MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e04946359624ca2fe38bcdd5d42ec47a429cd5dd74b8b4a0f3072759f9584ec7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Joker


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e04946359624ca2fe38bcdd5d42ec47a429cd5dd74b8b4a0f3072759f9584ec7
SHA3-384 hash: 2d23c7fbe5ac7c9d5ca29f86b18f22fbdee4a8ed0443a1a62fe82ae8f705b1204def6693b6550c515a02268ca5e1ca57
SHA1 hash: 193da35076512e1348c58478fcf2d3ed1b2ece2e
MD5 hash: 4ad68595580b6de4d39f4c12deb58bba
humanhash: mississippi-don-autumn-ohio
File name:com.stillartful.messagetext.theostime.apk
Download: download sample
Signature Joker
Create hunting rule
File size:19'172'692 bytes
First seen:2022-04-15 16:00:07 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 393216:kq3hJWgWRAgm6NMIoR/sQKBL0i4cQ8i1l/Xydf99N:kqxARJMIouDBL0tcQ8i1tC7
TLSH T1F317F147E3A4DCDBD8F885308436920E558E9DE7966A126E3D8CB3392F338C077999C5
TrID 39.4% (.APK) Android Package (38500/1/9)
30.7% (.SPE) SPSS Extension (30000/1/7)
13.8% (.JAR) Java Archive (13500/1/2)
10.7% (.SH3D) Sweet Home 3D design (generic) (10500/1/3)
4.1% (.ZIP) ZIP compressed archive (4000/1)
Reporter 500mk500
Tags:apk joker signed

Code Signing Certificate

Organisation:Android
Issuer:Android
Algorithm:sha256WithRSAEncryption
Valid from:2022-04-11T09:32:02Z
Valid to:2052-04-11T09:32:02Z
Serial number: a2fd584b708c28abc0e35104d26d6efe80620b72
Thumbprint Algorithm:SHA256
Thumbprint: 94384a129ea52c2edcbb020d8654475e832a07971eca430a0a1765ede3d87aad
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
525
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
67%
Tags:
android javadropper update.exe
Link:
https://www.filescan.io/uploads/625996c0482f2f41cab61eea/reports/fe13f17d-5087-41e1-abaf-86fb9acb2fe3/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/e04946359624ca2fe38bcdd5d42ec47a429cd5dd74b8b4a0f3072759f9584ec7
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/977470
Signature
Removes its application launcher (likely to stay hidden)
Tries to detect Android x86
Tries to detect the analysis device (e.g. the Android emulator)
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e04946359624ca2fe38bcdd5d42ec47a429cd5dd74b8b4a0f3072759f9584ec7/
Result
Malware family:
n/a
Score:
  7/10
Tags:
android
Link:
https://tria.ge/reports/220415-tf7yaabgc8/
Behaviour
Reads information about phone network operator.
Loads dropped Dex/Jar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e04946359624ca2fe38bcdd5d42ec47a429cd5dd74b8b4a0f3072759f9584ec7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:adonunix2
Create hunting rule
Author:Tim Brown @timb_machine
Description:AD on UNIX

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Joker

apk e04946359624ca2fe38bcdd5d42ec47a429cd5dd74b8b4a0f3072759f9584ec7

(this sample)

  
X
https://twitter.com/ReBensk/status/1514994223283462145
  
Dropping
Android Joker
  
Delivery method
Distributed via web download

Comments