MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b03e4637db188820db5a30ae59f0a753a3e86b8a26c791f2ebee521357f229d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b03e4637db188820db5a30ae59f0a753a3e86b8a26c791f2ebee521357f229d
SHA3-384 hash: 029d2dd4753e287ecafebe13965490bf68e83ba60c88a0fd8953d627e0e4ce1bed41aed9ddbe68cf56457ebc9a637469
SHA1 hash: 273d3c1a7f70b4acf7ed368f6f609cd5cc7886b1
MD5 hash: 8c64e915831c3987c3b2832619771dee
humanhash: tango-berlin-montana-october
File name:4190_CTVP2PV10.apk
Download: download sample
File size:25'357'616 bytes
First seen:2025-11-20 15:24:05 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 393216:lvjMCa6m2kLwM11YvvCz7QLmkHy3n1fnCeQhgTQEWC48YUxPbh3SEc9uGJ9xe:lvjDbqhq3C0Lm73XQhynWKn1iELGQ
TLSH T1E147229AF79CEE2EC47790328F5A4273201A8D15CA42D347B918775C68F39D48E89FD8
TrID 35.2% (.APK) Android Package (27000/1/5)
28.1% (.OXT) OpenOffice Extension (21500/1/3)
17.6% (.JAR) Java Archive (13500/1/2)
13.7% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
5.2% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter juroots
Tags:apk signed

Code Signing Certificate

Organisation:Unknown
Issuer:Unknown
Algorithm:sha256WithRSAEncryption
Valid from:2022-01-19T20:37:10Z
Valid to:2047-01-13T20:37:10Z
Serial number: 3afe1f65
Thumbprint Algorithm:SHA256
Thumbprint: 7379819d54ae5654ec44868e797604d0e0afa2733bca498f39a607d35b8aa7ab
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
44
Origin country :
IL IL
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 crypto evasive expand fingerprint lolbin persistence signed
Link:
https://www.filescan.io/uploads/691f33021aa248a1ea4edbf0/reports/e7b8b873-de9c-42bf-b4b7-88b28f3be2b7/overview
Result
Link:
https://incinerator.cloud/#/public/report/8c64e915831c3987c3b2832619771dee/detail
Application Permissions
read phone state and identity (READ_PHONE_STATE)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
read external storage contents (READ_EXTERNAL_STORAGE)
display system-level alerts (SYSTEM_ALERT_WINDOW)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)
full Internet access (INTERNET)
view network status (ACCESS_NETWORK_STATE)
view Wi-Fi status (ACCESS_WIFI_STATE)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
prevent phone from sleeping (WAKE_LOCK)
change your audio settings (MODIFY_AUDIO_SETTINGS)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/9b03e4637db188820db5a30ae59f0a753a3e86b8a26c791f2ebee521357f229d
Verdict:
Unknown
File Type:
apk
First seen:
2025-10-02T19:58:00Z UTC
Last seen:
2025-11-20T15:40:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/9b03e4637db188820db5a30ae59f0a753a3e86b8a26c791f2ebee521357f229d/results?tab=lookup
Score:
40%
Verdict:
Susipicious
File Type:
APK
Link:
https://malprob.io/report/9b03e4637db188820db5a30ae59f0a753a3e86b8a26c791f2ebee521357f229d
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmb6iy35wgeiednvumfolhykou5d5bvyujwhshzox3sscnl7ekoq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/251120-stxh2awpev/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/66c918e1-5a23-476b-89d0-e11fa88fc369
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9b03e4637db188820db5a30ae59f0a753a3e86b8a26c791f2ebee521357f229d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk 9b03e4637db188820db5a30ae59f0a753a3e86b8a26c791f2ebee521357f229d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3712997/
  
Delivery method
Distributed via web download

Comments