General
-
Target
37903e1d9f8876ee33f42eb2d4d507cc35a37fb4de5408d95be31f3b5a319aec
-
Size
740KB
-
Sample
221003-hjk25sdean
-
MD5
67ef6a3258121c5c085080180698a2e0
-
SHA1
9ed5f1c51d5609b1b1402a41f2121676af9e5103
-
SHA256
37903e1d9f8876ee33f42eb2d4d507cc35a37fb4de5408d95be31f3b5a319aec
-
SHA512
b66b367b6c12f195c6b32f665b5bb25d9af9ed96224444236031b5fd9d0306294415dab3f3a489cc63dc0bf5191862485e359f453ff804138b6eb9215e61f803
-
SSDEEP
12288:+w80KZh/N1tcD1/OVQNvRtYuupRA9gN5UQXGcuWEw/+PxBTApHqxhyjY1NEAIvO+:+w80Kx1SR/Jb8T+QqWGcNXqxdApHYysU
Malware Config
Targets
-
-
Target
37903e1d9f8876ee33f42eb2d4d507cc35a37fb4de5408d95be31f3b5a319aec
-
Size
740KB
-
MD5
67ef6a3258121c5c085080180698a2e0
-
SHA1
9ed5f1c51d5609b1b1402a41f2121676af9e5103
-
SHA256
37903e1d9f8876ee33f42eb2d4d507cc35a37fb4de5408d95be31f3b5a319aec
-
SHA512
b66b367b6c12f195c6b32f665b5bb25d9af9ed96224444236031b5fd9d0306294415dab3f3a489cc63dc0bf5191862485e359f453ff804138b6eb9215e61f803
-
SSDEEP
12288:+w80KZh/N1tcD1/OVQNvRtYuupRA9gN5UQXGcuWEw/+PxBTApHqxhyjY1NEAIvO+:+w80Kx1SR/Jb8T+QqWGcNXqxdApHYysU
Score10/10-
Modifies WinLogon for persistence
-
joker
Joker is an Android malware that targets billing and SMS fraud.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-