joker | 869954e2ec1483889967e93044050074d845eea0a3d7001c8b12f2d2c9470c6e | Triage

Submit
Reports

Overview

overview

Static

static

8

869954e2ec...6e.exe

windows7-x64

8

869954e2ec...6e.exe

windows10-2004-x64

Sharing

General

Target

869954e2ec1483889967e93044050074d845eea0a3d7001c8b12f2d2c9470c6e
Size

1.1MB
Sample

221030-g67zrafef6
MD5

a26369f797590c4e519bcf5088567904
SHA1

b308396e4b0776e8dbec0288bb36dd7b4988dacb
SHA256

869954e2ec1483889967e93044050074d845eea0a3d7001c8b12f2d2c9470c6e
SHA512

f43935cf498e40e0774a4b9f2ecde718f3a165ccaf337da091e5e5ad15d16354d93b2ae60c11574dcdb30c62b0dc2502095d412387074ede2ab6129ef64d3873
SSDEEP

24576:CFE//Tct4bOsAgXi/PdSmAL/stGYHLdU2SMO1N2h7HZ5ytBB7+p3uMnRs:QSVAgXiwOLHL+2BpHqjB60F

Score

10^/10

joker infostealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

869954e2ec1483889967e93044050074d845eea0a3d7001c8b12f2d2c9470c6e.exe

Resource

win7-20220812-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

869954e2ec1483889967e93044050074d845eea0a3d7001c8b12f2d2c9470c6e.exe

Resource

win10v2004-20220812-en

joker infostealer trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  869954e2ec1483889967e93044050074d845eea0a3d7001c8b12f2d2c9470c6e
- Size
  
  1.1MB
- MD5
  
  a26369f797590c4e519bcf5088567904
- SHA1
  
  b308396e4b0776e8dbec0288bb36dd7b4988dacb
- SHA256
  
  869954e2ec1483889967e93044050074d845eea0a3d7001c8b12f2d2c9470c6e
- SHA512
  
  f43935cf498e40e0774a4b9f2ecde718f3a165ccaf337da091e5e5ad15d16354d93b2ae60c11574dcdb30c62b0dc2502095d412387074ede2ab6129ef64d3873
- SSDEEP
  
  24576:CFE//Tct4bOsAgXi/PdSmAL/stGYHLdU2SMO1N2h7HZ5ytBB7+p3uMnRs:QSVAgXiwOLHL+2BpHqjB60F
Score

10^/10

upx joker infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

jokerinfostealertrojanupx

© 2018-2025

Terms | Privacy