MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a09ea41abf06de8ba8e08d6f75d7334f2982b1d51d2e7bb18c7bd4483617a85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Joker


Vendor detections: 3


Intelligence 3 IOCs YARA 5 File information Comments

SHA256 hash: 9a09ea41abf06de8ba8e08d6f75d7334f2982b1d51d2e7bb18c7bd4483617a85
SHA3-384 hash: 2f76a7e10ee8c0d81cf63ce8547df9639f5d5948e665e5fbe57f8bc2a935f64ba7a0bec2b1f7b60031db4e0217e903d6
SHA1 hash: 5a027a7d18ae40167dfd797e20313108147c9312
MD5 hash: 545d815662cbdf83d2fcde49272ca9bd
humanhash: undress-april-march-eight
File name:com.hamilton.clean.ggpro_1.1.5.xapk
Download: download sample
Signature Joker
File size:21'650'281 bytes
First seen:2026-07-01 05:45:44 UTC
Last seen:Never
File type: xapk
MIME type:application/zip
ssdeep 393216:6PLgXnBayi9w2yPKB73kZU92ERihXu8t1/0L00fHwGNWUFXsbAjfFVlJ2sW:cLOBay1yp3jcEQz1/7EZxw
TLSH T13D27228FE72DE86FC9EAA17D88B40222916358618353E3D33E16B12DED976C05F55BC0
TrID 65.0% (.APK) Android Package (27000/1/5)
25.3% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
9.6% (.ZIP) ZIP compressed archive (4000/1)
Magika unknown
Reporter Anonymous
Tags:joker malware xapk

Intelligence


File Origin
# of uploads :
1
# of downloads :
123
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
base64 fingerprint signed
Gathering data
Result
Malware family:
n/a
Score:
  6/10
Tags:
android linux
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:ldpreload
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:RANSOMWARE
Author:ToroGuitar
Rule name:telebot_framework
Author:vietdx.mb

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments