MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d1cf0eff5e73d4c5b9fda82268c436dae8dcd2166a86f76374afd537ad2962f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Datzbro

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	8d1cf0eff5e73d4c5b9fda82268c436dae8dcd2166a86f76374afd537ad2962f
SHA3-384 hash:	001b82253255034b84cd458e7b4e4ecffcf2bf8dd9e019e605551f4698cbfcb172a9549f6ef8ca2c56a05368efc0cfab
SHA1 hash:	70228d5731f7b9bca4461d3a0cc761bf7a6f6a43
MD5 hash:	bec407bb78e3a37b813e59ed67a93b32
humanhash:	victor-blue-blue-seven
File name:	91.apk
Download:	download sample
Signature	Datzbro Create hunting rule
File size:	5'724'421 bytes
First seen:	2025-11-20 15:23:54 UTC
Last seen:	Never
File type:	apk
MIME type:	application/zip
ssdeep	98304:h2GN9oTYrt7lzRa8zZOQ51Rohm3ssk7seu2vfWSbP1MpXIF6+JspKbXZ0DoAMF21:EGNNtRR9OO1Rohm3I3wXIF6EspKbJ0s+
TLSH	T19E46F1CAF7C65A6EC4F70376CD3612E685475D6687838E836D40723C68BB2D40F89AC9
TrID	48.2% (.JAR) Java Archive (13500/1/2) 37.5% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3) 14.2% (.ZIP) ZIP compressed archive (4000/1)
Magika	apk
Reporter	juroots
Tags:	apk Datzbro signed

Code Signing Certificate

Organisation:	QZTSN1
Issuer:	QZTSN1
Algorithm:	sha512WithRSAEncryption
Valid from:	2025-11-17T07:16:03Z
Valid to:	2050-11-11T07:16:03Z
Serial number:	3fe57b22
Thumbprint Algorithm:	SHA256
Thumbprint:	75afe560da65abb7f9cd874f5bf5221dbb6e7005d7caf86f0d600e554b36e376
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

base64 crypto evasive expand fingerprint lolbin persistence signed

Link:

https://www.filescan.io/uploads/691f32db1c724c5c1c704c3e/reports/fca8cb0d-ab3d-4449-90de-ea42e9e0bb09/overview

Result

Link:

https://incinerator.cloud/#/public/report/bec407bb78e3a37b813e59ed67a93b32/detail

Application Permissions

edit SMS or MMS (WRITE_SMS)

receive SMS (RECEIVE_SMS)

write contact data (WRITE_CONTACTS)

send SMS messages (SEND_SMS)

read SMS or MMS (READ_SMS)

read contact data (READ_CONTACTS)

list accounts (GET_ACCOUNTS)

take pictures and videos (CAMERA)

record audio (RECORD_AUDIO)

coarse (network-based) location (ACCESS_COARSE_LOCATION)

fine (GPS) location (ACCESS_FINE_LOCATION)

directly call phone numbers (CALL_PHONE)

read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)

read external storage contents (READ_EXTERNAL_STORAGE)

Allows an application a broad access to external storage in scoped storage (MANAGE_EXTERNAL_STORAGE)

view network status (ACCESS_NETWORK_STATE)

set wallpaper (SET_WALLPAPER)

automatically start at boot (RECEIVE_BOOT_COMPLETED)

full Internet access (INTERNET)

prevent phone from sleeping (WAKE_LOCK)

update component usage statistics (PACKAGE_USAGE_STATS)

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/8d1cf0eff5e73d4c5b9fda82268c436dae8dcd2166a86f76374afd537ad2962f

Verdict:

Malicious

File Type:

apk

First seen:

2025-11-20T04:33:00Z UTC

Last seen:

2025-11-22T10:18:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/8d1cf0eff5e73d4c5b9fda82268c436dae8dcd2166a86f76374afd537ad2962f/results?tab=lookup

Score:

97%

Verdict:

Malware

File Type:

APK

Link:

https://malprob.io/report/8d1cf0eff5e73d4c5b9fda82268c436dae8dcd2166a86f76374afd537ad2962f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8d1cf0eff5e73d4c5b9fda82268c436dae8dcd2166a86f76374afd537ad2962f/

Threat name:

Android.Trojan.AVerseFalc

Status:

Malicious

First seen:

2025-11-20 09:45:10 UTC

File Type:

Binary (Archive)

Extracted files:

874

AV detection:

16 of 38 (42.11%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ruopb37v446uyw473kbcndcdnwxi3tjbm2ug65rxjl6vg6wssyxq._file

Result

Malware family:

datzbro

Score:

10/10

Tags:

family:datzbro android banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence rat trojan

Link:

https://tria.ge/reports/251120-stbasswpdt/

Behaviour

Checks CPU information

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Makes use of the framework's foreground persistence service

Performs UI accessibility actions on behalf of the user

Queries information about active data network

Queries the mobile country code (MCC)

Makes use of the framework's Accessibility service

Obtains sensitive information copied to the device clipboard

Datzbro

Datzbro family

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/6af03bab-0432-440f-bb2b-cc34a5766e68

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/8d1cf0eff5e73d4c5b9fda82268c436dae8dcd2166a86f76374afd537ad2962f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Datzbro

apk 8d1cf0eff5e73d4c5b9fda82268c436dae8dcd2166a86f76374afd537ad2962f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3712995/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample