MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0610f14dfa8685276e6eb915570b8fbaad22ccf5084354d514e96fc2c2f92d09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Joker


Vendor detections: 5


Intelligence 5 IOCs YARA 12 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0610f14dfa8685276e6eb915570b8fbaad22ccf5084354d514e96fc2c2f92d09
SHA3-384 hash: 1895a3d161b672293cdc3c7f9b980f8dd64a3beb3d803c615e485e39ca3eaf2fdd4d071458073cae2baa92bc8efad558
SHA1 hash: 04689646628411e9a324324cded9f2adc458c05a
MD5 hash: 0fa895957535e2ab0431bfe961a8cf39
humanhash: lactose-sierra-london-freddie
File name:com.text.imessages.texting.sms.mms_1.43.xapk
Download: download sample
Signature Joker
Create hunting rule
File size:18'864'378 bytes
First seen:2026-04-28 14:37:52 UTC
Last seen:Never
File type: xapk
MIME type:application/zip
ssdeep 393216:g/fJ63yiIz51dYbEzyAt9rQxCuKrW701QCF6:gp63XU1ibvgcFv46
TLSH T10017D049F51CD42BEEC9B0BC8D8B07D3B5627C151614C18B2822B60DFDB37D4AA66BE1
TrID 77.1% (.JAR) Java Archive (13500/1/2)
22.8% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter Anonymous
Tags:joker malware xapk

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
RU RU
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 crypto evasive fingerprint masquerade persistence signed
Link:
https://www.filescan.io/uploads/69f0c66781aa9ec3bc2f1e44/reports/b499c845-c6db-4b34-baf5-ee65469d781f/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0610f14dfa8685276e6eb915570b8fbaad22ccf5084354d514e96fc2c2f92d09
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/0610f14dfa8685276e6eb915570b8fbaad22ccf5084354d514e96fc2c2f92d09
Verdict:
Clean
File Type:
zip
Link:
https://opentip.kaspersky.com/0610f14dfa8685276e6eb915570b8fbaad22ccf5084354d514e96fc2c2f92d09/results?tab=lookup
Score:
72%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/0610f14dfa8685276e6eb915570b8fbaad22ccf5084354d514e96fc2c2f92d09
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0610f14dfa8685276e6eb915570b8fbaad22ccf5084354d514e96fc2c2f92d09/
Threat name:
Android.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-04-28 14:39:37 UTC
File Type:
Binary (Archive)
Extracted files:
1448
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ayipctp2q2cso3toxekvoc4pxkwsfthvbbbvjviu5fx4fqxzfueq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/260428-rzy4daay7t/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/0610f14dfa8685276e6eb915570b8fbaad22ccf5084354d514e96fc2c2f92d09

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:SUSP_ZIP_Smuggling_Jun01
Create hunting rule
Author:delivr.to
Description:ZIP archives with data smuggled between last file record and the central directory.
Reference:https://github.com/Octoberfest7/zip_smuggling/
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:Weedhack_Family_Generic
Create hunting rule
Author:jlab
Description:Generic Weedhack family detection
Rule name:WHIRLPOOL_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for WhirlPool constants
Rule name:without_attachments
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the no presence of any attachment
Reference:http://laboratorio.blogs.hispasec.com/
Rule name:with_urls
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the presence of an or several urls
Reference:http://laboratorio.blogs.hispasec.com/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://play.google.com/store/apps/details?id=com.text.imessages.texting.sms.mms

Comments