joker | 9cc2fced488e3aac830bc430763b16746631b32314a44a66cdfcc5be4ba91b12 | Triage

Submit
Reports

Overview

overview

Static

static

9cc2fced48...12.exe

windows7-x64

9cc2fced48...12.exe

windows10-2004-x64

Sharing

General

Target

9cc2fced488e3aac830bc430763b16746631b32314a44a66cdfcc5be4ba91b12
Size

5.9MB
Sample

221013-hj3xysbca9
MD5

8c07d7d88f92b85c4d0c85cf391ca568
SHA1

43be5440ff01b2f14b8a631ed75520d1825882d3
SHA256

9cc2fced488e3aac830bc430763b16746631b32314a44a66cdfcc5be4ba91b12
SHA512

05d68c246be2ff85172faaf926be4d727405b33610ca82fb7b44da752daf97396b8e72137e1bf8c7fc96000bcd33381ed2e965a02c592115ff9284859b7d3b9f
SSDEEP

49152:848YhxAx/OoOlL2bZ9v4cCiOaNnjS64uyjyP8Ix+B2hQf6Bk562RJvanw:wYhW94lCKSNnjS6Y3Ix+hyKv

Score

10^/10

joker infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9cc2fced488e3aac830bc430763b16746631b32314a44a66cdfcc5be4ba91b12.exe

Resource

win7-20220901-en

joker infostealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

9cc2fced488e3aac830bc430763b16746631b32314a44a66cdfcc5be4ba91b12.exe

Resource

win10v2004-20220812-en

joker infostealer persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

joker

C2

http://ossshiping123.oss-cn-hangzhou.aliyuncs.com

Targets

- Target
  
  9cc2fced488e3aac830bc430763b16746631b32314a44a66cdfcc5be4ba91b12
- Size
  
  5.9MB
- MD5
  
  8c07d7d88f92b85c4d0c85cf391ca568
- SHA1
  
  43be5440ff01b2f14b8a631ed75520d1825882d3
- SHA256
  
  9cc2fced488e3aac830bc430763b16746631b32314a44a66cdfcc5be4ba91b12
- SHA512
  
  05d68c246be2ff85172faaf926be4d727405b33610ca82fb7b44da752daf97396b8e72137e1bf8c7fc96000bcd33381ed2e965a02c592115ff9284859b7d3b9f
- SSDEEP
  
  49152:848YhxAx/OoOlL2bZ9v4cCiOaNnjS64uyjyP8Ix+B2hQf6Bk562RJvanw:wYhW94lCKSNnjS6Y3Ix+hyKv
Score

10^/10

joker infostealer trojan persistence
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerinfostealertrojan

behavioral2

jokerinfostealerpersistencetrojan

© 2018-2025

Terms | Privacy