Overview

overview

10

Static

static

b31089376d...04.exe

windows7-x64

1

b31089376d...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b31089376dff069dca82d47f5b61cdaad447e8c8ebe5fd76ce7f7dac0ac8dd04

  • Size

    54KB

  • Sample

    221014-emhjmsfegm

  • MD5

    76307ca94f1e3b3a64c2e68a041d44d8

  • SHA1

    800907c39b5f34d94ee2f925bd639af66af993bf

  • SHA256

    b31089376dff069dca82d47f5b61cdaad447e8c8ebe5fd76ce7f7dac0ac8dd04

  • SHA512

    8f302b887a7c4409b569510b9d332b59cdee2294058619dd4a16292539a668a94fef9f6fb1e1f20a6a85b3949c62e1fdca1dee63f614014cddc8392617623937

  • SSDEEP

    1536:BLiSTK2DKfhw/kmBjMEWt1gKWSgfcmjxWNG9:BLiST9D2CMmBoE+gKOfnjJ9

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      b31089376dff069dca82d47f5b61cdaad447e8c8ebe5fd76ce7f7dac0ac8dd04

    • Size

      54KB

    • MD5

      76307ca94f1e3b3a64c2e68a041d44d8

    • SHA1

      800907c39b5f34d94ee2f925bd639af66af993bf

    • SHA256

      b31089376dff069dca82d47f5b61cdaad447e8c8ebe5fd76ce7f7dac0ac8dd04

    • SHA512

      8f302b887a7c4409b569510b9d332b59cdee2294058619dd4a16292539a668a94fef9f6fb1e1f20a6a85b3949c62e1fdca1dee63f614014cddc8392617623937

    • SSDEEP

      1536:BLiSTK2DKfhw/kmBjMEWt1gKWSgfcmjxWNG9:BLiST9D2CMmBoE+gKOfnjJ9

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks