MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31e9a48dd02a09be882dad7be8f2c8d7bcfb64a643bbc90240061a7446827163. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31e9a48dd02a09be882dad7be8f2c8d7bcfb64a643bbc90240061a7446827163
SHA3-384 hash: 6bddba780eaf04b7a81c1874b02a0fabccdb775f6eff959857e722b6b8a51001f50ff6f1ca6c35e743cab23c319c97a3
SHA1 hash: 93e35c02866ddb06ff42859b944928533d7396ab
MD5 hash: 3c5b0f54daf07b5baa5ba2bd63cdc079
humanhash: romeo-lamp-queen-zebra
File name:FRS01.apk
Download: download sample
File size:11'413'564 bytes
First seen:2026-01-05 10:13:46 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 196608:tTUeoX3jWAWYZKqp5GDmou9F3i9ob9BGDFQoyMlM4EZgvl/cZ/:9Uh3jWAlZKqT+W4ab9gJOMlJ4ol+
TLSH T100B6128AF76C9A2FC4731072CC5A5233966B4E1287429747794C372C79772E88F69BC8
TrID 40.0% (.APK) Android Package (27000/1/5)
20.0% (.JAR) Java Archive (13500/1/2)
18.5% (.VYM) VYM Mind Map (12500/1/3)
15.5% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
5.9% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter juroots
Tags:apk signed

Code Signing Certificate

Organisation:kfghd
Issuer:kfghd
Algorithm:sha256WithRSAEncryption
Valid from:2024-06-01T08:32:37Z
Valid to:2049-05-26T08:32:37Z
Serial number: 01
Intelligence: 416 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 33eccafff412cd1b5f2e8a9ba5e84ef077f4f6ef83733aa660d4d352a38c215e
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
android evasive expand fingerprint generisk jiagu lolbin obfuscated packed signed unsafe
Link:
https://www.filescan.io/uploads/695b8f00127d6a14e0d0aa3a/reports/64bdd4ba-6a85-484a-bbe2-3b53498fde16/overview
Result
Link:
https://incinerator.cloud/#/public/report/3c5b0f54daf07b5baa5ba2bd63cdc079/detail
Application Permissions
mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
read external storage contents (READ_EXTERNAL_STORAGE)
read phone state and identity (READ_PHONE_STATE)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
coarse (network-based) location (ACCESS_COARSE_LOCATION)
full Internet access (INTERNET)
view network status (ACCESS_NETWORK_STATE)
view Wi-Fi status (ACCESS_WIFI_STATE)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/31e9a48dd02a09be882dad7be8f2c8d7bcfb64a643bbc90240061a7446827163
Verdict:
Unknown
File Type:
apk
Link:
https://opentip.kaspersky.com/31e9a48dd02a09be882dad7be8f2c8d7bcfb64a643bbc90240061a7446827163/results?tab=lookup
Score:
51%
Verdict:
Susipicious
File Type:
APK
Link:
https://malprob.io/report/31e9a48dd02a09be882dad7be8f2c8d7bcfb64a643bbc90240061a7446827163
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/31e9a48dd02a09be882dad7be8f2c8d7bcfb64a643bbc90240061a7446827163/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ghu2jdoqfie35cbnvv56r4wi266pwzfgio54sasaaynhirucofrq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
android evasion
Link:
https://tria.ge/reports/260105-l9w4wazjgj/
Behaviour
Loads dropped Dex/Jar
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d358382a-9a7c-4cc3-a5bd-6307251044ec
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/31e9a48dd02a09be882dad7be8f2c8d7bcfb64a643bbc90240061a7446827163

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 31e9a48dd02a09be882dad7be8f2c8d7bcfb64a643bbc90240061a7446827163

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3750616/
  
Delivery method
Distributed via web download

Comments