Overview

overview

10

Static

static

3a8446db08...33.exe

windows7-x64

1

3a8446db08...33.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a8446db081607910314bd899a0138ef171372073917538e5a5a5b354c442633

  • Size

    54KB

  • Sample

    221014-emmhlafegr

  • MD5

    42abd605710305c56c9a7e88f32cc97f

  • SHA1

    76af895c3f15e63301134628050e4eb0f1f2313c

  • SHA256

    3a8446db081607910314bd899a0138ef171372073917538e5a5a5b354c442633

  • SHA512

    a8053ac979a4066682d9eab708d137e491f2edc599d0acbf253c2c360d97dcb386cd986c89089bccf864ca50e7a93124084d8026e696450d1bad22990c549bea

  • SSDEEP

    1536:smL/ODyx+/DZZoKl5TvvYkP9fQQ57lDElNOA:bd+/DLoUTnYgKQLnA

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      3a8446db081607910314bd899a0138ef171372073917538e5a5a5b354c442633

    • Size

      54KB

    • MD5

      42abd605710305c56c9a7e88f32cc97f

    • SHA1

      76af895c3f15e63301134628050e4eb0f1f2313c

    • SHA256

      3a8446db081607910314bd899a0138ef171372073917538e5a5a5b354c442633

    • SHA512

      a8053ac979a4066682d9eab708d137e491f2edc599d0acbf253c2c360d97dcb386cd986c89089bccf864ca50e7a93124084d8026e696450d1bad22990c549bea

    • SSDEEP

      1536:smL/ODyx+/DZZoKl5TvvYkP9fQQ57lDElNOA:bd+/DLoUTnYgKQLnA

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks