Overview

overview

10

Static

static

40b424701c...30.exe

windows7-x64

10

40b424701c...30.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40b424701cdde23a9b4bab6a58421ae79ff0507db97795571b1b49359f46d130

  • Size

    57KB

  • Sample

    221029-m7rbaadch6

  • MD5

    12203f67a96d5821bfbc786eaad05e35

  • SHA1

    2aa3f3cf895676771e5cb4bde895108f6a078a1c

  • SHA256

    40b424701cdde23a9b4bab6a58421ae79ff0507db97795571b1b49359f46d130

  • SHA512

    8669fe85885a5c8a007147b061c89442087e0de539f7cb4a5c804c7bc4e4d08589c08ea53c5cf5d6ed6f78c626a15ca6dd47dece94c75ed882759dd885c23a36

  • SSDEEP

    1536:z53rJiDSIBvPuvvrQ1Ovq64vQzJ7lZ+NF:z53rJShN9uqrQzxlZiF

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      40b424701cdde23a9b4bab6a58421ae79ff0507db97795571b1b49359f46d130

    • Size

      57KB

    • MD5

      12203f67a96d5821bfbc786eaad05e35

    • SHA1

      2aa3f3cf895676771e5cb4bde895108f6a078a1c

    • SHA256

      40b424701cdde23a9b4bab6a58421ae79ff0507db97795571b1b49359f46d130

    • SHA512

      8669fe85885a5c8a007147b061c89442087e0de539f7cb4a5c804c7bc4e4d08589c08ea53c5cf5d6ed6f78c626a15ca6dd47dece94c75ed882759dd885c23a36

    • SSDEEP

      1536:z53rJiDSIBvPuvvrQ1Ovq64vQzJ7lZ+NF:z53rJShN9uqrQzxlZiF

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks