joker | 269d876a8d8d56515a16699df6245f137c20e49c52c791200fbb1e2533f8124f | Triage

Submit
Reports

Overview

overview

Static

static

269d876a8d...4f.exe

windows7-x64

269d876a8d...4f.exe

windows10-2004-x64

8

Sharing

General

Target

269d876a8d8d56515a16699df6245f137c20e49c52c791200fbb1e2533f8124f
Size

59KB
Sample

221014-e7h1xagea6
MD5

6a1fcbe6ac7fc091844a1257c7fd135f
SHA1

2247ad4f1d3c8c9d0dbe1015aa1aa88b71dfb050
SHA256

269d876a8d8d56515a16699df6245f137c20e49c52c791200fbb1e2533f8124f
SHA512

a01ec5857eec66cba3f6c4afc818a6423558fa9df1e74cb4def25c0eabcab894d14dea96ba2bcd254c82fc5299d7d4a5cf38aaa519e63fb45a2840703a53e387
SSDEEP

1536:+fomE60xemL6jBBFqcH5AXbHqqt3CI7S5Nr4kRaAg2YC6:+wmx+emLwBBFqcQbLtzsF4cc236

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

269d876a8d8d56515a16699df6245f137c20e49c52c791200fbb1e2533f8124f.exe

Resource

win7-20220901-en

joker evasion infostealer persistence trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

269d876a8d8d56515a16699df6245f137c20e49c52c791200fbb1e2533f8124f.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  269d876a8d8d56515a16699df6245f137c20e49c52c791200fbb1e2533f8124f
- Size
  
  59KB
- MD5
  
  6a1fcbe6ac7fc091844a1257c7fd135f
- SHA1
  
  2247ad4f1d3c8c9d0dbe1015aa1aa88b71dfb050
- SHA256
  
  269d876a8d8d56515a16699df6245f137c20e49c52c791200fbb1e2533f8124f
- SHA512
  
  a01ec5857eec66cba3f6c4afc818a6423558fa9df1e74cb4def25c0eabcab894d14dea96ba2bcd254c82fc5299d7d4a5cf38aaa519e63fb45a2840703a53e387
- SSDEEP
  
  1536:+fomE60xemL6jBBFqcH5AXbHqqt3CI7S5Nr4kRaAg2YC6:+wmx+emLwBBFqcQbLtzsF4cc236
Score

10^/10

joker evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerevasioninfostealerpersistencetrojan

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy