MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ed25bcfc5703d016338dfe5579a16451fcf28cc3f2ce6f70f06daa77c63a4c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments

SHA256 hash: 0ed25bcfc5703d016338dfe5579a16451fcf28cc3f2ce6f70f06daa77c63a4c6
SHA3-384 hash: 0e7e43eb960ad70a6acbbcd4fd729a8e07f893bc013ea7ad01d19879c0dc4bd7aa76f7d6b98096cd8d0528cdc95c6283
SHA1 hash: 8556f954a57edc8a26e6a369c2901f02ca656c58
MD5 hash: 01ba4eb8f9effd30c8e13c6f8244b285
humanhash: september-zulu-early-arkansas
File name:payload.apk
Download: download sample
File size:8'293'247 bytes
First seen:2026-07-01 21:43:50 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 196608:bae8uhy4Z05CQ11F3fcBwbCE8BOM3O86QOz/OzXtOJ0:DKQQ93CwASL9z1J0
TLSH T17586F0C6FBD95C2FD8732475C65A22B1A6125C158B92DFC75A04B218787B2E88F3DBC0
TrID 50.0% (.APK) Android Package (27000/1/5)
23.1% (.VYM) VYM Mind Map (12500/1/3)
19.4% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
7.4% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter BastianHein
Tags:apk

Intelligence


File Origin
# of uploads :
1
# of downloads :
66
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 crypto evasive fingerprint persistence signed
Result
Application Permissions
read phone state and identity (READ_PHONE_STATE)
directly call phone numbers (CALL_PHONE)
send SMS messages (SEND_SMS)
receive SMS (RECEIVE_SMS)
read SMS or MMS (READ_SMS)
take pictures and videos (CAMERA)
display system-level alerts (SYSTEM_ALERT_WINDOW)
full Internet access (INTERNET)
view network status (ACCESS_NETWORK_STATE)
prevent phone from sleeping (WAKE_LOCK)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
Verdict:
Malicious
File Type:
apk
First seen:
2026-07-01T18:38:00Z UTC
Last seen:
2026-07-01T18:42:00Z UTC
Hits:
~10
Threat name:
Android.Trojan.Generic
Status:
Suspicious
First seen:
2026-07-01 21:45:30 UTC
File Type:
Binary (Archive)
Extracted files:
977
AV detection:
8 of 36 (22.22%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
android collection credential_access evasion impact
Behaviour
Checks CPU information
Checks memory information
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:telebot_framework
Author:vietdx.mb
Rule name:telegram_bot_api
Author:rectifyq
Description:Detects file containing Telegram Bot API

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments