MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81c8208418452c3b853578feefd0d1bf5bdef557fc6a007bbfdc52ade20d177e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirax


Vendor detections: 5


Intelligence 5 IOCs YARA 7 File information Comments

SHA256 hash: 81c8208418452c3b853578feefd0d1bf5bdef557fc6a007bbfdc52ade20d177e
SHA3-384 hash: 3a2511dc19f5277a9e3bad604d52c4fff5492f5c7b3483b78d4202e5a6f8beec2bd4cd92b082f752e6d0d2f81402c5e9
SHA1 hash: 992ec9b6ceb63d3c751c555d87b59b2059872492
MD5 hash: 79c1677ed6de6216211b8d4bcd47b0bb
humanhash: oregon-island-skylark-bravo
File name:4315-1.dex
Download: download sample
Signature Mirax
File size:4'484'048 bytes
First seen:2026-07-01 20:02:34 UTC
Last seen:Never
File type:
MIME type:application/octet-stream
ssdeep 49152:4n/C86qqpzKVEuRzOeB3vc/k7rpuoIE97oT76lSxz4CI+:w/FRDOT/kHp8T7zt
TLSH T1FA266B27E2292933C15E0BB688F757587332A2873F4397872558913CFCC738496AA67D
Magika dex
Reporter BastianHein
Tags:dex Mirax

Intelligence


File Origin
# of uploads :
1
# of downloads :
5
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
dex
First seen:
2026-07-01T19:43:00Z UTC
Last seen:
2026-07-02T20:12:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Spy.AndroidOS.SpyNote.by HEUR:Trojan-Banker.AndroidOS.Coper.a
Gathering data
Threat name:
Android.Trojan.Mirax
Status:
Malicious
First seen:
2026-07-01 22:56:04 UTC
File Type:
DEX (Exe)
AV detection:
8 of 38 (21.05%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:Golang_Find_CSC846
Author:Ashar Siddiqui
Description:Find Go Signatuers
Rule name:Golang_Find_CSC846_Simple
Author:Ashar Siddiqui
Description:Find Go Signatuers
Rule name:inthebox_inject_send_logs
Author:Alberto Segura
Description:Detects InTheBox's injects used by several Android Malware families (Hydra, Alien, Copybara/JokerRAT, Cerberus, ERMACm, Octo)
Rule name:telebot_framework
Author:vietdx.mb
Rule name:testlumma

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments