MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 633c93ceea6fb2126ba62f0547f2b8b17188aaaedeea6f43cc0bbb522fe48c8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 633c93ceea6fb2126ba62f0547f2b8b17188aaaedeea6f43cc0bbb522fe48c8c
SHA3-384 hash: b4e5eaefc919d8888e097af1729da5ff9cb1e6290c1bbdcc962d262097318c199a5e4b0443c607682887119dca1c9a80
SHA1 hash: df149d29de761f8cfb3ffae3328fc6e4c43ff4e0
MD5 hash: b88aa58cec2845002c3a8b0e75f5f1fb
humanhash: coffee-hawaii-uncle-uncle
File name:atcfx_v1.3.6.apk
Download: download sample
File size:17'641'130 bytes
First seen:2025-12-10 09:05:17 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 393216:/FvXTTXyAPVd4ScdF6njhH2Vf8kpYClaTViul40ZMAFJbYpSB5kZrmIfV2WA:pXBP74PF6n47pYbZl7T2wB5fUV2v
TLSH T173073383EB06ED56FAF7C6319376025BA6264C584257E6435B84B42C1CB3ED08B96FCC
TrID 49.0% (.APK) Android Package (27000/1/5)
24.5% (.JAR) Java Archive (13500/1/2)
19.0% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
7.2% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter juroots
Tags:apk signed

Code Signing Certificate

Organisation:fuD
Issuer:fuD
Algorithm:sha256WithRSAEncryption
Valid from:2023-11-10T14:56:15Z
Valid to:2078-08-13T14:56:15Z
Serial number: 4d6a2164
Thumbprint Algorithm:SHA256
Thumbprint: fdb940f234de4518d6fe0dde2ac407bf0e018ef8bff14d58fe0575aaa0a06db1
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 crypto evasive fingerprint signed
Link:
https://www.filescan.io/uploads/69393801154f74b93dd56658/reports/f3c9423c-738a-4d2e-baa4-41587e75ade9/overview
Result
Link:
https://incinerator.cloud/#/public/report/b88aa58cec2845002c3a8b0e75f5f1fb/detail
Application Permissions
read external storage contents (READ_EXTERNAL_STORAGE)
read sensitive log data (READ_LOGS)
read phone state and identity (READ_PHONE_STATE)
record audio (RECORD_AUDIO)
write contact data (WRITE_CONTACTS)
modify global system settings (WRITE_SETTINGS)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
coarse (network-based) location (ACCESS_COARSE_LOCATION)
fine (GPS) location (ACCESS_FINE_LOCATION)
take pictures and videos (CAMERA)
list accounts (GET_ACCOUNTS)
mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)
read contact data (READ_CONTACTS)
control vibrator (VIBRATE)
prevent phone from sleeping (WAKE_LOCK)
full Internet access (INTERNET)
view network status (ACCESS_NETWORK_STATE)
view Wi-Fi status (ACCESS_WIFI_STATE)
change network connectivity (CHANGE_NETWORK_STATE)
allow Wi-Fi Multicast reception (CHANGE_WIFI_MULTICAST_STATE)
change Wi-Fi status (CHANGE_WIFI_STATE)
control flashlight (FLASHLIGHT)
change your audio settings (MODIFY_AUDIO_SETTINGS)
directly install applications (INSTALL_PACKAGES)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/633c93ceea6fb2126ba62f0547f2b8b17188aaaedeea6f43cc0bbb522fe48c8c
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Verdict:
Unknown
File Type:
apk
First seen:
2024-03-11T17:07:00Z UTC
Last seen:
2025-12-10T11:20:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/633c93ceea6fb2126ba62f0547f2b8b17188aaaedeea6f43cc0bbb522fe48c8c/results?tab=lookup
Score:
89%
Verdict:
Malware
File Type:
APK
Link:
https://malprob.io/report/633c93ceea6fb2126ba62f0547f2b8b17188aaaedeea6f43cc0bbb522fe48c8c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/633c93ceea6fb2126ba62f0547f2b8b17188aaaedeea6f43cc0bbb522fe48c8c/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mm6jhtxkn6zbe25gf4cup4vywfyyrkvo33vg6q6mbo5vel7ersga._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
android collection credential_access evasion impact
Link:
https://tria.ge/reports/251210-k2saaady9d/
Behaviour
Checks memory information
Uses Crypto APIs (Might try to encrypt user data)
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/10b611ac-73d0-4073-82e9-a451a285281f
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/633c93ceea6fb2126ba62f0547f2b8b17188aaaedeea6f43cc0bbb522fe48c8c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Malaysia_mal_APK_1
Create hunting rule
Author:@fareedfauzi
Description:Detects Malicious APK targeting Malaysia
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 633c93ceea6fb2126ba62f0547f2b8b17188aaaedeea6f43cc0bbb522fe48c8c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3730837/
  
Delivery method
Distributed via web download

Comments