Overview

overview

10

Static

static

c6e9613985...95.exe

windows7-x64

1

c6e9613985...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6e96139854530d9e5753e2abda26193d2a8fcf1e67fe0e56a034e7e466c7395

  • Size

    54KB

  • Sample

    221031-bj1n9saedl

  • MD5

    90695943db38b446fc2ddca6b9190b81

  • SHA1

    38cad6c8f48a23b65f1300603ee937cf3a640533

  • SHA256

    c6e96139854530d9e5753e2abda26193d2a8fcf1e67fe0e56a034e7e466c7395

  • SHA512

    0c01735869f7675fe32853776763b4ef21d89c539ca34ebfb7a6fda2f2acd5fe6811d17c839b9787d9c42f305c93de69e86b4f2a1c6f6057ed6635d4ce9a20ce

  • SSDEEP

    1536:BLiSTK2DKfhw/kmBjMEWt1gKWSgfcmjxWNGA:BLiST9D2CMmBoE+gKOfnjJA

Score
10/10
jokerevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      c6e96139854530d9e5753e2abda26193d2a8fcf1e67fe0e56a034e7e466c7395

    • Size

      54KB

    • MD5

      90695943db38b446fc2ddca6b9190b81

    • SHA1

      38cad6c8f48a23b65f1300603ee937cf3a640533

    • SHA256

      c6e96139854530d9e5753e2abda26193d2a8fcf1e67fe0e56a034e7e466c7395

    • SHA512

      0c01735869f7675fe32853776763b4ef21d89c539ca34ebfb7a6fda2f2acd5fe6811d17c839b9787d9c42f305c93de69e86b4f2a1c6f6057ed6635d4ce9a20ce

    • SSDEEP

      1536:BLiSTK2DKfhw/kmBjMEWt1gKWSgfcmjxWNGA:BLiST9D2CMmBoE+gKOfnjJA

    Score
    10/10
    jokerevasioninfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks