Overview

overview

10

Static

static

8

e8ae93e2be...d1.exe

windows7-x64

10

e8ae93e2be...d1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    126s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2022 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8ae93e2bee6d0bb0648ca6517b866401f5e19bf2b66a7041b3cc3d5db6528d1.exe

  • Size

    1.9MB

  • MD5

    05ac88e718d0a8e55d612e6e7619ccec

  • SHA1

    848c308fc11f859fac91476e146c6d9f9ee08846

  • SHA256

    e8ae93e2bee6d0bb0648ca6517b866401f5e19bf2b66a7041b3cc3d5db6528d1

  • SHA512

    af1a14a5a80d97fd0eb4fb60d1da6ff771e86d45aa32aa75511500da8ebf4108fa8e04f119babbd92d05e2a6950319c447c8c0495c2f28a013f373088ada67b9

  • SSDEEP

    49152:sLHxSkIJ0kTZe90YzCHwWvh+TqJQdViG0CaLUKzW+:YSp0ge0YzCHVhVQdVivdj

Score
10/10
jokerinfostealertrojanupxvmprotect

Malware Config

Extracted

Family

joker

C2

http://qqydw.oss-cn-beijing.aliyuncs.com

Signatures

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8ae93e2bee6d0bb0648ca6517b866401f5e19bf2b66a7041b3cc3d5db6528d1.exe
    "C:\Users\Admin\AppData\Local\Temp\e8ae93e2bee6d0bb0648ca6517b866401f5e19bf2b66a7041b3cc3d5db6528d1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2236-132-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2236-133-0x0000000002950000-0x0000000002B1D000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2236-135-0x0000000002950000-0x0000000002B1D000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2236-136-0x0000000002950000-0x0000000002B1D000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2236-140-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-141-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-143-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-145-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-147-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-149-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-151-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-153-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-155-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-157-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-159-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-161-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-163-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-165-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-167-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-169-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-171-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-173-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-175-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-177-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-179-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-181-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2236-182-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2236-183-0x0000000002950000-0x0000000002B1D000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2236-184-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download