MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Coper
Vendor detections: 6
| SHA256 hash: | 4928c563dc610a7c968f697e4ebcda9a441d94a4abd5013c38dfa8e8b62cc4f5 |
|---|---|
| SHA3-384 hash: | 114ab2b3c8475342d8fe5490202ee197c60103b3592a02e98b1acb2dbf5db5e3dd1b3e410594eef5239eed0ae592c3c5 |
| SHA1 hash: | 0c2574193c88c35bfa70203f5bdcb73989683b94 |
| MD5 hash: | 0e6b33ba825b5e5ce5e2caa03727cd1f |
| humanhash: | aspen-romeo-colorado-aspen |
| File name: | Alertswiss_bind_sign.apk |
| Download: | download sample |
| Signature | Coper |
| File size: | 93'057'219 bytes |
| First seen: | 2024-11-14 11:33:05 UTC |
| Last seen: | Never |
| File type: | apk |
| MIME type: | application/zip |
| ssdeep | 1572864:Ay/UiFkHpKS01NL4iasXbSyaYdtUvkXQ1eYJnrHAFbPlPv5hA+1:Ay/UiFD1No3lLAVPlPR |
| TLSH | T18818F253F60988BAC996B874828BC3B2B5243C15D311A1CB7E04F925BE777D49F397A0 |
| TrID | 27.8% (.APK) Android Package (27000/1/5) 22.1% (.OXT) OpenOffice Extension (21500/1/3) 13.9% (.JAR) Java Archive (13500/1/2) 12.8% (.VYM) VYM Mind Map (12500/1/3) 10.8% (.SH3D) Sweet Home 3D design (generic) (10500/1/3) |
| Magika | apk |
| Reporter |  abuse_ch |
| Tags: | apk CHE coper geo Octo Octo2 signed |
Code Signing Certificate
| Organisation: | Android Debug |
|---|---|
| Issuer: | Android Debug |
| Algorithm: | sha1WithRSAEncryption |
| Valid from: | 2013-12-31T22:35:04Z |
| Valid to: | 2052-04-30T22:35:04Z |
| Serial number: | 232eae62 |
| Intelligence: | 107 malware samples on MalwareBazaar are signed with this code signing certificate |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | fac61745dc0903786fb9ede62a962b399f7348f0bb6f899b8332667591033b9c |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
Intelligence
File Origin
# of uploads :
1
# of downloads :
262
Origin country :
CHVendor Threat Intelligence
Result
Application Permissions
coarse (network-based) location (ACCESS_COARSE_LOCATION)
fine (GPS) location (ACCESS_FINE_LOCATION)
access location in background (ACCESS_BACKGROUND_LOCATION)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
full Internet access (INTERNET)
view network status (ACCESS_NETWORK_STATE)
prevent phone from sleeping (WAKE_LOCK)
control vibrator (VIBRATE)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
C2DM permissions (RECEIVE)
Score:
25%
Verdict:
Benign
File Type:
APK
Gathering data
Threat name:
Android.Dropper.Multiverze
Status:
Malicious
First seen:
2024-11-14 11:34:13 UTC
File Type:
Binary (Archive)
Extracted files:
13177
AV detection:
8 of 24 (33.33%)
Threat level:
3/5
Detection(s):
Suspicious file
Result
Malware family:
octo
Score:
10/10
Tags:
family:octo android banker collection credential_access discovery evasion impact infostealer persistence privilege_escalation rat trojan
Behaviour
Checks memory information
Checks the presence of a debugger
Acquires the wake lock
Queries information about active data network
Checks if the Android device is rooted.
Malware Config
C2 Extraction:
https://3900f936b3eb2b231e774ebb2524865c.de
https://4b3e469faca52fed85676f94a00f4a69.info
https://4b3e469faca52fed85676f94a00f4a69.info
Verdict:
Malicious
Tags:
apt plugx
YARA:
malware_PlugX_config
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.