Overview

overview

10

Static

static

891c300ffd...7f.exe

windows7-x64

1

891c300ffd...7f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    891c300ffd60c4783921abc2b9471afa27fc51034b81861a7893aba8df32ed7f

  • Size

    46KB

  • Sample

    221030-jnt2aabagj

  • MD5

    92f7720dca0798245ea9d53188364001

  • SHA1

    154a0c5125176d2166d0c74f9d9f1cc0d60c7f6c

  • SHA256

    891c300ffd60c4783921abc2b9471afa27fc51034b81861a7893aba8df32ed7f

  • SHA512

    fde0eb31bdbc5547e65130a7c76157179f4adc09cd68c110fe7d69a36d740b1427feb1b54049080c9104c3f3ac6f3a666d466b67acd845687ee453cb528c5653

  • SSDEEP

    768:9GCV6O58awRoAvZDV49ieUXgn4SSciyS1gPZ4DLPLJKPM:DV/lfI1KYefnscpS1gPZ4DLDJKPM

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      891c300ffd60c4783921abc2b9471afa27fc51034b81861a7893aba8df32ed7f

    • Size

      46KB

    • MD5

      92f7720dca0798245ea9d53188364001

    • SHA1

      154a0c5125176d2166d0c74f9d9f1cc0d60c7f6c

    • SHA256

      891c300ffd60c4783921abc2b9471afa27fc51034b81861a7893aba8df32ed7f

    • SHA512

      fde0eb31bdbc5547e65130a7c76157179f4adc09cd68c110fe7d69a36d740b1427feb1b54049080c9104c3f3ac6f3a666d466b67acd845687ee453cb528c5653

    • SSDEEP

      768:9GCV6O58awRoAvZDV49ieUXgn4SSciyS1gPZ4DLPLJKPM:DV/lfI1KYefnscpS1gPZ4DLDJKPM

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks