joker | fd829505630a80cee334c85eaa40762589d651c033b87c998a1e3234a8514c01 | Triage

Submit
Reports

Overview

overview

Static

static

fd82950563...01.exe

windows7-x64

fd82950563...01.exe

windows10-2004-x64

8

Sharing

General

Target

fd829505630a80cee334c85eaa40762589d651c033b87c998a1e3234a8514c01
Size

59KB
Sample

221013-1vbxqaffd7
MD5

695edd78423b0707179148f2ce0c7ca0
SHA1

a34db5ad4bf9f14cebd091353bff9f84f3286770
SHA256

fd829505630a80cee334c85eaa40762589d651c033b87c998a1e3234a8514c01
SHA512

46b895657e44fc8d9af21903c30d054eb6728a252c28e347d1300dc49b7745d507196dfb91d60d307bc8cd2b7de7e4c329525c9f8d0f62e545afaec6e0937fd3
SSDEEP

1536:gS9sf3ewWNlLC+U1xf4Trnm4GDvJO7kEd:gS9sfuwqBU1B4TrmBOA+

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

fd829505630a80cee334c85eaa40762589d651c033b87c998a1e3234a8514c01.exe

Resource

win7-20220812-en

joker evasion infostealer persistence trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd829505630a80cee334c85eaa40762589d651c033b87c998a1e3234a8514c01.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  fd829505630a80cee334c85eaa40762589d651c033b87c998a1e3234a8514c01
- Size
  
  59KB
- MD5
  
  695edd78423b0707179148f2ce0c7ca0
- SHA1
  
  a34db5ad4bf9f14cebd091353bff9f84f3286770
- SHA256
  
  fd829505630a80cee334c85eaa40762589d651c033b87c998a1e3234a8514c01
- SHA512
  
  46b895657e44fc8d9af21903c30d054eb6728a252c28e347d1300dc49b7745d507196dfb91d60d307bc8cd2b7de7e4c329525c9f8d0f62e545afaec6e0937fd3
- SSDEEP
  
  1536:gS9sf3ewWNlLC+U1xf4Trnm4GDvJO7kEd:gS9sfuwqBU1B4TrmBOA+
Score

10^/10

joker evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerevasioninfostealerpersistencetrojan

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy