MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 854774a198db490a1ae9f06d5da5fe6a1f683bf3d7186e56776516f982d41ad3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 854774a198db490a1ae9f06d5da5fe6a1f683bf3d7186e56776516f982d41ad3
SHA3-384 hash: 86d279356d7be5b7641561a43d37acc09f1524e36fd0abfe00c4b2986514d650a8d86eae3b9a4460928d4ec8830af2f4
SHA1 hash: 51b31827c1d961ced142a3c5f3efa2b389f9c5ad
MD5 hash: 79ba96848428337e685e10b06ccc1c89
humanhash: blossom-alanine-fix-illinois
File name:WIFI.apk
Download: download sample
File size:3'007'920 bytes
First seen:2021-01-12 14:52:33 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 49152:rlaYuMuLPV74she6ZMKqvoWY9KqUoHLUfgP8csv5oJewBktwFcBVOhOUfFW:r0YhiqshtJqQWY9GEUoP8zv5f0kuFczJ
TLSH 8AD5338F15B14C4A94A719F7A1B6F2480D6D6BE1740C6342A32C6107B9D2F31AF6FC9B
Reporter U039b
Tags:apk FinSpy

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'024
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Android.Finspy.2.origin.30640.23095.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/854774a198db490a1ae9f06d5da5fe6a1f683bf3d7186e56776516f982d41ad3/
Threat name:
Android.Spyware.TechFu
Create hunting rule
Status:
Malicious
First seen:
2019-11-27 11:59:20 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
android obfuscation ransomware stealth trojan
Link:
https://tria.ge/reports/210112-6aqfd4757x/
Behaviour
Suspicious use of android.location.LocationManager.getLastKnownLocation
Suspicious use of android.os.PowerManager$WakeLock.acquire
Suspicious use of android.telephony.TelephonyManager.getPhoneType
Uses reflection
Uses Crypto APIs (Might try to encrypt user data).
Reads name of network operator
Reads serial number of SIM
Checks Android system properties for emulator presence.
Reads device subscriber ID
Removes its main activity from the application launcher
Requests cell location
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments