joker | 5d393ac741a938ad7c33567df1dfe82c9bfe12b4ecfacf86ca9362bf1846e0c7

Analysis

max time kernel
69s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2022 10:35

Target

5d393ac741a938ad7c33567df1dfe82c9bfe12b4ecfacf86ca9362bf1846e0c7.exe
Size

688KB
MD5

cac0e8d55398b0834ef798f5b03c5921
SHA1

0c9a9c745d89b63a40c6a804e3b06ec26c46ac39
SHA256

5d393ac741a938ad7c33567df1dfe82c9bfe12b4ecfacf86ca9362bf1846e0c7
SHA512

748873548d86e7363923acc82e6ddfd8e440946e2e036681961dfff1312443dee469ba77d8d6c6278e66d81922441b21961c508d8c255cafce4168571dcd69fa
SSDEEP

12288:o5Invap7CV59EWMZmRSQL7SGOf9U0AJo9fKRxmO+Bhk8wfq1lKouVhbbtpz:o5VpW59jMZmRxL7SGOOoyvf+BhofqmVf

Score

10^/10

Family

joker

https://kexiao.oss-cn-shanghai.aliyuncs.com

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
992	5d393ac741a938ad7c33567df1dfe82c9bfe12b4ecfacf86ca9362bf1846e0c7.exe
992	5d393ac741a938ad7c33567df1dfe82c9bfe12b4ecfacf86ca9362bf1846e0c7.exe

C:\Users\Admin\AppData\Local\Temp\5d393ac741a938ad7c33567df1dfe82c9bfe12b4ecfacf86ca9362bf1846e0c7.exe
"C:\Users\Admin\AppData\Local\Temp\5d393ac741a938ad7c33567df1dfe82c9bfe12b4ecfacf86ca9362bf1846e0c7.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:992

memory/992-132-0x0000000000400000-0x000000000059D000-memory.dmp

Filesize
1.6MB

Download
memory/992-133-0x0000000000400000-0x000000000059D000-memory.dmp

Filesize
1.6MB

Download
memory/992-134-0x0000000000400000-0x000000000059D000-memory.dmp

Filesize
1.6MB

Download
memory/992-135-0x0000000000400000-0x000000000059D000-memory.dmp

Filesize
1.6MB

Download