General

  • Target

    2728cd6cf42c15a1ae9821eece617b34dc26bd894c8b4d3d019e5178fa56858b

  • Size

    57KB

  • Sample

    221012-v778ssdgg7

  • MD5

    7b8ca67288370184c879fe25f6606282

  • SHA1

    5a65df279f1c91ddddcd0b45d259df6c07be0545

  • SHA256

    2728cd6cf42c15a1ae9821eece617b34dc26bd894c8b4d3d019e5178fa56858b

  • SHA512

    ed6eb89446e10e759021f9c1b34ff9b22e733681f07ad4859b8c59510620800cb1b6acf682ee66e62043346d2f263d9f113911b412ebf2db1a552f6ae4797617

  • SSDEEP

    768:hBRMLJshpXC1tlRiYTqyFN9Mwxgb+qi90sG3gGaru+6o6cAT5LZwmChDkGBh9OHQ:hBFwt8Om/sPruWOLZwmChgGzg+fPVG6T

Malware Config

Targets

    • Target

      2728cd6cf42c15a1ae9821eece617b34dc26bd894c8b4d3d019e5178fa56858b

    • Size

      57KB

    • MD5

      7b8ca67288370184c879fe25f6606282

    • SHA1

      5a65df279f1c91ddddcd0b45d259df6c07be0545

    • SHA256

      2728cd6cf42c15a1ae9821eece617b34dc26bd894c8b4d3d019e5178fa56858b

    • SHA512

      ed6eb89446e10e759021f9c1b34ff9b22e733681f07ad4859b8c59510620800cb1b6acf682ee66e62043346d2f263d9f113911b412ebf2db1a552f6ae4797617

    • SSDEEP

      768:hBRMLJshpXC1tlRiYTqyFN9Mwxgb+qi90sG3gGaru+6o6cAT5LZwmChDkGBh9OHQ:hBFwt8Om/sPruWOLZwmChgGzg+fPVG6T

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks