MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00b8a464947aab72651801844d303c15481af26506028cc483eb00297b39bc95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00b8a464947aab72651801844d303c15481af26506028cc483eb00297b39bc95
SHA3-384 hash: ccd3d4bde49748bee3429ffac5bca2fb6cd7bc71d68f8ab52db3c27dd395d6ec142941c381d4a20164a48c051ae19e23
SHA1 hash: 9bada11d92f0e5aa55de54937e811cf5d831f8ff
MD5 hash: 96c2b215bc929fca8b7651e749d4a6e7
humanhash: freddie-paris-michigan-colorado
File name:بازی سکسی3.apk
Download: download sample
File size:3'741'305 bytes
First seen:2022-10-12 23:59:20 UTC
Last seen:Never
File type: apk
MIME type:application/java-archive
ssdeep 98304:zz7UhEN2DHG81EJNGwAM1kikTbwY4mPBAK788:z/UhHEXXActkTbwsPBAKI8
TLSH T1CE063331EEEA4071E967A83DC6458883205756344E6BFA3B9575D2CD0CAFD282B07F6C
TrID 61.1% (.APK) Android Package (38500/1/9)
21.4% (.JAR) Java Archive (13500/1/2)
9.5% (.KMZ) Google Earth saved working session (6000/1/1)
6.3% (.ZIP) ZIP compressed archive (4000/1)
1.5% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter onecert_ir
Tags:android apk Dnotua signed

Code Signing Certificate

Organisation:Android
Issuer:Android
Algorithm:sha1WithRSAEncryption
Valid from:2008-02-29T01:33:46Z
Valid to:2035-07-17T01:33:46Z
Serial number: 936eacbe07f201df
Intelligence: 1699 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
onecert_ir
Tool.Dnotua.Android

Intelligence

File Origin
# of uploads :
1
# of downloads :
970
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.not-a-virus.HEUR.RiskTool.AndroidOS.Dnotua.awak.14166.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6347550467135c9da246a7a0/reports/3f93c09e-f493-410a-87e6-1b03655715f5/overview
Result
Link:
https://incinerator.cloud/#/public/report/96c2b215bc929fca8b7651e749d4a6e7/detail
Application Permissions
view network status (ACCESS_NETWORK_STATE)
full Internet access (INTERNET)
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/00b8a464947aab72651801844d303c15481af26506028cc483eb00297b39bc95
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1089239
Signature
Antivirus / Scanner detection for submitted sample
Drops a new APK file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00b8a464947aab72651801844d303c15481af26506028cc483eb00297b39bc95/
Threat name:
Android.PUA.Dnotua
Create hunting rule
Status:
Malicious
First seen:
2022-10-13 00:00:13 UTC
File Type:
Binary (Archive)
Extracted files:
125
AV detection:
9 of 23 (39.13%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ac4kizeupkvxeziyagce2mb4cvebv4tfaybizred5macs6zzxskq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
android
Link:
https://tria.ge/reports/221013-aabhcaaael/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.36
Link:
https://yomi.yoroi.company/submissions/00b8a464947aab72651801844d303c15481af26506028cc483eb00297b39bc95

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropping
Dnotua
  
Delivery method
Distributed via drive-by

Comments