MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1de4f9db04929d9086e5aaa88d154f2b3a7d59eadad80e58dec31538fc5aa5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1de4f9db04929d9086e5aaa88d154f2b3a7d59eadad80e58dec31538fc5aa5b
SHA3-384 hash: 0af1e45f16cc0474ada71e6d5b9b98006c5cf83d0b117d0cd90085810949e80dab22fce32a415aa2403776913371f9a2
SHA1 hash: cb0a131b390c6ffc864f2cd649db96a3a282c1ce
MD5 hash: 1f60c0eb1572277499f26e4fc6c9f935
humanhash: purple-jersey-edward-red
File name:d_android.apk
Download: download sample
File size:36'171'732 bytes
First seen:2026-04-14 05:55:30 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 786432:2V17kPygbOgDX2zddNWJmZG1aAyKs8patb+f1Thgbtif4lEd1VREyEb:2V1AyWOgb2zRkEA9ZayThStiftVFEb
TLSH T1BF87338AF748DA2FC437753249BA2671428B4D068E839797A9047F0C6DBB5C40F5AFC9
TrID 40.0% (.APK) Android Package (27000/1/5)
20.0% (.JAR) Java Archive (13500/1/2)
18.5% (.VYM) VYM Mind Map (12500/1/3)
15.5% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
5.9% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter Anonymous
Tags:apk signed tag:DDosia

Code Signing Certificate

Organisation:Android Debug
Issuer:Android Debug
Algorithm:sha256WithRSAEncryption
Valid from:2025-11-19T13:39:15Z
Valid to:2055-11-12T13:39:15Z
Serial number: 01
Intelligence: 419 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 8ffb17ec34cef2afab1da23fd69a349391db0a721360cff47bca1255d5c623d6
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
DK DK
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 crypto ddosia evasive expand fingerprint lolbin signed
Link:
https://www.filescan.io/uploads/69ddd6ded920e19044faf694/reports/c4b0968e-d7d7-4861-a9bf-b25f06f917bc/overview
Result
Link:
https://incinerator.cloud/#/public/report/1f60c0eb1572277499f26e4fc6c9f935/detail
Application Permissions
read external storage contents (READ_EXTERNAL_STORAGE)
view network status (ACCESS_NETWORK_STATE)
full Internet access (INTERNET)
prevent phone from sleeping (WAKE_LOCK)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/b1de4f9db04929d9086e5aaa88d154f2b3a7d59eadad80e58dec31538fc5aa5b
Verdict:
Clean
File Type:
apk
Link:
https://opentip.kaspersky.com/b1de4f9db04929d9086e5aaa88d154f2b3a7d59eadad80e58dec31538fc5aa5b/results?tab=lookup
Score:
97%
Verdict:
Malware
File Type:
APK
Link:
https://malprob.io/report/b1de4f9db04929d9086e5aaa88d154f2b3a7d59eadad80e58dec31538fc5aa5b
Gathering data
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/b1de4f9db04929d9086e5aaa88d154f2b3a7d59eadad80e58dec31538fc5aa5b
Threat name:
Linux.Trojan.DDosia
Create hunting rule
Status:
Malicious
First seen:
2025-11-27 14:46:43 UTC
File Type:
Binary (Archive)
Extracted files:
969
AV detection:
4 of 36 (11.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=whpe7hnqjeu5scdolkviruku6kz2pvm6vwwybzmn5qyvhd6fvjnq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
android
Link:
https://tria.ge/reports/260414-gmtysacz5k/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b1de4f9db04929d9086e5aaa88d154f2b3a7d59eadad80e58dec31538fc5aa5b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments