MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91e5c5dbb6e64f5399cd4786f2e91192525b6582a088a8b583a7599a82838567. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IRATA


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91e5c5dbb6e64f5399cd4786f2e91192525b6582a088a8b583a7599a82838567
SHA3-384 hash: ae354af562c96e8128469b006e250fcbba417378cc66b6464eb8100a04291ad8b5ffe853d5c1fcff0dedb8e2dec3d428
SHA1 hash: 78805a1d5b1f9c9c2c6dbf83752d39f27c795b3b
MD5 hash: e9476ead29f19bde9b3d61f166e63aef
humanhash: chicken-august-tennessee-alpha
File name:sana.apk
Download: download sample
Signature IRATA
Create hunting rule
File size:2'660'154 bytes
First seen:2023-09-14 23:45:28 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 49152:Z/n0bBpKmG2gU9bK8G2SczKlTddI+tYno0xOVB/4qMzYhv2m+Ku974l9Re3Sr:B7mIUU8G2ScaddI+tk5YB/kzYhvd+N9I
TLSH T197C51213F326686BCEE2D3722171133665364D29D743A78B2A1877BA74FB8EC0B951C1
TrID 56.0% (.APK) Android Package (32500/1/6)
23.2% (.JAR) Java Archive (13500/1/2)
12.0% (.MAFF) Mozilla Archive Format (gen) (7000/1/1)
6.8% (.ZIP) ZIP compressed archive (4000/1)
1.7% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter onecert_ir
Tags:android apk IRATA signed

Code Signing Certificate

Organisation:Android
Issuer:Android
Algorithm:sha1WithRSAEncryption
Valid from:2008-02-29T01:33:46Z
Valid to:2035-07-17T01:33:46Z
Serial number: 936eacbe07f201df
Intelligence: 1731 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
onecert_ir
IRATA

Intelligence

File Origin
# of uploads :
1
# of downloads :
183
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Android.Spy.989.origin.15367.7886.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
fingerprint lolbin remote
Link:
https://www.filescan.io/uploads/65039b3a25e2ece4df6e9dcb/reports/d4598c1f-4d6e-4e35-8188-eaf6d62ca7f7/overview
Result
Link:
https://incinerator.cloud/#/public/report/e9476ead29f19bde9b3d61f166e63aef/detail
Application Permissions
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/91e5c5dbb6e64f5399cd4786f2e91192525b6582a088a8b583a7599a82838567
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1308652
Signature
Antivirus / Scanner detection for submitted sample
Drops a new APK file
Multi AV Scanner detection for submitted file
Tries to detect Android x86
Tries to detect the analysis device (e.g. the Android emulator)
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/91e5c5dbb6e64f5399cd4786f2e91192525b6582a088a8b583a7599a82838567/
Threat name:
Android.Spyware.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-09-14 23:46:06 UTC
File Type:
Binary (Archive)
Extracted files:
259
AV detection:
8 of 19 (42.11%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=shs4lw5w4zhvhgoni6dpf2irsjjfwzmcucekrnmdu5mzvaudqvtq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
android
Link:
https://tria.ge/reports/230914-3r92fsfh7y/
Behaviour
Reads information about phone network operator.
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/91e5c5dbb6e64f5399cd4786f2e91192525b6582a088a8b583a7599a82838567

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IRATA

apk 91e5c5dbb6e64f5399cd4786f2e91192525b6582a088a8b583a7599a82838567

(this sample)

  
Dropping
IRATA
  
Delivery method
Distributed via web download

Comments