Overview

overview

10

Static

static

aman_2.3.5_0928.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aman_2.3.5_0928.exe

  • Size

    27.9MB

  • Sample

    221112-vqevxsgg63

  • MD5

    07379cefd4efda2684d0661823322b4a

  • SHA1

    badbc58867b94e0e3846e9e1d3fb9387e0703144

  • SHA256

    e01b59676faed2e6c51ecd1624302b27c85a25913358c879826a9678ad0d89e4

  • SHA512

    e348e9ecedb691a1a680185379be268e24d01b1886a13ef68a8e6ec71eff7d431619a19fec384944d98709831ad46b087755a9c45d0a110cd878b524fe499a2e

  • SSDEEP

    393216:ZUTrvXJ8IEOIsFJezerhJjGSjzCNKUkUD9WuFPXKVcnuRWn4JIa/EpjqxM3lErB0:yMOIeezelJS562PXKV8ug4JIBpjSEEm

Score
10/10
jokerdiscoveryinfostealerpersistencetrojan

Malware Config

Extracted

Family

joker

C2

https://hw-gn.oss-accelerate.aliyuncs.com

Targets

    • Target

      aman_2.3.5_0928.exe

    • Size

      27.9MB

    • MD5

      07379cefd4efda2684d0661823322b4a

    • SHA1

      badbc58867b94e0e3846e9e1d3fb9387e0703144

    • SHA256

      e01b59676faed2e6c51ecd1624302b27c85a25913358c879826a9678ad0d89e4

    • SHA512

      e348e9ecedb691a1a680185379be268e24d01b1886a13ef68a8e6ec71eff7d431619a19fec384944d98709831ad46b087755a9c45d0a110cd878b524fe499a2e

    • SSDEEP

      393216:ZUTrvXJ8IEOIsFJezerhJjGSjzCNKUkUD9WuFPXKVcnuRWn4JIa/EpjqxM3lErB0:yMOIeezelJS562PXKV8ug4JIBpjSEEm

    Score
    10/10
    jokerdiscoveryinfostealerpersistencetrojan

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • Creates new service(s)

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks