joker | d6cca03bee74ec4296f6c1a077f87110b1a4c5397adaba68c3df97317e9ca991 | Triage

Submit
Reports

Overview

overview

Static

static

d6cca03bee...91.exe

windows7-x64

8

d6cca03bee...91.exe

windows10-2004-x64

Sharing

General

Target

d6cca03bee74ec4296f6c1a077f87110b1a4c5397adaba68c3df97317e9ca991
Size

168KB
Sample

221030-j3tn3abfhq
MD5

93a6cd5a811ca5e01f96a1849fc2f8e8
SHA1

6ca0c859bb02612d83e0740101426e7c17686168
SHA256

d6cca03bee74ec4296f6c1a077f87110b1a4c5397adaba68c3df97317e9ca991
SHA512

21b58875673f36d564d9259336ecab8f1bcebdff8dd3cfbf3fc3d157182fc063772f996fc54daf270ca44d717fb1ad494a929fcab327cc8153f80cc9cdf69476
SSDEEP

1536:aHob+TnkkpRNGojAbnXlkjZ2G+7ErBnOZn2KcGO3Ekm+7UmNhG6n3+f:sOukkJGoEbXldaE5eAp

Score

10^/10

joker evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

d6cca03bee74ec4296f6c1a077f87110b1a4c5397adaba68c3df97317e9ca991.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

d6cca03bee74ec4296f6c1a077f87110b1a4c5397adaba68c3df97317e9ca991.exe

Resource

win10v2004-20220812-en

joker evasion infostealer persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  d6cca03bee74ec4296f6c1a077f87110b1a4c5397adaba68c3df97317e9ca991
- Size
  
  168KB
- MD5
  
  93a6cd5a811ca5e01f96a1849fc2f8e8
- SHA1
  
  6ca0c859bb02612d83e0740101426e7c17686168
- SHA256
  
  d6cca03bee74ec4296f6c1a077f87110b1a4c5397adaba68c3df97317e9ca991
- SHA512
  
  21b58875673f36d564d9259336ecab8f1bcebdff8dd3cfbf3fc3d157182fc063772f996fc54daf270ca44d717fb1ad494a929fcab327cc8153f80cc9cdf69476
- SSDEEP
  
  1536:aHob+TnkkpRNGojAbnXlkjZ2G+7ErBnOZn2KcGO3Ekm+7UmNhG6n3+f:sOukkJGoEbXldaE5eAp
Score

10^/10

evasion persistence joker infostealer trojan
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

jokerevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy