MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b730efdc6ca5eedb50c734e63079497b235c3a2ef6f466392402ca2997ba3b22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b730efdc6ca5eedb50c734e63079497b235c3a2ef6f466392402ca2997ba3b22
SHA3-384 hash: 460e33601bca938d26750dc8ad050e83dd9cf6a5813a934ad7989a866f53492dfcf35216b10198bd3b50aa7d5a8090d5
SHA1 hash: 062495037aed68aebe8d0063686abd000e1b2e0b
MD5 hash: 8d33f4e216f08ce9a436e318f70fb91a
humanhash: fix-emma-early-washington
File name:new-bee-china-RELEASE-6004.apk
Download: download sample
File size:99'617'915 bytes
First seen:2025-12-10 09:05:46 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 1572864:T4y82O9sasrli34kHWiogL6Y2k4Rx6CJodXHewgLsaxx9KgrxGiViwQqM7Hce/14:HnO9Mr0kcL6Y2kE1JodusaxbKgt3Viwf
TLSH T172283386F318E91BD0F34631C23602A7B2691D24C783D66F6519B23C59B3AD84762FE7
TrID 35.7% (.APK) Android Package (27000/1/5)
17.8% (.JAR) Java Archive (13500/1/2)
16.5% (.VYM) VYM Mind Map (12500/1/3)
13.9% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
10.5% (.XPI) Mozilla Firefox browser extension (8000/1/1)
Magika apk
Reporter juroots
Tags:apk signed

Code Signing Certificate

Organisation:Unknown
Issuer:Unknown
Algorithm:sha256WithRSAEncryption
Valid from:2020-11-09T05:29:49Z
Valid to:2048-03-27T05:29:49Z
Serial number: 17a952aea58dcd31
Thumbprint Algorithm:SHA256
Thumbprint: 424bc17d54900395f6f3ad0bc47c585d1f1f1d5d2eb818829b3c8610357f852d
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adware base64 crypto evasive finger fingerprint lolbin persistence signed
Link:
https://www.filescan.io/uploads/69393820cf690d27f3dada3e/reports/87e27b64-0df5-4a1e-9de7-88836a95d2bd/overview
Result
Link:
https://incinerator.cloud/#/public/report/8d33f4e216f08ce9a436e318f70fb91a/detail
Application Permissions
take pictures and videos (CAMERA)
read phone state and identity (READ_PHONE_STATE)
read contact data (READ_CONTACTS)
write contact data (WRITE_CONTACTS)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
coarse (network-based) location (ACCESS_COARSE_LOCATION)
fine (GPS) location (ACCESS_FINE_LOCATION)
access location in background (ACCESS_BACKGROUND_LOCATION)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
read external storage contents (READ_EXTERNAL_STORAGE)
Allows an application a broad access to external storage in scoped storage (MANAGE_EXTERNAL_STORAGE)
record audio (RECORD_AUDIO)
modify global system settings (WRITE_SETTINGS)
retrieve running applications (GET_TASKS)
view Wi-Fi status (ACCESS_WIFI_STATE)
full Internet access (INTERNET)
control vibrator (VIBRATE)
prevent phone from sleeping (WAKE_LOCK)
view network status (ACCESS_NETWORK_STATE)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
allow use of fingerprint (USE_FINGERPRINT)
show app notification (READ_APP_BADGE)
change network connectivity (CHANGE_NETWORK_STATE)
reorder applications running (REORDER_TASKS)
C2DM permissions (RECEIVE)
Allows cloud to device messaging (C2D_MESSAGE)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/b730efdc6ca5eedb50c734e63079497b235c3a2ef6f466392402ca2997ba3b22
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Verdict:
Unknown
File Type:
apk
First seen:
2025-11-19T05:30:00Z UTC
Last seen:
2025-12-10T10:15:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/b730efdc6ca5eedb50c734e63079497b235c3a2ef6f466392402ca2997ba3b22/results?tab=lookup
Score:
12%
Verdict:
Benign
File Type:
APK
Link:
https://malprob.io/report/b730efdc6ca5eedb50c734e63079497b235c3a2ef6f466392402ca2997ba3b22
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w4yo7xdmuxxnwughgttda6kjpmrvyoro632gmojealfctf52hmra._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/251210-k232sady9f/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/075f00e7-c65c-4c5b-8e06-0d5fed764d6c
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk b730efdc6ca5eedb50c734e63079497b235c3a2ef6f466392402ca2997ba3b22

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3730841/
  
Delivery method
Distributed via web download

Comments