MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d9e3cd2d1570b230be6f00fc89ee2d2f3f345e00f6376e9a56cb67b2fc5a302. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA 7 File information Comments

SHA256 hash:	6d9e3cd2d1570b230be6f00fc89ee2d2f3f345e00f6376e9a56cb67b2fc5a302
SHA3-384 hash:	782c59f61368406b82276a7f2fe8ce164fe374df57211a54735c50b541147c2b2cc8be3495b997e1c003e156a1aa63aa
SHA1 hash:	db203ead26f95d0db9940f0a6f0d3ffc5ea0a207
MD5 hash:	a75d0d0a1e368015d71981b44b7a7951
humanhash:	princess-lactose-green-freddie
File name:	ArafRamadanDays26.apk
Download:	download sample
File size:	15'660'591 bytes
First seen:	2026-02-25 11:03:17 UTC
Last seen:	Never
File type:	apk
MIME type:	application/zip
ssdeep	393216:cOAoA6cb5DWMqOZHvEDMuU5KNzvL4orIMWiaaYsgP0:HAP6ctDrBZPQRzT4orIYFoP0
TLSH	T1EBF633A8C9DFF5A7F8670834A146A4A764E7F88611BFD4E4483DCAF482BF42495847C3
TrID	60.6% (.APK) Android Package (27000/1/5) 30.3% (.JAR) Java Archive (13500/1/2) 8.9% (.ZIP) ZIP compressed archive (4000/1)
Magika	apk
Reporter	juroots
Tags:	apk signed

Code Signing Certificate

Organisation:	comber
Issuer:	comber
Algorithm:	sha256WithRSAEncryption
Valid from:	2023-07-04T16:25:55Z
Valid to:	2523-03-05T16:25:55Z
Serial number:	01
Intelligence:	390 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:	This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	39cd4e82eb3af1b1055c278ca7513ef63914808327135eaded01603a0606ad23
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Android.Siggen.Susp.53486.27703.6297.UNOFFICIAL

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

base64 crypto evasive fingerprint phishing signed

Link:

https://www.filescan.io/uploads/699ed7199eaae846593f0d41/reports/f91a6bcf-03d2-4aac-937d-a83bfac5bb54/overview

Result

Link:

https://incinerator.cloud/#/public/report/a75d0d0a1e368015d71981b44b7a7951/detail

Application Permissions

full Internet access (INTERNET)

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/6d9e3cd2d1570b230be6f00fc89ee2d2f3f345e00f6376e9a56cb67b2fc5a302

Verdict:

Unknown

File Type:

apk

Link:

https://opentip.kaspersky.com/6d9e3cd2d1570b230be6f00fc89ee2d2f3f345e00f6376e9a56cb67b2fc5a302/results?tab=lookup

Score:

92%

Verdict:

Malware

File Type:

APK

Link:

https://malprob.io/report/6d9e3cd2d1570b230be6f00fc89ee2d2f3f345e00f6376e9a56cb67b2fc5a302

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6d9e3cd2d1570b230be6f00fc89ee2d2f3f345e00f6376e9a56cb67b2fc5a302/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nwpdzuwrk4fsgc7g6ah4rhxc2lz7grpab5rxn2nfns3hwl6fumba._file

Result

Malware family:

n/a

Score:

7/10

Tags:

android collection credential_access discovery impact persistence

Link:

https://tria.ge/reports/260225-m55qwsgs9c/

Behaviour

Checks CPU information

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the mobile country code (MCC)

Obtains sensitive information copied to the device clipboard

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/6d9e3cd2d1570b230be6f00fc89ee2d2f3f345e00f6376e9a56cb67b2fc5a302

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	apk_flubot_w0 Create hunting rule
Author:	Thomas Barabosch, Telekom Security
Description:	matches on dumped, decrypted V/DEX files of Flubot version > 4.2

Rule name:	Borland Create hunting rule
Author:	malware-lu

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	Detect_PowerShell_Obfuscation Create hunting rule
Author:	daniyyell
Description:	Detects obfuscated PowerShell commands commonly used in malicious scripts.

Rule name:	html_auto_download_b64 Create hunting rule
Author:	Tdawg
Description:	html auto download

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 6d9e3cd2d1570b230be6f00fc89ee2d2f3f345e00f6376e9a56cb67b2fc5a302

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3785437/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample