joker | 38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0

Analysis

max time kernel
117s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 01:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
Size

668KB
MD5

5df6381a3558d1566a86d05e9e576fb0
SHA1

494138abc7678d541943af13a1ce1316fb3c344a
SHA256

38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0
SHA512

d647aac6668e1ac0988ccd5924f6fba325decb9bc753c6508ed8d428c3a47e73f374d4aa04dfa8ce1947673ac584bdb4bf1cc0ae98ad2a53597a745bec116894
SSDEEP

12288:t3L5SdSM6sXkviIaNINeBzYasamEIOno+rK+4w7vv:t18L+iIaON+Ya3zsu3

Score

10^/10

joker infostealer trojan

Malware Config

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\IESettingSync	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
804	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
804	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
804	38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe

C:\Users\Admin\AppData\Local\Temp\38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe
"C:\Users\Admin\AppData\Local\Temp\38ca74e6c53f8662c27fce4c7e33ea8cf36e30d3d4a72cfaa53888401c3461b0.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads