MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bec85fd8af4fbfba77e31da5e3cea4a51d4db92d5abdde750338133cd8957a61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Joker


Vendor detections: 4


Intelligence 4 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bec85fd8af4fbfba77e31da5e3cea4a51d4db92d5abdde750338133cd8957a61
SHA3-384 hash: c92eb2b19a0c192257e2e8d01579bda1ec28930dd22b36a24437b54269646d3bd0cff851deb640425c9045eb058df97f
SHA1 hash: 4fea1536f6fd20e89cbbd656aab20c6617438b9b
MD5 hash: 17c8886784d1bae2c3d9ad53b3292ef3
humanhash: berlin-ack-mexico-fanta
File name:Magical+Phone+Cleaner_1.2.0.xapk
Download: download sample
Signature Joker
Create hunting rule
File size:25'690'853 bytes
First seen:2025-12-24 14:02:48 UTC
Last seen:Never
File type: xapk
MIME type:application/zip
ssdeep 393216:QPLgXCNQMIo7nWI/gVXCeiYtKaxH4Tut22gpIl0Adatwctsd+rYnmdgkGF:WLnNQMdgoeiyiTYV0IKA3Q6
TLSH T1CC471289FF0CEE2AC4B76076CE4E4236712AAD294B42C7776804B31DB9B75D44B05BE1
TrID 42.8% (.APK) Android Package (27000/1/5)
21.4% (.JAR) Java Archive (13500/1/2)
16.6% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
12.6% (.XPI) Mozilla Firefox browser extension (8000/1/1)
6.3% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter Anonymous
Tags:joker malware xapk

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
JP JP
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694bf2b101c7b4a8fe554bbb
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
base64 crypto evasive expand fingerprint lolbin signed
Link:
https://www.filescan.io/uploads/694bf2a8e126b9ff438ffa56/reports/dfee0a47-c464-4385-8703-b1f4341c9f65/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/bec85fd8af4fbfba77e31da5e3cea4a51d4db92d5abdde750338133cd8957a61
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/bec85fd8af4fbfba77e31da5e3cea4a51d4db92d5abdde750338133cd8957a61
Score:
72%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/bec85fd8af4fbfba77e31da5e3cea4a51d4db92d5abdde750338133cd8957a61
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x3ef7wfpj673u57ddws6htveuuou3ojnlk6545idhajtzwevpjqq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
android
Link:
https://tria.ge/reports/251224-rcz26aey2a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/bec85fd8af4fbfba77e31da5e3cea4a51d4db92d5abdde750338133cd8957a61

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://play.google.com/store/apps/details?id=com.magice.faroff.cleaner

Comments