joker

General

Target

031232fd2a6bf37a2af72adb3c4d368e7fcf3d10b2d3c1372cf38cf9c25bfc01
Size

56KB
Sample

221020-hkhcmsacf2
MD5

819bdbeea7ef91e0f32bee99678d4080
SHA1

ab3f5712781c6805fd19ee9e93d6d5fd47f666d0
SHA256

031232fd2a6bf37a2af72adb3c4d368e7fcf3d10b2d3c1372cf38cf9c25bfc01
SHA512

2b48cba66f4919b7cd48398af199b4648e4b016231aa88e9c546067ec157f997f453488ef5b48b6b54d4fec37d8ce0e9af6dc2f5c0714de71d691fe2f6b0c416
SSDEEP

1536:WZBxKZvZHDW9IDW8cUVgm3fewVK/VSBzS9:GxKZvZHDW9IDW87Wm3mwVK/VSBzS

Score

10^/10

Malware Config

Extracted

Family

joker

C2

http://wuji.oss-cn-hangzhou.aliyuncs.com

Targets

- Target
  
  031232fd2a6bf37a2af72adb3c4d368e7fcf3d10b2d3c1372cf38cf9c25bfc01
- Size
  
  56KB
- MD5
  
  819bdbeea7ef91e0f32bee99678d4080
- SHA1
  
  ab3f5712781c6805fd19ee9e93d6d5fd47f666d0
- SHA256
  
  031232fd2a6bf37a2af72adb3c4d368e7fcf3d10b2d3c1372cf38cf9c25bfc01
- SHA512
  
  2b48cba66f4919b7cd48398af199b4648e4b016231aa88e9c546067ec157f997f453488ef5b48b6b54d4fec37d8ce0e9af6dc2f5c0714de71d691fe2f6b0c416
- SSDEEP
  
  1536:WZBxKZvZHDW9IDW8cUVgm3fewVK/VSBzS9:GxKZvZHDW9IDW87Wm3mwVK/VSBzS
Score

10^/10

joker discovery infostealer persistence trojan upx
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2