MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 92871cbed3b8b6a65b0e50df893c015e6508572d7cde49b0a99ec61449a11d1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 92871cbed3b8b6a65b0e50df893c015e6508572d7cde49b0a99ec61449a11d1e |
|---|---|
| SHA3-384 hash: | c2a7604843d02cbccd4bd2dc5a2925c4389491aa593ee910358e055fdd336b63504d62a71361f74d0e3ea2f097e81b5d |
| SHA1 hash: | 215451529b81f8defffa2fead7f95bec9b1c5e16 |
| MD5 hash: | 5effcf201f7cb3dd47922c279bfbce97 |
| humanhash: | social-december-four-autumn |
| File name: | xwang.xyz_v2.0.apk |
| Download: | download sample |
| File size: | 4'649'522 bytes |
| First seen: | 2026-03-16 17:25:40 UTC |
| Last seen: | Never |
| File type: | apk |
| MIME type: | application/zip |
| ssdeep | 98304:GaHPK3HTbDcAvSrNTItnwtXrvrqAjxa+3ty04spsJgiMXBnI7u+4ES+imIx7UJCm:ZPMHDcAONonkXDrqAjhhsSiMRBJUJL |
| TLSH | T185261287EB19E9A6E1B3C736D379629365260C984643E3931B85F13C0EB79C046D6FC8 |
| TrID | 49.0% (.APK) Android Package (27000/1/5) 24.5% (.JAR) Java Archive (13500/1/2) 19.0% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3) 7.2% (.ZIP) ZIP compressed archive (4000/1) |
| Magika | apk |
| Reporter |  juroots |
| Tags: | apk |
Intelligence
File Origin
# of uploads :
1
# of downloads :
134
Origin country :
CZVendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
base64 crypto evasive fingerprint signed
Result
Application Permissions
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
read external storage contents (READ_EXTERNAL_STORAGE)
read phone state and identity (READ_PHONE_STATE)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)
read contact data (READ_CONTACTS)
read sensitive log data (READ_LOGS)
write contact data (WRITE_CONTACTS)
take pictures and videos (CAMERA)
record audio (RECORD_AUDIO)
list accounts (GET_ACCOUNTS)
directly call phone numbers (CALL_PHONE)
coarse (network-based) location (ACCESS_COARSE_LOCATION)
fine (GPS) location (ACCESS_FINE_LOCATION)
modify global system settings (WRITE_SETTINGS)
full Internet access (INTERNET)
view network status (ACCESS_NETWORK_STATE)
view Wi-Fi status (ACCESS_WIFI_STATE)
change network connectivity (CHANGE_NETWORK_STATE)
control vibrator (VIBRATE)
change your audio settings (MODIFY_AUDIO_SETTINGS)
change Wi-Fi status (CHANGE_WIFI_STATE)
prevent phone from sleeping (WAKE_LOCK)
control flashlight (FLASHLIGHT)
directly install applications (INSTALL_PACKAGES)
Result
Verdict:
SUSPICIOUS
Link:
Verdict:
Unknown
File Type:
apk
Score:
94%
Verdict:
Malware
File Type:
APK
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
8/10
Tags:
android collection credential_access defense_evasion discovery evasion impact
Behaviour
Checks CPU information
Checks memory information
Uses Crypto APIs (Might try to encrypt user data)
Queries information about active data network
Checks Android system properties for emulator presence.
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Checks if the Android device is rooted.
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
No further information available
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.