MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1c3a8818024ee86480bb83ea405ba2d9f96ea279e5cf9df19b3d3cb934ec42d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1c3a8818024ee86480bb83ea405ba2d9f96ea279e5cf9df19b3d3cb934ec42d
SHA3-384 hash: 209cee3a7de6eb79c6f09f23cd4dc0450686475ac4658db493aec3aa5698bde6f68a975ed7bd48de7adffc30d76d2cfe
SHA1 hash: e991fe047582dfa7d20285ca51b698dba7184ace
MD5 hash: 0f81a6f1767a5ec25eb985e742e59474
humanhash: nebraska-whiskey-cardinal-massachusetts
File name:Cuanto sabes de Historia.apk
Download: download sample
File size:6'463'442 bytes
First seen:2025-12-01 20:34:01 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 196608:lbJ1HoTMckDEhdOYNclXTX5/NPwT8xijUv30:l9KtNclXTJuTVUv0
TLSH T120561282FB58E42AC577C03386B50636625A5D4CCB45E3537ADDB32C9AF7AC44AC4BC8
TrID 40.0% (.APK) Android Package (27000/1/5)
20.0% (.JAR) Java Archive (13500/1/2)
18.5% (.VYM) VYM Mind Map (12500/1/3)
15.5% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
5.9% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter juroots
Tags:apk signed

Code Signing Certificate

Organisation:
Issuer:
Algorithm:sha256WithRSAEncryption
Valid from:2018-07-25T17:49:08Z
Valid to:2043-07-19T17:49:08Z
Serial number: 2ed41c95
Thumbprint Algorithm:SHA256
Thumbprint: d4bcffaacac87c929ba7787ec2e3755909d492a0d7b94605ee7525ce2db4e468
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
IL IL
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug base64 crypto evasive fingerprint obfuscated signed
Link:
https://www.filescan.io/uploads/692dfbe1b16a21848e68ef00/reports/c14d6391-2585-4f2b-81c5-1382a1881b87/overview
Result
Link:
https://incinerator.cloud/#/public/report/0f81a6f1767a5ec25eb985e742e59474/detail
Application Permissions
read external storage contents (READ_EXTERNAL_STORAGE)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
read phone state and identity (READ_PHONE_STATE)
control vibrator (VIBRATE)
view network status (ACCESS_NETWORK_STATE)
full Internet access (INTERNET)
prevent phone from sleeping (WAKE_LOCK)
C2DM permissions (RECEIVE)
Allows cloud to device messaging (C2D_MESSAGE)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/b1c3a8818024ee86480bb83ea405ba2d9f96ea279e5cf9df19b3d3cb934ec42d
Verdict:
Unknown
File Type:
apk
Link:
https://opentip.kaspersky.com/b1c3a8818024ee86480bb83ea405ba2d9f96ea279e5cf9df19b3d3cb934ec42d/results?tab=lookup
Score:
53%
Verdict:
Susipicious
File Type:
APK
Link:
https://malprob.io/report/b1c3a8818024ee86480bb83ea405ba2d9f96ea279e5cf9df19b3d3cb934ec42d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1c3a8818024ee86480bb83ea405ba2d9f96ea279e5cf9df19b3d3cb934ec42d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=whb2ramaetximsalxa7kibn2fwpzn2rhtzoptxyzwpj4xe2oyqwq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
android collection credential_access defense_evasion discovery evasion impact persistence
Link:
https://tria.ge/reports/251201-zdb1qavrdr/
Behaviour
Checks CPU information
Checks memory information
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Queries information about active data network
Queries the mobile country code (MCC)
Acquires the wake lock
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Queries information about running processes on the device
Checks if the Android device is rooted.
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b027aaab-94f4-4472-9027-edb20c77f8ac
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.67
Link:
https://yomi.yoroi.company/submissions/b1c3a8818024ee86480bb83ea405ba2d9f96ea279e5cf9df19b3d3cb934ec42d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk b1c3a8818024ee86480bb83ea405ba2d9f96ea279e5cf9df19b3d3cb934ec42d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3722950/
  
Delivery method
Distributed via web download

Comments