBcnaEqAoSLr
Score

10^/10

joker bootkit infostealer persistence trojan upx
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Downloads MZ/PE file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerbootkitinfostealerpersistencetrojanupx

behavioral2

jokerbootkitinfostealerpersistencetrojanupx

© 2018-2025

Terms | Privacy