MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15cd5bbbdb9e5f980043bcc849a66c8fb77ba4af44dacfdc653e2488622b2408. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



FantasyHub


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash: 15cd5bbbdb9e5f980043bcc849a66c8fb77ba4af44dacfdc653e2488622b2408
SHA3-384 hash: 8227076e28de98d6446c536b13bed092242610cb43ffcf6576573f8a5a0283c5648527153c41fb4d29bc4839394d8f54
SHA1 hash: 7337390ec0f9295188b447e405a28f6cf9604036
MD5 hash: c2b8c31f78596501d1c08e2088ff0429
humanhash: robert-eight-florida-montana
File name:chiken.apk
Download: download sample
Signature FantasyHub
File size:7'318'186 bytes
First seen:2026-07-01 21:43:05 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 196608:UAQlEJfbk00qJNQk6FWE9JIKXFtunVhDNGC:UAAUkNQQkhE9JIo8V/GC
TLSH T127762386F728013FC5B644724AA6033167678D2A4ED7AB4B2988772C9D7760C0F6EFC5
TrID 49.0% (.APK) Android Package (27000/1/5)
24.5% (.JAR) Java Archive (13500/1/2)
19.0% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
7.2% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter BastianHein
Tags:apk FantasyHub signed

Code Signing Certificate

Organisation:chiken
Issuer:chiken
Algorithm:sha384WithRSAEncryption
Valid from:2026-02-05T19:52:52Z
Valid to:2080-11-08T19:52:52Z
Serial number: 018f2938bfb66941
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 0d5965a2316fbf2491432ad5922010fb2adc8919c2ae892cdc717ec02f2f9a25
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence


File Origin
# of uploads :
1
# of downloads :
84
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bankingtrojan base64 crypto evasive expand fingerprint invalid-signature lolbin obfuscated persistence signed
Result
Application Permissions
receive MMS (RECEIVE_MMS)
read phone state and identity (READ_PHONE_STATE)
act as an account authenticator (AUTHENTICATE_ACCOUNTS)
directly call phone numbers (CALL_PHONE)
receive WAP (RECEIVE_WAP_PUSH)
receive SMS (RECEIVE_SMS)
read SMS or MMS (READ_SMS)
edit SMS or MMS (WRITE_SMS)
read contact data (READ_CONTACTS)
send SMS messages (SEND_SMS)
measure application storage space (GET_PACKAGE_SIZE)
write sync settings (WRITE_SYNC_SETTINGS)
reorder applications running (REORDER_TASKS)
read sync statistics (READ_SYNC_STATS)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
view network status (ACCESS_NETWORK_STATE)
read sync settings (READ_SYNC_SETTINGS)
prevent phone from sleeping (WAKE_LOCK)
full Internet access (INTERNET)
C2DM permissions (RECEIVE)
Verdict:
Malicious
File Type:
apk
First seen:
2026-07-01T18:55:00Z UTC
Last seen:
2026-07-03T00:51:00Z UTC
Hits:
~10
Threat name:
Android.Trojan.AVerseFalc
Status:
Malicious
First seen:
2026-07-01 21:44:51 UTC
File Type:
Binary (Archive)
Extracted files:
648
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Result
Malware family:
fantasyhub
Score:
  10/10
Tags:
family:fantasyhub infostealer rat trojan
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:telebot_framework
Author:vietdx.mb

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments