MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 59e3df379d1bee477da8acee2283d64762b777d8f8ade123f98469ffa127ea9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 59e3df379d1bee477da8acee2283d64762b777d8f8ade123f98469ffa127ea9b |
|---|---|
| SHA3-384 hash: | 1674c81ea2a1c4915be8e36fa771e9ecd793b94cc8ca51ab93bfbf05b929e835b3a452f5e3506505199090b330a15c2a |
| SHA1 hash: | c9b7fc8ce1dd69907d5b4f19b1aae183dc749181 |
| MD5 hash: | c70edb78f62de9bbf17890d01e4a10ef |
| humanhash: | louisiana-oregon-victor-burger |
| File name: | 炬客AI_5.0_20251115_214144.apk |
| Download: | download sample |
| File size: | 2'667'845 bytes |
| First seen: | 2025-12-09 07:13:48 UTC |
| Last seen: | Never |
| File type: | apk |
| MIME type: | application/zip |
| ssdeep | 49152:JNhLYXnmSdaEqXjQ5zAfQOCNYr+cb9uBhOvlo0Mas/FmWF:JSmAaEqnQOCNYachuivlo9f/ |
| TLSH | T12AC533FEC9B91471C2E8C5F109A2B523A4D7DAC1E4908C0A8476C7A078D9ED6C597EF3 |
| TrID | 60.6% (.APK) Android Package (27000/1/5) 30.3% (.JAR) Java Archive (13500/1/2) 8.9% (.ZIP) ZIP compressed archive (4000/1) |
| Magika | apk |
| Reporter |  juroots |
| Tags: | apk signed |
Code Signing Certificate
| Organisation: | jukeAI jpw |
|---|---|
| Issuer: | jukeAI jpw |
| Algorithm: | sha256WithRSAEncryption |
| Valid from: | 2025-11-15T13:41:44Z |
| Valid to: | 2045-03-17T13:41:44Z |
| Serial number: | 6ae8d41c |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | 1431424d392c573507e84f28022b30842dbefabe029865b0af4a232c6986d821 |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
Intelligence
File Origin
# of uploads :
1
# of downloads :
208
Origin country :
CHVendor Threat Intelligence
No detections
Detection(s):
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
base64 crypto evasive fingerprint signed
Result
Application Permissions
display system-level alerts (SYSTEM_ALERT_WINDOW)
mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
fine (GPS) location (ACCESS_FINE_LOCATION)
coarse (network-based) location (ACCESS_COARSE_LOCATION)
retrieve running applications (GET_TASKS)
read external storage contents (READ_EXTERNAL_STORAGE)
read phone state and identity (READ_PHONE_STATE)
Allows an application a broad access to external storage in scoped storage (MANAGE_EXTERNAL_STORAGE)
record audio (RECORD_AUDIO)
take pictures and videos (CAMERA)
access any geographic locations (ACCESS_MEDIA_LOCATION)
full Internet access (INTERNET)
view network status (ACCESS_NETWORK_STATE)
prevent phone from sleeping (WAKE_LOCK)
view Wi-Fi status (ACCESS_WIFI_STATE)
control vibrator (VIBRATE)
change your audio settings (MODIFY_AUDIO_SETTINGS)
change your UI settings (CHANGE_CONFIGURATION)
Result
Verdict:
UNKNOWN
Link:
Verdict:
Unknown
File Type:
apk
First seen:
2025-12-09T06:22:00Z UTC
Last seen:
2025-12-09T06:37:00Z UTC
Hits:
~10
Score:
66%
Verdict:
Susipicious
File Type:
APK
Threat name:
Android.Trojan.Generic
Status:
Suspicious
First seen:
2025-12-09 07:15:31 UTC
File Type:
Binary (Archive)
Extracted files:
29
AV detection:
6 of 24 (25.00%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
7/10
Tags:
android collection credential_access discovery impact
Behaviour
Checks CPU information
Checks memory information
Uses Crypto APIs (Might try to encrypt user data)
Queries information about active data network
Obtains sensitive information copied to the device clipboard
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | apk_flubot_w0 |
|---|---|
| Author: | Thomas Barabosch, Telekom Security |
| Description: | matches on dumped, decrypted V/DEX files of Flubot version > 4.2 |
| Rule name: | CP_Script_Inject_Detector |
|---|---|
| Author: | DiegoAnalytics |
| Description: | Detects attempts to inject code into another process across PE, ELF, Mach-O binaries |
| Rule name: | Detect_PowerShell_Obfuscation |
|---|---|
| Author: | daniyyell |
| Description: | Detects obfuscated PowerShell commands commonly used in malicious scripts. |
| Rule name: | strrat_jar_v1 |
|---|---|
| Author: | RandomMalware |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
apk 59e3df379d1bee477da8acee2283d64762b777d8f8ade123f98469ffa127ea9b
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.