MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d9a48a2f604b1ecad1feb7afdacce1c9ed29f6d52299c478cb29b097af642be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d9a48a2f604b1ecad1feb7afdacce1c9ed29f6d52299c478cb29b097af642be
SHA3-384 hash: 0b4d363253fd0d228bce375fc6b89cc245dce870d7e182f79fd7b6befb414a22ecfed933678cb993f52191aea03af553
SHA1 hash: 2b4f8b7ff433a849e97fb74559a698d6fc6c6f11
MD5 hash: 4877d7b6903450a897dc3226ae97c3db
humanhash: gee-nuts-california-tennis
File name:MODDER.apk
Download: download sample
File size:1'770'001 bytes
First seen:2024-02-12 12:45:53 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 49152:Q/oWyPEjuHg4nOijiJ6/dH50JThfv3MXCEj0:a+ESA4nRf50jf/eCEj0
TLSH T1A1851292F632AD4BC832D271159A43392156CD648D47EB4B798837BD38BF5E88F807D8
TrID 63.7% (.APK) Android Package (32500/1/6)
26.4% (.JAR) Java Archive (13500/1/2)
7.8% (.ZIP) ZIP compressed archive (4000/1)
1.9% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter e24111111111111
Tags:Adware.AndroidOS apk signed

Code Signing Certificate

Organisation:Android Release
Issuer:Android Release
Algorithm:sha256WithRSAEncryption
Valid from:2023-12-29T12:18:19Z
Valid to:2051-05-16T12:18:19Z
Serial number: 393b3395d7ecae65
Intelligence: 3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 4e88dbcdf428e7b7df4d5751a4fe7ade9c2300208017ed516c57363d024d18ed
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
589
Origin country :
GR GR
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Android.HiddenAds.3926.31293.12528.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/65ca130c02d5be924b639413/reports/ce1b92d4-f971-45e8-ae3d-7c1594600852/overview
Result
Link:
https://incinerator.cloud/#/public/report/4877d7b6903450a897dc3226ae97c3db/detail
Application Permissions
coarse (network-based) location (ACCESS_COARSE_LOCATION)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
read external storage contents (READ_EXTERNAL_STORAGE)
full Internet access (INTERNET)
view network status (ACCESS_NETWORK_STATE)
prevent phone from sleeping (WAKE_LOCK)
C2DM permissions (RECEIVE)
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1390745
Signature
Accesses FileOutputStream via Reflection
Creates a new dex file (likely to load a new code)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Behaviour
Behavior Graph:
n/a
Score:
0%
Verdict:
Benign
File Type:
Archive
Link:
https://malprob.io/report/8d9a48a2f604b1ecad1feb7afdacce1c9ed29f6d52299c478cb29b097af642be
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d9a48a2f604b1ecad1feb7afdacce1c9ed29f6d52299c478cb29b097af642be/
Threat name:
Android.Adware.Adlo
Create hunting rule
Status:
Malicious
First seen:
2024-02-12 12:46:04 UTC
File Type:
Binary (Archive)
Extracted files:
130
AV detection:
7 of 23 (30.43%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rwnerixwasy6zli75n5p3lgodspnfh3nkiuzyr4mwknqs6xwik7a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
android
Link:
https://tria.ge/reports/240212-pzmdgade2v/
Behaviour
Acquires the wake lock
Reads information about phone network operator.
Loads dropped Dex/Jar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Adware
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/8d9a48a2f604b1ecad1feb7afdacce1c9ed29f6d52299c478cb29b097af642be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 8d9a48a2f604b1ecad1feb7afdacce1c9ed29f6d52299c478cb29b097af642be

(this sample)

  
Delivery method
Distributed via web download

Comments