joker | e03dae04b372e4581f8a39bd30c56b4435423c9209ea4d86dbd445faeefafd23 | Triage

Submit
Reports

Overview

overview

Static

static

1

e03dae04b3...23.exe

windows7-x64

e03dae04b3...23.exe

windows10-2004-x64

Sharing

General

Target

e03dae04b372e4581f8a39bd30c56b4435423c9209ea4d86dbd445faeefafd23
Size

943KB
Sample

221030-ezecrabhd9
MD5

a31c29394aff003f6695119188032150
SHA1

5695a7e86c933e9d20b71aa8e9edb85f3c68d2b0
SHA256

e03dae04b372e4581f8a39bd30c56b4435423c9209ea4d86dbd445faeefafd23
SHA512

ca0e10261d6f2f0cd3cebb723ad247ca02c19d8667063f4b4800aa155039257f4dcbf0701accf257aea8a03ef0384db5d4887f6965f7d2b10c84b3a47de9b40e
SSDEEP

24576:sswE9bUix084d2mVWcaW2nrwqbqzcCnwcIcS:s1koPwxWvJfwxT

Score

10^/10

joker bootkit discovery evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e03dae04b372e4581f8a39bd30c56b4435423c9209ea4d86dbd445faeefafd23.exe

Resource

win7-20220812-en

joker bootkit discovery evasion infostealer persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

e03dae04b372e4581f8a39bd30c56b4435423c9209ea4d86dbd445faeefafd23.exe

Resource

win10v2004-20220901-en

joker bootkit discovery evasion infostealer persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  e03dae04b372e4581f8a39bd30c56b4435423c9209ea4d86dbd445faeefafd23
- Size
  
  943KB
- MD5
  
  a31c29394aff003f6695119188032150
- SHA1
  
  5695a7e86c933e9d20b71aa8e9edb85f3c68d2b0
- SHA256
  
  e03dae04b372e4581f8a39bd30c56b4435423c9209ea4d86dbd445faeefafd23
- SHA512
  
  ca0e10261d6f2f0cd3cebb723ad247ca02c19d8667063f4b4800aa155039257f4dcbf0701accf257aea8a03ef0384db5d4887f6965f7d2b10c84b3a47de9b40e
- SSDEEP
  
  24576:sswE9bUix084d2mVWcaW2nrwqbqzcCnwcIcS:s1koPwxWvJfwxT
Score

10^/10

joker bootkit discovery evasion infostealer persistence trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jokerbootkitdiscoveryevasioninfostealerpersistencetrojan

behavioral2

jokerbootkitdiscoveryevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy