Overview

overview

10

Static

static

2fc6cb6283...97.exe

windows7-x64

1

2fc6cb6283...97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fc6cb628310d0119424a1a25b3c8132efcaa040c0285e95005e077a11e7e897

  • Size

    160KB

  • Sample

    221021-tty8asecb2

  • MD5

    5fd2ee06fccf4e13ce4f1ad3b62a28db

  • SHA1

    4289f2de5bd69393cb4fb5190fff261a38edb8c8

  • SHA256

    2fc6cb628310d0119424a1a25b3c8132efcaa040c0285e95005e077a11e7e897

  • SHA512

    cc1f2c9f78fd2dcf2e2d02dc32f08067679238963fa9037d3d9d2fd512e8159f86eb968b8ccef982f8ceb7cd489b935b14f248a9890df42bfb471653f69a42ef

  • SSDEEP

    1536:7zOEJKTB1rO/A5J2q+MEWafDuwrZd67iS+ra68IUvIi0rQ+L:XXcTBPt+MxJwVEi/8HAz9

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      2fc6cb628310d0119424a1a25b3c8132efcaa040c0285e95005e077a11e7e897

    • Size

      160KB

    • MD5

      5fd2ee06fccf4e13ce4f1ad3b62a28db

    • SHA1

      4289f2de5bd69393cb4fb5190fff261a38edb8c8

    • SHA256

      2fc6cb628310d0119424a1a25b3c8132efcaa040c0285e95005e077a11e7e897

    • SHA512

      cc1f2c9f78fd2dcf2e2d02dc32f08067679238963fa9037d3d9d2fd512e8159f86eb968b8ccef982f8ceb7cd489b935b14f248a9890df42bfb471653f69a42ef

    • SSDEEP

      1536:7zOEJKTB1rO/A5J2q+MEWafDuwrZd67iS+ra68IUvIi0rQ+L:XXcTBPt+MxJwVEi/8HAz9

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks