MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f2ef1d5e36b81deb3e296da1ca0544e89e17c5f2bf3cfc3c8253d58d295bb51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	2f2ef1d5e36b81deb3e296da1ca0544e89e17c5f2bf3cfc3c8253d58d295bb51
SHA3-384 hash:	22d7394f3b9453b166aa17d66c63ae71b5c281b47923a1c7f4ceee626c15cd4dee2123a02755b78d2a5374613074060f
SHA1 hash:	d95214bfaca08ac41fe67bc3f17efbcce3cbf2a0
MD5 hash:	c12b3a8538e68b1d4812bda3859e67c0
humanhash:	west-robin-november-charlie
File name:	Видео.apk
Download:	download sample
Signature	LazarusStealer Alert Create hunting rule
File size:	5'428'767 bytes
First seen:	2025-11-21 09:06:00 UTC
Last seen:	Never
File type:	apk
MIME type:	application/zip
ssdeep	98304:zg6UDPHOIreOTUxF06AjNzwNEoS3+sn25eAQYLwF2+KaylQ8CqddboTwrWOsbb:zgHDPuIrevA6szwNETuk25elYMEFQIdK
TLSH	T14246D0D6E7C8999EC4FB5772C83A62E111474D26CB439E839D28723C38B71E01E59BD8
TrID	46.2% (.VYM) VYM Mind Map (12500/1/3) 38.8% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3) 14.8% (.ZIP) ZIP compressed archive (4000/1)
Magika	apk
Reporter	juroots
Tags:	apk LazarusStealer

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

155

Origin country :

IL

Vendor Threat Intelligence

ACCE Unknown

No detections

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

expand lolbin signed

Link:

https://www.filescan.io/uploads/69202c4b7d011c9c3a481455/reports/61f27f4c-b1ae-43d4-8953-3e3292fbaba7/overview

Incinerator Dangerous

Result

Link:

https://incinerator.cloud/#/public/report/c12b3a8538e68b1d4812bda3859e67c0/detail

Application Permissions

receive SMS (RECEIVE_SMS)

read SMS or MMS (READ_SMS)

send SMS messages (SEND_SMS)

read phone state and identity (READ_PHONE_STATE)

read contact data (READ_CONTACTS)

modify global system settings (WRITE_SETTINGS)

full Internet access (INTERNET)

automatically start at boot (RECEIVE_BOOT_COMPLETED)

view network status (ACCESS_NETWORK_STATE)

prevent phone from sleeping (WAKE_LOCK)

show app notification (READ_APP_BADGE)

modify phone status (MODIFY_PHONE_STATE)

InQuest UNKNOWN

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/2f2ef1d5e36b81deb3e296da1ca0544e89e17c5f2bf3cfc3c8253d58d295bb51

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

apk

First seen:

2025-11-20T22:36:00Z UTC

Last seen:

2025-11-22T13:59:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/2f2ef1d5e36b81deb3e296da1ca0544e89e17c5f2bf3cfc3c8253d58d295bb51/results?tab=lookup

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

APK

Link:

https://malprob.io/report/2f2ef1d5e36b81deb3e296da1ca0544e89e17c5f2bf3cfc3c8253d58d295bb51

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2f2ef1d5e36b81deb3e296da1ca0544e89e17c5f2bf3cfc3c8253d58d295bb51/

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=f4xpdvpdnoa55m7cs3nbzicuj2e6c7c7fpz47q6ieu6vruuvxniq._file

Hatching Triage lazarus_stealer

Result

Malware family:

lazarus_stealer

Alert

Create hunting rule

Score:

  10/10

Tags:

family:lazarus_stealer android banker collection evasion impact infostealer trojan

Link:

https://tria.ge/reports/251121-k4kyzsdn71/

Behaviour

Uses Crypto APIs (Might try to encrypt user data)

Requests changing the default SMS application.

Loads dropped Dex/Jar

LazarusStealer

Lazarus_stealer family

Malware Config

C2 Extraction:

http://23.94.126.153:1133/check_version
http://23.94.126.153:1133/send_file

Threat.Zone Unknown

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/870219ba-587b-482f-88ff-a0828f2dbaa5

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.