joker | 38736aa5a70a46cea29d7be976dcb34e9add9a0f129ccf39b90f5576b2ca9d7a | Triage

Submit
Reports

Overview

overview

Static

static

38736aa5a7...7a.exe

windows7-x64

38736aa5a7...7a.exe

windows10-2004-x64

Sharing

General

Target

38736aa5a70a46cea29d7be976dcb34e9add9a0f129ccf39b90f5576b2ca9d7a
Size

58KB
Sample

221021-t3rvksefe6
MD5

49aa6579097ad38f9a576502b0d00f4e
SHA1

95e16418ae8d4d3d26b5a9d6489622a5c2e059e7
SHA256

38736aa5a70a46cea29d7be976dcb34e9add9a0f129ccf39b90f5576b2ca9d7a
SHA512

e3223518e03ee46542f9b0e9c4576b21887062fe111194a773cc2f606fbe969c643c26b20b4fbf3ef161a79ec4cf01d488b54f4666ebc4d5786ec6d96730d78e
SSDEEP

768:QO02IgEzCGk1Is0Lt1Ey9d0XNfTPL7mSsGXdFsmoeCkdJXFjjbhueSYoUeS:B0nRPEsmwdmfTX/XdDoJ+Nxj9ueSYoy

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

38736aa5a70a46cea29d7be976dcb34e9add9a0f129ccf39b90f5576b2ca9d7a.exe

Resource

win7-20220812-en

joker evasion infostealer persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

38736aa5a70a46cea29d7be976dcb34e9add9a0f129ccf39b90f5576b2ca9d7a.exe

Resource

win10v2004-20220812-en

joker evasion infostealer persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  38736aa5a70a46cea29d7be976dcb34e9add9a0f129ccf39b90f5576b2ca9d7a
- Size
  
  58KB
- MD5
  
  49aa6579097ad38f9a576502b0d00f4e
- SHA1
  
  95e16418ae8d4d3d26b5a9d6489622a5c2e059e7
- SHA256
  
  38736aa5a70a46cea29d7be976dcb34e9add9a0f129ccf39b90f5576b2ca9d7a
- SHA512
  
  e3223518e03ee46542f9b0e9c4576b21887062fe111194a773cc2f606fbe969c643c26b20b4fbf3ef161a79ec4cf01d488b54f4666ebc4d5786ec6d96730d78e
- SSDEEP
  
  768:QO02IgEzCGk1Is0Lt1Ey9d0XNfTPL7mSsGXdFsmoeCkdJXFjjbhueSYoUeS:B0nRPEsmwdmfTX/XdDoJ+Nxj9ueSYoy
Score

10^/10

joker evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerevasioninfostealerpersistencetrojan

behavioral2

jokerevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy