MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c8948262447a0bb43242ef39617b1bfe4be6e7be8f0a1f71072c8ad0f4ce7ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c8948262447a0bb43242ef39617b1bfe4be6e7be8f0a1f71072c8ad0f4ce7ff
SHA3-384 hash: 302ade80d0f35bddadaff6d19079a094b96855b255a3f4e335d53d0584268631f330335218de0bb6d16ab03576689a8e
SHA1 hash: f0404470ce5b2930dbe892e37cdb55a67a590bfc
MD5 hash: 135dfaa15ceb0afa38a4c755b056fc47
humanhash: seventeen-double-alabama-helium
File name:1.apk
Download: download sample
File size:30'697'830 bytes
First seen:2025-11-19 07:14:58 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 786432:ebUf6MZrm49wOCWF2QaCLsVy1buSqrDwLtkeGCT:ebUfr5r7FvLsM1aSws/GCT
TLSH T195673313FF20981AD07649364DAA87316732ED488612A70735DCBE2A6F7B1DB5F0A7C4
TrID 30.7% (.SPE) SPSS Extension (30000/1/7)
27.6% (.APK) Android Package (27000/1/5)
13.8% (.JAR) Java Archive (13500/1/2)
12.8% (.VYM) VYM Mind Map (12500/1/3)
10.7% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
Magika apk
Reporter juroots
Tags:apk

Intelligence

File Origin
# of uploads :
1
# of downloads :
47
Origin country :
IL IL
Vendor Threat Intelligence
Result
Link:
https://incinerator.cloud/#/public/report/135dfaa15ceb0afa38a4c755b056fc47/detail
Application Permissions
fine (GPS) location (ACCESS_FINE_LOCATION)
coarse (network-based) location (ACCESS_COARSE_LOCATION)
access location in background (ACCESS_BACKGROUND_LOCATION)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
directly call phone numbers (CALL_PHONE)
mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)
read sensitive log data (READ_LOGS)
read SMS or MMS (READ_SMS)
send SMS messages (SEND_SMS)
modify global system settings (WRITE_SETTINGS)
edit SMS or MMS (WRITE_SMS)
receive SMS (RECEIVE_SMS)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
read phone state and identity (READ_PHONE_STATE)
read external storage contents (READ_EXTERNAL_STORAGE)
take pictures and videos (CAMERA)
record audio (RECORD_AUDIO)
display system-level alerts (SYSTEM_ALERT_WINDOW)
retrieve running applications (GET_TASKS)
control vibrator (VIBRATE)
change network connectivity (CHANGE_NETWORK_STATE)
change Wi-Fi status (CHANGE_WIFI_STATE)
control flashlight (FLASHLIGHT)
prevent phone from sleeping (WAKE_LOCK)
view network status (ACCESS_NETWORK_STATE)
full Internet access (INTERNET)
view Wi-Fi status (ACCESS_WIFI_STATE)
reorder applications running (REORDER_TASKS)
change your audio settings (MODIFY_AUDIO_SETTINGS)
create Bluetooth connections (BLUETOOTH)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
send sticky broadcast (BROADCAST_STICKY)
directly install applications (INSTALL_PACKAGES)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/5c8948262447a0bb43242ef39617b1bfe4be6e7be8f0a1f71072c8ad0f4ce7ff
Verdict:
Unknown
File Type:
apk
First seen:
2025-11-19T06:00:00Z UTC
Last seen:
2025-11-19T10:42:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/5c8948262447a0bb43242ef39617b1bfe4be6e7be8f0a1f71072c8ad0f4ce7ff/results?tab=lookup
Score:
86%
Verdict:
Malware
File Type:
APK
Link:
https://malprob.io/report/5c8948262447a0bb43242ef39617b1bfe4be6e7be8f0a1f71072c8ad0f4ce7ff
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lseuqjrei6qlwqzef3zzmf5rx7sl43t35dykd5yqolek2d2m477q._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
android defense_evasion discovery impact persistence
Link:
https://tria.ge/reports/251119-h3wb8ahj71/
Behaviour
Checks CPU information
Checks memory information
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Queries information about active data network
Queries the mobile country code (MCC)
Checks if the Android device is rooted.
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b1c14dbb-bb2f-472b-88e5-9a1b1b3d6b30
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5c8948262447a0bb43242ef39617b1bfe4be6e7be8f0a1f71072c8ad0f4ce7ff

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Any_SU_Domain
Create hunting rule
Author:you
Description:Detect any reference to .su domains or subdomains
Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:Malaysia_mal_APK_1
Create hunting rule
Author:@fareedfauzi
Description:Detects Malicious APK targeting Malaysia
Rule name:malformed_zip_file
Create hunting rule
Author:nosh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 5c8948262447a0bb43242ef39617b1bfe4be6e7be8f0a1f71072c8ad0f4ce7ff

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3711796/
  
Delivery method
Distributed via web download

Comments