MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b274e409cdd3108fc9940227a463912c24483541347853979af9fc0da34b6f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b274e409cdd3108fc9940227a463912c24483541347853979af9fc0da34b6f3
SHA3-384 hash: 3d600117eaf300b0127e58d63c1f212d7e380e2a8fc16e453a962dc035cb41b57fa05eb22e639a6266fb42caa5259712
SHA1 hash: 27fb1a6194aa9f6cc029ee1680a2db862c90801c
MD5 hash: b9ea6855dfbed596226b1efceddf627c
humanhash: artist-bacon-river-carpet
File name:yunhu-1.5.7.apk
Download: download sample
File size:80'745'998 bytes
First seen:2025-11-19 07:15:48 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 1572864:F8AhP7PPb9nArfy3SPHKYLfX4jqh9348btl11EwrkQ2nFZcuFEj6icnL66clUL2L:F8uzb9nArfy3S5T1R4KVhkQIDcueBcnU
TLSH T1910833CAF3A58A5FD8326131485A82B517834E14E54B869FB588376C24B3DD40F7A3EF
TrID 65.0% (.APK) Android Package (27000/1/5)
25.3% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
9.6% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter juroots
Tags:apk

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
IL IL
Vendor Threat Intelligence
Result
Link:
https://incinerator.cloud/#/public/report/b9ea6855dfbed596226b1efceddf627c/detail
Application Permissions
coarse (network-based) location (ACCESS_COARSE_LOCATION)
fine (GPS) location (ACCESS_FINE_LOCATION)
record audio (RECORD_AUDIO)
take pictures and videos (CAMERA)
read external storage contents (READ_EXTERNAL_STORAGE)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
Allows an application a broad access to external storage in scoped storage (MANAGE_EXTERNAL_STORAGE)
read phone state and identity (READ_PHONE_STATE)
access location in background (ACCESS_BACKGROUND_LOCATION)
control vibrator (VIBRATE)
change network connectivity (CHANGE_NETWORK_STATE)
create Bluetooth connections (BLUETOOTH)
bluetooth administration (BLUETOOTH_ADMIN)
view network status (ACCESS_NETWORK_STATE)
full Internet access (INTERNET)
change your audio settings (MODIFY_AUDIO_SETTINGS)
prevent phone from sleeping (WAKE_LOCK)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
view Wi-Fi status (ACCESS_WIFI_STATE)
reorder applications running (REORDER_TASKS)
change Wi-Fi status (CHANGE_WIFI_STATE)
show app notification (READ_APP_BADGE)
C2DM permissions (RECEIVE)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/5b274e409cdd3108fc9940227a463912c24483541347853979af9fc0da34b6f3
Verdict:
Clean
File Type:
apk
First seen:
2025-11-19T05:47:00Z UTC
Last seen:
2025-11-19T06:20:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5b274e409cdd3108fc9940227a463912c24483541347853979af9fc0da34b6f3/results?tab=lookup
Score:
1%
Verdict:
Benign
File Type:
APK
Link:
https://malprob.io/report/5b274e409cdd3108fc9940227a463912c24483541347853979af9fc0da34b6f3
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lmtu4qe43uyqr7eziarhurrzclbeja2ucndykolzv6p4bwruw3zq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/251119-h41nbswnev/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b93964b4-9aaf-4ce2-9015-d41afe7099b6
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 5b274e409cdd3108fc9940227a463912c24483541347853979af9fc0da34b6f3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3711804/
  
Delivery method
Distributed via web download

Comments