General

  • Target

    90b5f9799cd1148545549b34d62b04907a7499713e95cf63bfdc11e503c8f27c

  • Size

    140KB

  • Sample

    221030-jnteraaac4

  • MD5

    a28879e242248d3868b6a5da8c972e69

  • SHA1

    865b6f731ad1eec562f67a0946100a2e79c57c3b

  • SHA256

    90b5f9799cd1148545549b34d62b04907a7499713e95cf63bfdc11e503c8f27c

  • SHA512

    edcba61c228c683adcd2f4da6df04788dd5a5300c2bb0c8bbf1f3b58166b8323bc839e12436faf5f8954aa5d2bbcc41b63d5818066216a750de8c25f8477de90

  • SSDEEP

    1536:UnM12OVLjlevyaRLBnLuRgiaZxRIxecePKH56Hdb+F:bPLpeTLlamiaZxRIxecePKyc

Malware Config

Targets

    • Target

      90b5f9799cd1148545549b34d62b04907a7499713e95cf63bfdc11e503c8f27c

    • Size

      140KB

    • MD5

      a28879e242248d3868b6a5da8c972e69

    • SHA1

      865b6f731ad1eec562f67a0946100a2e79c57c3b

    • SHA256

      90b5f9799cd1148545549b34d62b04907a7499713e95cf63bfdc11e503c8f27c

    • SHA512

      edcba61c228c683adcd2f4da6df04788dd5a5300c2bb0c8bbf1f3b58166b8323bc839e12436faf5f8954aa5d2bbcc41b63d5818066216a750de8c25f8477de90

    • SSDEEP

      1536:UnM12OVLjlevyaRLBnLuRgiaZxRIxecePKH56Hdb+F:bPLpeTLlamiaZxRIxecePKyc

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks