MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56679371238189900ee51d582dc3123faa7c8e2f19cbdeddd17d6803037ef28c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	56679371238189900ee51d582dc3123faa7c8e2f19cbdeddd17d6803037ef28c
SHA3-384 hash:	7259071453c7537f45d29eb243d0d7ac20b37adfa76623a338a92b899f62a9881c97db9311c034b59a1c09b1b96d238a
SHA1 hash:	00af7999c95f0698239e1e227dedafb8be3892ab
MD5 hash:	e6ece4cfe94dade686c212fa8bda83e0
humanhash:	item-july-oranges-shade
File name:	tgcn341.apk
Download:	download sample
File size:	53'980'968 bytes
First seen:	2025-03-25 02:23:43 UTC
Last seen:	Never
File type:	apk
MIME type:	application/zip
ssdeep	1572864:o40oq0wXQNrRxDzzCGh5Qe54gx0q9TdeStO1:oLoqtydlWeQe5RCaK1
TLSH	T1E4C722E3F3348C3DC977067282AA6171E9284F15A712B21F780CB72DB9772D24A857E5
TrID	60.6% (.APK) Android Package (27000/1/5) 30.3% (.JAR) Java Archive (13500/1/2) 8.9% (.ZIP) ZIP compressed archive (4000/1)
Magika	apk
Reporter	Cedar0190
Tags:	android apk FakeApp phishing trojan

iori_hotaru7532

https://telegrn.org/apps.html
Phishing page→Fake Telegram Android app.

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

548

Origin country :

US

Vendor Threat Intelligence

FileScan.IO Likely Malicious

Verdict:

Likely Malicious

Threat level:

  7.5/10

Confidence:

100%

Tags:

crypto evasive fingerprint lolbin persistence remote signed

Link:

https://www.filescan.io/uploads/67e213cdc26eb3fd74f5d45d/reports/f80ce914-c78a-4e1d-b22f-46015c034c47/overview

Incinerator Dangerous

Result

Link:

https://incinerator.cloud/#/public/report/e6ece4cfe94dade686c212fa8bda83e0/detail

Application Permissions

modify global system settings (WRITE_SETTINGS)

read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)

access location in background (ACCESS_BACKGROUND_LOCATION)

coarse (network-based) location (ACCESS_COARSE_LOCATION)

fine (GPS) location (ACCESS_FINE_LOCATION)

access any geographic locations (ACCESS_MEDIA_LOCATION)

directly call phone numbers (CALL_PHONE)

record audio (RECORD_AUDIO)

read external storage contents (READ_EXTERNAL_STORAGE)

list accounts (GET_ACCOUNTS)

read contact data (READ_CONTACTS)

write contact data (WRITE_CONTACTS)

manage the accounts list (MANAGE_ACCOUNTS)

read the user's personal profile data (READ_PROFILE)

act as an account authenticator (AUTHENTICATE_ACCOUNTS)

display system-level alerts (SYSTEM_ALERT_WINDOW)

read phone state and identity (READ_PHONE_STATE)

take pictures and videos (CAMERA)

Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)

show app notification (READ_APP_BADGE)

full Internet access (INTERNET)

change your audio settings (MODIFY_AUDIO_SETTINGS)

view network status (ACCESS_NETWORK_STATE)

view Wi-Fi status (ACCESS_WIFI_STATE)

prevent phone from sleeping (WAKE_LOCK)

write sync settings (WRITE_SYNC_SETTINGS)

read sync settings (READ_SYNC_SETTINGS)

control vibrator (VIBRATE)

automatically start at boot (RECEIVE_BOOT_COMPLETED)

allow use of fingerprint (USE_FINGERPRINT)

create Bluetooth connections (BLUETOOTH)

C2DM permissions (RECEIVE)

InQuest UNKNOWN

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/56679371238189900ee51d582dc3123faa7c8e2f19cbdeddd17d6803037ef28c

Nucleon Malprob Susipicious

Score:

34%

Verdict:

Susipicious

File Type:

APK

Link:

https://malprob.io/report/56679371238189900ee51d582dc3123faa7c8e2f19cbdeddd17d6803037ef28c

CERT.PL MWDB

Gathering data

ReversingLabs TitaniumCloud Android.Trojan.Generic

Threat name:

Android.Trojan.Generic

Alert

Create hunting rule

Status:

Suspicious

First seen:

2025-03-25 11:54:55 UTC

AV detection:

8 of 38 (21.05%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kztzg4jdqgezadxfdvmc3qysh6vhzdrpdhf55xorpvuaga366kga._file

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

android collection defense_evasion discovery impact persistence

Link:

https://tria.ge/reports/250325-cvsy8ssry5/

Behaviour

Checks CPU information

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Acquires the wake lock

Queries information about active data network

Checks known Qemu pipes.

Queries account information for other applications stored on the device

Reads the contacts stored on the device.

Reads the content of photos stored on the user's device.

Unexpected DNS network traffic destination

Threat.Zone Informative

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/0bc58d1c-487d-4a99-bbb4-4cdf906b84c9

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.