MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 855ecc219191414b70b87bf80a5985d99bc500e6bad60d80d4fe76fd4ec9741c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 855ecc219191414b70b87bf80a5985d99bc500e6bad60d80d4fe76fd4ec9741c
SHA3-384 hash: ae00c1b56a011b09cf350c4f0efa9c265d6c68dd110c9408ce688d8793a320ab00119d8e6435adffee01f2e12e6cc61a
SHA1 hash: 5d5d6c1eb19e3f6e499739e58e47b602b312b320
MD5 hash: 58a72b23db11a0030add54dd7746ccc6
humanhash: eighteen-fillet-happy-foxtrot
File name:hezi.apk
Download: download sample
File size:39'939'003 bytes
First seen:2025-11-18 07:49:09 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 786432:QU1wEfN52nTT1pGnGgOxEZz8tf+eEgSRbC2MwsVy1J7QIxOYNG2lUm:QPGNST1pGGRx6DTgLwsM1NZIm
TLSH T13E973387E718D157F0F38539A77B462BE1620C154642D2D33B5AF23C0AB78D8AB4AEC5
TrID 49.0% (.APK) Android Package (27000/1/5)
24.5% (.JAR) Java Archive (13500/1/2)
19.0% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
7.2% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter juroots
Tags:apk

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
US US
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 crypto evasive fingerprint persistence signed
Link:
https://www.filescan.io/uploads/691c25154e43be3f7164016b/reports/784b65bc-1d53-4b44-a4b3-11234ee2c1cf/overview
Result
Link:
https://incinerator.cloud/#/public/report/58a72b23db11a0030add54dd7746ccc6/detail
Application Permissions
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
read phone state and identity (READ_PHONE_STATE)
read external storage contents (READ_EXTERNAL_STORAGE)
retrieve running applications (GET_TASKS)
take pictures and videos (CAMERA)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)
read sensitive log data (READ_LOGS)
list accounts (GET_ACCOUNTS)
modify global system settings (WRITE_SETTINGS)
record audio (RECORD_AUDIO)
full Internet access (INTERNET)
view network status (ACCESS_NETWORK_STATE)
prevent phone from sleeping (WAKE_LOCK)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
view Wi-Fi status (ACCESS_WIFI_STATE)
change network connectivity (CHANGE_NETWORK_STATE)
control vibrator (VIBRATE)
change Wi-Fi status (CHANGE_WIFI_STATE)
control flashlight (FLASHLIGHT)
change your audio settings (MODIFY_AUDIO_SETTINGS)
turn phone on or off (DEVICE_POWER)
directly install applications (INSTALL_PACKAGES)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/855ecc219191414b70b87bf80a5985d99bc500e6bad60d80d4fe76fd4ec9741c
Verdict:
Unknown
File Type:
apk
Link:
https://opentip.kaspersky.com/855ecc219191414b70b87bf80a5985d99bc500e6bad60d80d4fe76fd4ec9741c/results?tab=lookup
Score:
46%
Verdict:
Susipicious
File Type:
APK
Link:
https://malprob.io/report/855ecc219191414b70b87bf80a5985d99bc500e6bad60d80d4fe76fd4ec9741c
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qvpmyimrsfauw4fypp4auwmf3gn4kahgxlla3agu7z3p2twjoqoa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
android evasion
Link:
https://tria.ge/reports/251118-jn1ttsdj5v/
Behaviour
Loads dropped Dex/Jar
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/cfb11761-7a06-4e97-ae4a-0167f58ff766
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/855ecc219191414b70b87bf80a5985d99bc500e6bad60d80d4fe76fd4ec9741c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Malaysia_mal_APK_1
Create hunting rule
Author:@fareedfauzi
Description:Detects Malicious APK targeting Malaysia

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 855ecc219191414b70b87bf80a5985d99bc500e6bad60d80d4fe76fd4ec9741c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3711022/
  
Delivery method
Distributed via web download

Comments