Extracted

• • Target

    008e854e955d36c4b072c58ac5579ebcaf79990866c77dc175f5cfda2e979361

  • Size

    31KB

  • MD5

    35cb2c9635f4b5710b3b80083a6b7ce0

  • SHA1

    8696216c6bda4f4f82860a0bb17587a77e5fa034

  • SHA256

    008e854e955d36c4b072c58ac5579ebcaf79990866c77dc175f5cfda2e979361

  • SHA512

    5cd8f647c27f3c3719bf1de00068d58097afb9d727b46c14c94a49f9c7cbd5a4a1dfc55f58059a05fb376e71970b9b776c228b68c0da996b300df624f9886ea3

  • SSDEEP

    768:rc58hyoGGoFU9chbrODS8fyGWczGtxMLfbQCYR/9m:rpkoGrFU9clrODLfyGWczrML

  Score

  10^/10

  jokerbootkitdiscoveryinfostealerpersistencetrojanupxspywarestealer

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Registers COM server for autorun

    persistence

  • Sets file execution options in registry

    persistence

  • Sets service image path in registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Drops file in System32 directory

  behavioral1behavioral2