MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 200cf6e828ceecf44add627d97c0a893a517d8e318047b760c339b1572a0b303. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA 2 File information Comments

SHA256 hash:	200cf6e828ceecf44add627d97c0a893a517d8e318047b760c339b1572a0b303
SHA3-384 hash:	7d1560014d4f0f48784531e48687dce5fb3fac4cb74f4775ac89fcb6c81a1cf380a964b136a3a2b16c543a084cf129dd
SHA1 hash:	49cd75f87114f46f9c018fc6108b452e5173a839
MD5 hash:	fe9a004870ead6f94ef1a2e09cd6a96a
humanhash:	social-two-neptune-stairway
File name:	tv-latest.apk
Download:	download sample
File size:	16'116'204 bytes
First seen:	2023-06-18 02:47:12 UTC
Last seen:	2023-07-11 02:34:21 UTC
File type:	apk
MIME type:	application/zip
ssdeep	393216:HA5R/aKusSqjWWd4LQaJqtBqZqV7IlNg0vEso:HATBuZWRaJqTqZsIw08p
TLSH	T19BF612D3B7D85829C07642B3884E36A5666B4D25AA03AEC7390C3BEC2DF36D45F11BD4
TrID	33.1% (.APK) Android Package (32500/1/6) 30.6% (.SPE) SPSS Extension (30000/1/7) 13.7% (.JAR) Java Archive (13500/1/2) 10.7% (.SH3D) Sweet Home 3D design (generic) (10500/1/3) 6.6% (.GL) GRASP animation (6508/7/3)
Reporter	tenacioustek
Tags:	android apk signed stalkerware

Code Signing Certificate

Organisation:	c
Issuer:	c
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-01-12T12:59:13Z
Valid to:	2047-01-06T12:59:13Z
Serial number:	5c35cc6f
Intelligence:	10 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	726e43f130a14a449eab3bd705c64c329a5f281e21567fd9337df4797461fed1
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

501

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.PUA-Monitor.AndroidOS.Trackop.24296.16629.UNOFFICIAL

SecuriteInfo.com.not-a-virus.HEUR.Monitor.AndroidOS.TrackView.c.2648.16768.UNOFFICIAL

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/648e7063f30836c46e1dfc90/reports/02bea650-f551-4f26-b64e-c893367c71c8/overview

Result

Link:

https://incinerator.cloud/#/public/report/fe9a004870ead6f94ef1a2e09cd6a96a/detail

Application Permissions

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/200cf6e828ceecf44add627d97c0a893a517d8e318047b760c339b1572a0b303

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw.evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1256724

Signature

Multi AV Scanner detection for submitted file

Removes its application launcher (likely to stay hidden)

Requests to ignore battery optimizations

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/200cf6e828ceecf44add627d97c0a893a517d8e318047b760c339b1572a0b303/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=eagpn2biz3wpisw5mj6zpqfisosrpwhddachw5qmgonrk4vawmbq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

android

Link:

https://tria.ge/reports/230618-dafc3sef8s/

Behaviour

Reads information about phone network operator.

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/200cf6e828ceecf44add627d97c0a893a517d8e318047b760c339b1572a0b303

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	SUSP_Websites Create hunting rule
Author:	SECUINFRA Falcon Team
Description:	Detects the reference of suspicious sites that might be used to download further malware

Rule name:	yara_template Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 200cf6e828ceecf44add627d97c0a893a517d8e318047b760c339b1572a0b303

(this sample)

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample