Extracted

• • Target

    4e1b4ed26e00cf742ca55ecc47a9b790c964014a352ef676939ec30a845aeff3

  • Size

    840KB

  • MD5

    827f5fc064da1deb879a11f3fcfaa440

  • SHA1

    6b48994ac27161d4438b5be21b8dd3bc9123dfc2

  • SHA256

    4e1b4ed26e00cf742ca55ecc47a9b790c964014a352ef676939ec30a845aeff3

  • SHA512

    0f310226b43d31922cbcb9807feadd2b2841fd51263a4ab0b6ff39cc3a3454ad9c4216111092c74be578ae18ee0e9d68ce9abb9b271a51d4546c437069897da1

  • SSDEEP

    12288:AvIuVHsBSvMgC4PV/vqUsaJF4U03wdWTVia/SMZoS5Xv3+Rt:AvxVuSvMv49/vPsFwtMFfE

  Score

  10^/10

  upxjokerinfostealerpersistencetrojan

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2