joker | 5b2c7b19efc6b4e06c4318cccd61e6731e9cf61d3d3c378b713d9667204496b0 | Triage

Submit
Reports

Overview

overview

Static

static

5b2c7b19ef...b0.exe

windows7-x64

1

5b2c7b19ef...b0.exe

windows10-2004-x64

Sharing

General

Target

5b2c7b19efc6b4e06c4318cccd61e6731e9cf61d3d3c378b713d9667204496b0
Size

140KB
Sample

221014-emlw3afegq
MD5

68a48c9ffd48bb7df0309185a7795ffc
SHA1

6d4d45bd8e2d35873b7999ea3d7e6c12168a4954
SHA256

5b2c7b19efc6b4e06c4318cccd61e6731e9cf61d3d3c378b713d9667204496b0
SHA512

575afdbf4a23f3a0596292c4dc9bf93cc626b9598f55c5a1819e83011ca87c7b2604ece07c495659c1a83f262939fa755e881e8bfece6a16d77bb9ef1dc7fbe2
SSDEEP

1536:UnM12OVLjlevyaRLBnLuRgiaZxRIxecePKH56Hdb+S:bPLpeTLlamiaZxRIxecePKyD

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

5b2c7b19efc6b4e06c4318cccd61e6731e9cf61d3d3c378b713d9667204496b0.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b2c7b19efc6b4e06c4318cccd61e6731e9cf61d3d3c378b713d9667204496b0.exe

Resource

win10v2004-20220901-en

joker evasion infostealer persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  5b2c7b19efc6b4e06c4318cccd61e6731e9cf61d3d3c378b713d9667204496b0
- Size
  
  140KB
- MD5
  
  68a48c9ffd48bb7df0309185a7795ffc
- SHA1
  
  6d4d45bd8e2d35873b7999ea3d7e6c12168a4954
- SHA256
  
  5b2c7b19efc6b4e06c4318cccd61e6731e9cf61d3d3c378b713d9667204496b0
- SHA512
  
  575afdbf4a23f3a0596292c4dc9bf93cc626b9598f55c5a1819e83011ca87c7b2604ece07c495659c1a83f262939fa755e881e8bfece6a16d77bb9ef1dc7fbe2
- SSDEEP
  
  1536:UnM12OVLjlevyaRLBnLuRgiaZxRIxecePKH56Hdb+S:bPLpeTLlamiaZxRIxecePKyD
Score

10^/10

joker evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

jokerevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy