MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 101f6114b5e58fb2a91edce434a493e683a66b997e2b4c5edbae4c3847e40593. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 101f6114b5e58fb2a91edce434a493e683a66b997e2b4c5edbae4c3847e40593
SHA3-384 hash: e0f78a76812165252338afbc53f44835185fa11112a66d72a4816b89d9c8870faf1fa57f13f5b88af353cc4906f8314c
SHA1 hash: 5ea1ba87921f0325e977f0e4a21068013d0309a1
MD5 hash: a401d9e1d57dc3e2b590915bdada065e
humanhash: blossom-jig-mockingbird-don
File name:com_memz (13).apk
Download: download sample
File size:17'623'233 bytes
First seen:2025-07-24 19:19:44 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 393216:3555MXYSnF44b4R08o3g3PFmvcHFJIMK/qYXIn0ETM2X:kF4P0i3NfJK1NEf
TLSH T180070196FB19EA5AC1FF93329975113664060C208B47D6F73A04737C28F79D1CB8AAD8
TrID 49.0% (.APK) Android Package (27000/1/5)
24.5% (.JAR) Java Archive (13500/1/2)
19.0% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
7.2% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter Skankhunt42
Tags:apk fake signed trojan

Code Signing Certificate

Organisation:www.appyet.com
Issuer:www.appyet.com
Algorithm:sha1WithRSAEncryption
Valid from:2025-07-24T15:37:58Z
Valid to:2075-07-24T15:37:58Z
Serial number: e9f08e8647c95528
Thumbprint Algorithm:SHA256
Thumbprint: 34801465f537255b2dc9b4cc3f7a5f90c0422b0189644637c3ef82da8b5c6db3
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
Skankhunt42
I made this as well

Intelligence

File Origin
# of uploads :
1
# of downloads :
170
Origin country :
GB GB
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
base64 crypto evasive fingerprint persistence signed smb
Link:
https://www.filescan.io/uploads/6882878512460d69546153ce/reports/3a78fe9b-19d7-4f48-9d2c-a67bf5442622/overview
Result
Link:
https://incinerator.cloud/#/public/report/a401d9e1d57dc3e2b590915bdada065e/detail
Application Permissions
full Internet access (INTERNET)
view Wi-Fi status (ACCESS_WIFI_STATE)
view network status (ACCESS_NETWORK_STATE)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
prevent phone from sleeping (WAKE_LOCK)
control vibrator (VIBRATE)
control flashlight (FLASHLIGHT)
C2DM permissions (RECEIVE)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/101f6114b5e58fb2a91edce434a493e683a66b997e2b4c5edbae4c3847e40593
Score:
3%
Verdict:
Benign
File Type:
APK
Link:
https://malprob.io/report/101f6114b5e58fb2a91edce434a493e683a66b997e2b4c5edbae4c3847e40593
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/101f6114b5e58fb2a91edce434a493e683a66b997e2b4c5edbae4c3847e40593/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=capwcffv4wh3fki63tsdjjet42b2m24zpyvuyxw3vzgdqr7eawjq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
android collection credential_access defense_evasion discovery evasion execution impact persistence
Link:
https://tria.ge/reports/250724-x2eemssny4/
Behaviour
Checks CPU information
Checks memory information
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Uses Crypto APIs (Might try to encrypt user data)
Acquires the wake lock
Makes use of the framework's foreground persistence service
Queries information about active data network
Queries the mobile country code (MCC)
Reads information about phone network operator.
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/42839581-8f55-409e-926b-23539f6575ef
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/101f6114b5e58fb2a91edce434a493e683a66b997e2b4c5edbae4c3847e40593

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:strrat_jar_v1
Create hunting rule
Author:RandomMalware
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments