MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02cd74a277a19ef59375d44e6111c5c887a2dd2313a2a7129c98e5967dc69ecc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Coper

Vendor detections: 9

Intelligence 9 IOCs YARA 9 File information Comments

SHA256 hash:	02cd74a277a19ef59375d44e6111c5c887a2dd2313a2a7129c98e5967dc69ecc
SHA3-384 hash:	d016639a9818c6d1987afce5d1f55659486ce62d1fbb3fba2b3654bfb3dc51d0f492174b01fdd2b9f7844eafd0164f0a
SHA1 hash:	fbbe80024951667d99d8ceacd7a3d34e11d6d214
MD5 hash:	c3a986a3b5d32e2bd069fd24aaa64698
humanhash:	one-alabama-three-north
File name:	Chrome.apk
Download:	download sample
Signature	Coper Create hunting rule
File size:	1'014'194 bytes
First seen:	2025-12-30 12:25:15 UTC
Last seen:	2025-12-30 12:34:44 UTC
File type:	apk
MIME type:	application/zip
ssdeep	12288:/Muq+CoqedaTWwXKNEUwwSIE3CA2zOH61MH25FHyWf2hA/OBunD3++UjwuDrhL0p:fM325F/fea/UjwuDc0Vk
TLSH	T1C2259E53F60D6B21EF747A342CEBD10E5B0AA9CA2C65030FC91E7BDB00815E35DBA55A
TrID	72.4% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3) 27.5% (.ZIP) ZIP compressed archive (4000/1)
Magika	apk
Reporter	malwaress
Tags:	apk Chrome coper HGS

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Trojan-Dropper.AndroidOS.Agent.32672.1523.UNOFFICIAL

SecuriteInfo.com.PUA.Android.BaiduProtect-2.UNOFFICIAL

SecuriteInfo.com.Trojan-Banker.AndroidOS.Octo-1.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

android baiduprotection base64 invalid-signature obfuscated obfuscated packed signed

Link:

https://www.filescan.io/uploads/6953cac98d1aa9829e272f03/reports/ff3ffc77-8228-40fa-9405-f27bed26ebd4/overview

Result

Link:

https://incinerator.cloud/#/public/report/c3a986a3b5d32e2bd069fd24aaa64698/detail

Application Permissions

read phone state and identity (READ_PHONE_STATE)

send SMS messages (SEND_SMS)

directly call phone numbers (CALL_PHONE)

modify global system settings (WRITE_SETTINGS)

read external storage contents (READ_EXTERNAL_STORAGE)

read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)

add voicemails into the system (ADD_VOICEMAIL)

receive SMS (RECEIVE_SMS)

read SMS or MMS (READ_SMS)

prevent phone from sleeping (WAKE_LOCK)

control vibrator (VIBRATE)

change your audio settings (MODIFY_AUDIO_SETTINGS)

view Wi-Fi status (ACCESS_WIFI_STATE)

view network status (ACCESS_NETWORK_STATE)

reorder applications running (REORDER_TASKS)

allow use of fingerprint (USE_FINGERPRINT)

measure application storage space (GET_PACKAGE_SIZE)

automatically start at boot (RECEIVE_BOOT_COMPLETED)

full Internet access (INTERNET)

modify battery statistics (BATTERY_STATS)

delete all application cache data (CLEAR_APP_CACHE)

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/02cd74a277a19ef59375d44e6111c5c887a2dd2313a2a7129c98e5967dc69ecc

Details

Base64 Encoded URL

Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.

Verdict:

Malicious

File Type:

apk

First seen:

2025-02-24T10:41:00Z UTC

Last seen:

2025-12-30T23:57:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/02cd74a277a19ef59375d44e6111c5c887a2dd2313a2a7129c98e5967dc69ecc/results?tab=lookup

Score:

100%

Verdict:

Malware

File Type:

APK

Link:

https://malprob.io/report/02cd74a277a19ef59375d44e6111c5c887a2dd2313a2a7129c98e5967dc69ecc

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/02cd74a277a19ef59375d44e6111c5c887a2dd2313a2a7129c98e5967dc69ecc/

Threat name:

Android.Trojan.Coper

Status:

Malicious

First seen:

2025-03-25 12:00:00 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

22 of 38 (57.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=algxjitxugpple3v2rhgceofzcd2fxjdcorkoeu4tdszm7ogt3ga._file

Result

Malware family:

octo

Score:

10/10

Tags:

family:octo

Link:

https://tria.ge/reports/251230-p3hjpaek9v/

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/700a9ba5-ae1b-4d5e-bfc1-dcc952b0c5f4

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/02cd74a277a19ef59375d44e6111c5c887a2dd2313a2a7129c98e5967dc69ecc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	elf_arm_mips_ko_so Create hunting rule

Rule name:	enterpriseapps2 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Enterprise apps

Rule name:	F01_s1ckrule Create hunting rule
Author:	s1ckb017

Rule name:	ldpreload Create hunting rule
Author:	xorseed
Reference:	https://stuff.rop.io/

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample