joker | 97ee6ce417a5aa0c0264056e7073407e97738b55645bfb03cf2e2ae34173a2c2 | Triage

Submit
Reports

Overview

overview

Static

static

97ee6ce417...c2.exe

windows7-x64

1

97ee6ce417...c2.exe

windows10-2004-x64

Sharing

General

Target

97ee6ce417a5aa0c0264056e7073407e97738b55645bfb03cf2e2ae34173a2c2
Size

54KB
Sample

221003-m8c52sdbd8
MD5

0a3815fa462d80e8520ba9c617bbd285
SHA1

4b6832eaa7e7c55877188b04efafc88bc1922279
SHA256

97ee6ce417a5aa0c0264056e7073407e97738b55645bfb03cf2e2ae34173a2c2
SHA512

f4dd2e7024504b8475557fdd313b4c2815f9c0f1dfd21308ed1314b8267d7f261eca589692cdb69405d110ff4838dc565b584cc9883ea58f5aee78ca5853f8e0
SSDEEP

768:sVKm4GV4ujtuYgFC5IjezJckOyLb172+oEFZ0TORX3iSHWIwjkdLv/kcH5hUDrpg:sQKV1MyVckOG12TGX1HxwjkVnDhI+HL

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

97ee6ce417a5aa0c0264056e7073407e97738b55645bfb03cf2e2ae34173a2c2.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

97ee6ce417a5aa0c0264056e7073407e97738b55645bfb03cf2e2ae34173a2c2.exe

Resource

win10v2004-20220812-en

joker evasion infostealer persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  97ee6ce417a5aa0c0264056e7073407e97738b55645bfb03cf2e2ae34173a2c2
- Size
  
  54KB
- MD5
  
  0a3815fa462d80e8520ba9c617bbd285
- SHA1
  
  4b6832eaa7e7c55877188b04efafc88bc1922279
- SHA256
  
  97ee6ce417a5aa0c0264056e7073407e97738b55645bfb03cf2e2ae34173a2c2
- SHA512
  
  f4dd2e7024504b8475557fdd313b4c2815f9c0f1dfd21308ed1314b8267d7f261eca589692cdb69405d110ff4838dc565b584cc9883ea58f5aee78ca5853f8e0
- SSDEEP
  
  768:sVKm4GV4ujtuYgFC5IjezJckOyLb172+oEFZ0TORX3iSHWIwjkdLv/kcH5hUDrpg:sQKV1MyVckOG12TGX1HxwjkVnDhI+HL
Score

10^/10

joker evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

jokerevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy