MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a13890c7e2d50a24c68efc7d735492191257785cbedf76c678ba8c26c749a5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Joker


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a13890c7e2d50a24c68efc7d735492191257785cbedf76c678ba8c26c749a5d
SHA3-384 hash: 6e3a3889faf1cd8ccfa40701b29e48623ced5a889993f9e2503f767f351c30b069087b1068a82e4ba0f2853925e29203
SHA1 hash: fc9527d2d59dff2755ed4fa975e1569050ff6ffb
MD5 hash: 530346c3e81d8b9802883bfb119cc5c2
humanhash: crazy-massachusetts-xray-happy
File name:Big Keys Keyboard_2.0.8.apk
Download: download sample
Signature Joker
Create hunting rule
File size:11'980'498 bytes
First seen:2025-11-07 03:33:47 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 196608:3emzvrRfLkTjV+fe5NT37aSkRPXERlXaejHLNUJvWvYpuoBqR/nr3:NXRzEgWPTGH8laeTR7vH1r
TLSH T1D6C6128BBB08D93FC4369133C5A6123732B7DD1258935B73751CB20829B35899F5ABCA
TrID 43.5% (.APK) Android Package (27000/1/5)
20.1% (.VYM) VYM Mind Map (12500/1/3)
16.9% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
12.9% (.XPI) Mozilla Firefox browser extension (8000/1/1)
6.4% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter Anonymous
Tags:apk bill fraud joker malware

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
JP JP
Vendor Threat Intelligence
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
base64 crypto evasive expand fingerprint lolbin signed
Link:
https://www.filescan.io/uploads/690d68bffad650b0c9979101/reports/3433337d-408f-46ef-b5ae-895aaaa7e7c0/overview
Result
Link:
https://incinerator.cloud/#/public/report/530346c3e81d8b9802883bfb119cc5c2/detail
Application Permissions
record audio (RECORD_AUDIO)
full Internet access (INTERNET)
view network status (ACCESS_NETWORK_STATE)
prevent phone from sleeping (WAKE_LOCK)
change network connectivity (CHANGE_NETWORK_STATE)
C2DM permissions (RECEIVE)
Verdict:
Unknown
File Type:
apk
Link:
https://opentip.kaspersky.com/1a13890c7e2d50a24c68efc7d735492191257785cbedf76c678ba8c26c749a5d/results?tab=lookup
Score:
68%
Verdict:
Susipicious
File Type:
APK
Link:
https://malprob.io/report/1a13890c7e2d50a24c68efc7d735492191257785cbedf76c678ba8c26c749a5d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1a13890c7e2d50a24c68efc7d735492191257785cbedf76c678ba8c26c749a5d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dijysdd6fviketdi57d5onkjegisk54fzpw7o3dhroume3dutjoq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
android collection credential_access defense_evasion discovery evasion impact persistence
Link:
https://tria.ge/reports/251107-d4xt8azmem/
Behaviour
Checks CPU information
Checks memory information
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks the presence of a debugger
Acquires the wake lock
Queries information about active data network
Queries the mobile country code (MCC)
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Queries information about running processes on the device
Checks if the Android device is rooted.
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/4f70a84b-45e5-4616-bb97-b1d405860b36
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://play.google.com/store/apps/details?id=com.bigkey.keyboardbutton

Comments