MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d1c2bd59327cabb361cef6de90f0bf2986ce2c7309dde021b7e5ed3aec30b6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Joker


Vendor detections: 4


Intelligence 4 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d1c2bd59327cabb361cef6de90f0bf2986ce2c7309dde021b7e5ed3aec30b6d
SHA3-384 hash: bc300f4dc5b4fb8455e15c14eb8a0028d5eba646e926449a773bf695fdb16822bd7331084287a974c719c510ddb2c75b
SHA1 hash: 6eb81817b006a8ec121d609b99a8b87a40c96c12
MD5 hash: 6d8279504564cc530b4af7eba6459ae9
humanhash: lion-quiet-nuts-twenty
File name:com.furniture.technic.fileclean_1.6.xapk
Download: download sample
Signature Joker
Create hunting rule
File size:29'743'563 bytes
First seen:2026-04-17 03:27:57 UTC
Last seen:Never
File type: xapk
MIME type:application/zip
ssdeep 393216:8PLgXxYLpV3vkfNbTdkdkR1RhdJhsv8epVBb753ecrsh5ax6mtURz1h6hP:CL4YVobJrRThDwppVZ9ecrk9mfP
TLSH T17367124EFB0DFC1BC8F7F0BCDA5A42527A526C98A20187B71A01D528BE536C58F0A7D5
TrID 63.1% (.SPE) SPSS Extension (30000/1/7)
28.4% (.JAR) Java Archive (13500/1/2)
8.4% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter Anonymous
Tags:joker malware xapk

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
RU RU
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e1a8e1f68adfe1003aa308
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
adware base64 crypto evasive expand fingerprint lolbin tracker
Link:
https://www.filescan.io/uploads/69e1a8da5ea31bc68a32ecfd/reports/5ccadf71-a61d-4fd7-b179-2782ecec77b2/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5d1c2bd59327cabb361cef6de90f0bf2986ce2c7309dde021b7e5ed3aec30b6d
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/5d1c2bd59327cabb361cef6de90f0bf2986ce2c7309dde021b7e5ed3aec30b6d
Verdict:
Malicious
File Type:
zip
First seen:
2026-04-18T01:19:00Z UTC
Last seen:
2026-04-18T01:42:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5d1c2bd59327cabb361cef6de90f0bf2986ce2c7309dde021b7e5ed3aec30b6d/results?tab=lookup
Score:
93%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/5d1c2bd59327cabb361cef6de90f0bf2986ce2c7309dde021b7e5ed3aec30b6d
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=luocxvmte7flwnq455w6sdyl6kmgzywhgco54aq3pzpnhlwdbnwq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
android linux
Link:
https://tria.ge/reports/260417-d1k19aes5p/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/5d1c2bd59327cabb361cef6de90f0bf2986ce2c7309dde021b7e5ed3aec30b6d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://play.google.com/store/apps/details?id=com.furniture.technic.fileclean

Comments