MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3ade4b9e03e459a5955d68c52f8dbf893ce0c2bfb56c1c8b7415ecfb7ec9246. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirax


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments

SHA256 hash: a3ade4b9e03e459a5955d68c52f8dbf893ce0c2bfb56c1c8b7415ecfb7ec9246
SHA3-384 hash: 914d0a303c7e597fee19320846115d47d41d688b1f6661a4f4087e8a89357b70410505d42d9ff2b7cd9c913a53eff8cc
SHA1 hash: fc48f53b4ada8c3d31cc647562d7a54e28ea626e
MD5 hash: 2be0da0c4135514667aa947eec3a04d8
humanhash: gee-three-thirteen-uranus
File name:temp_1781774687144.apk
Download: download sample
Signature Mirax
File size:10'543'555 bytes
First seen:2026-07-02 22:38:50 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 196608:n3SIGw4+np11yqnmxzbrV1IGOpU+Htk5TLLJbZWO:nj7/11mxZ1I2J7WO
TLSH T194B61206FB49E96BC0F767764D764122424B4C268B53D3936F58723C18BBAE04F4AED8
TrID 65.0% (.APK) Android Package (27000/1/5)
25.3% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
9.6% (.ZIP) ZIP compressed archive (4000/1)
Magika unknown
Reporter BastianHein
Tags:apk Mirax

Intelligence


File Origin
# of uploads :
1
# of downloads :
80
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
expand invalid-signature lolbin signed
Result
Application Permissions
send SMS messages (SEND_SMS)
write contact data (WRITE_CONTACTS)
edit SMS or MMS (WRITE_SMS)
directly call phone numbers (CALL_PHONE)
read SMS or MMS (READ_SMS)
receive MMS (RECEIVE_MMS)
read phone state and identity (READ_PHONE_STATE)
take pictures and videos (CAMERA)
receive WAP (RECEIVE_WAP_PUSH)
list accounts (GET_ACCOUNTS)
receive SMS (RECEIVE_SMS)
change your audio settings (MODIFY_AUDIO_SETTINGS)
view network status (ACCESS_NETWORK_STATE)
prevent phone from sleeping (WAKE_LOCK)
view Wi-Fi status (ACCESS_WIFI_STATE)
full Internet access (INTERNET)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
control flashlight (FLASHLIGHT)
control vibrator (VIBRATE)
bluetooth administration (BLUETOOTH_ADMIN)
change Wi-Fi status (CHANGE_WIFI_STATE)
create Bluetooth connections (BLUETOOTH)
C2DM permissions (RECEIVE)
send WAP-PUSH-received broadcast (BROADCAST_WAP_PUSH)
Result
Malware family:
Score:
  10/10
Tags:
family:mirax android collection credential_access defense_evasion discovery evasion execution impact infostealer persistence rat stealth trojan
Behaviour
Checks CPU information
Checks memory information
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Acquires the wake lock
Makes use of the framework's foreground persistence service
Performs UI accessibility actions on behalf of the user
Queries information about active data network
Queries the mobile country code (MCC)
Requests changing the default SMS application.
Requests disabling of battery optimizations (often used to enable hiding in the background).
Loads dropped Dex/Jar
Makes use of the framework's Accessibility service
Obtains sensitive information copied to the device clipboard
Queries information about running processes on the device
Reads the content of SMS inbox messages.
Reads the content of outgoing SMS messages.
Reads the content of the SMS messages.
Removes its main activity from the application launcher
Android Mirax payload
Family: Mirax
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:telebot_framework
Author:vietdx.mb

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments