MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28aea3958aa8c2290c5131bb19c5713c851b56389bcb13799b9f8b73efe57e1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 28aea3958aa8c2290c5131bb19c5713c851b56389bcb13799b9f8b73efe57e1f
SHA3-384 hash: bc89f63997ddde1b40dbf6b5a548b68dfcc21076ba03bb4034d44ce224615e6cfbb164d1e65e3f7af023f28f4bc90bb3
SHA1 hash: 8bb135500332f33eccb2e344bbba8c406184a3c9
MD5 hash: 50678c314ccabcfcfafd0b133fc6b400
humanhash: lima-fish-skylark-nebraska
File name:yeni.apk
Download: download sample
File size:811'585 bytes
First seen:2020-11-20 06:38:47 UTC
Last seen:Never
File type: apk
MIME type:application/java-archive
ssdeep 12288:cOd4S4a1a8Lde4xfmB9z9gI2eU15WmpYshXZPbGwidNpgm:Rf4a1a6eA29GJeU15WmD9idNph
TLSH A5057C86FB4AF863C5F3C6364679C66AD6464C144B47DB871A85723C0ABBBC08B45FC8
Reporter JoulK
Tags:apk ShadowVoice

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/28aea3958aa8c2290c5131bb19c5713c851b56389bcb13799b9f8b73efe57e1f/
Threat name:
Android.Trojan.SpyNote
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 18:27:21 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
banker
Link:
https://tria.ge/reports/201120-hz39xzfjj6/
Behaviour
Suspicious use of android.app.ActivityManager.getRunningServices
Tries to add a device administrator.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 28aea3958aa8c2290c5131bb19c5713c851b56389bcb13799b9f8b73efe57e1f

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/835823/

Comments


Avatar
Joul Kouchakji commented on 2020-11-20 06:40:17 UTC

https://www.apklab.io/apk.html?id=14705670