Overview

overview

10

Static

static

e2664ed981...6f.exe

windows7-x64

1

e2664ed981...6f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2664ed981b0869e0b5b864e5f4303718a77f039661796de1205045a86b2586f

  • Size

    33KB

  • Sample

    221029-yxxwvsdbh9

  • MD5

    8414a54ccaa4798c137b276ecc1c3c7f

  • SHA1

    b636af08fff1212ca37e82f21e1b5390c4e3d335

  • SHA256

    e2664ed981b0869e0b5b864e5f4303718a77f039661796de1205045a86b2586f

  • SHA512

    466a160252e60c879200d3a9bb48743dbbd1a1121aedc741ffcb6846bbaca53abd362ae20a243f9bdb956559f1f6a8dac13800acbe26046840afef58bb050498

  • SSDEEP

    768:C4URzUjUI/znSxATOj21M8kMKfpp3Rs4pG:TURzW/uqTs8kpRRs4U

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      e2664ed981b0869e0b5b864e5f4303718a77f039661796de1205045a86b2586f

    • Size

      33KB

    • MD5

      8414a54ccaa4798c137b276ecc1c3c7f

    • SHA1

      b636af08fff1212ca37e82f21e1b5390c4e3d335

    • SHA256

      e2664ed981b0869e0b5b864e5f4303718a77f039661796de1205045a86b2586f

    • SHA512

      466a160252e60c879200d3a9bb48743dbbd1a1121aedc741ffcb6846bbaca53abd362ae20a243f9bdb956559f1f6a8dac13800acbe26046840afef58bb050498

    • SSDEEP

      768:C4URzUjUI/znSxATOj21M8kMKfpp3Rs4pG:TURzW/uqTs8kpRRs4U

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks