MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbd6c516a908658a0cd636856341db09e3f2e67a5a9be9fd1e121992c51da0c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



IRATA


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash: bbd6c516a908658a0cd636856341db09e3f2e67a5a9be9fd1e121992c51da0c7
SHA3-384 hash: 484e15382b4fb6d0d23e645ef4dff704bdc5a3aa65dff3f9834fdf352ece110919795eb3d643a20fe1e9b330f69c622f
SHA1 hash: ce75c2b0b449f81be11284adac579a70bcc7d1e3
MD5 hash: 3960b401fc189fd957564c0348550f2b
humanhash: virginia-network-hamper-east
File name:AndroidAuto.apk
Download: download sample
Signature IRATA
File size:6'204'201 bytes
First seen:2026-06-24 18:12:43 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 98304:YctGbZgi40QT8nBP2BPv3tVooAlHAVdrwr1/RkgOqJd4bS306zShQvOsBMFIk:1nynBelvtVN161/RkgOSBMQvDMqk
TLSH T139562346FA93E89ACCF6C33140B60B39613A1E2AD34793476375B6F468BBAE447471C1
TrID 60.6% (.APK) Android Package (27000/1/5)
30.3% (.JAR) Java Archive (13500/1/2)
8.9% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter BastianHein
Tags:apk IRATA signed

Code Signing Certificate

Organisation:dpt
Issuer:dpt
Algorithm:sha256WithRSAEncryption
Valid from:2024-11-05T12:52:39Z
Valid to:2049-10-30T12:52:39Z
Serial number: 01
Intelligence: 465 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: b8d25b845f276e25851f7a86261fc9c98ed4802240c31b21d466958d5e25096c
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence


File Origin
# of uploads :
1
# of downloads :
137
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
evasive fingerprint persistence signed
Result
Application Permissions
read SMS or MMS (READ_SMS)
read contact data (READ_CONTACTS)
read phone state and identity (READ_PHONE_STATE)
directly call phone numbers (CALL_PHONE)
send SMS messages (SEND_SMS)
receive SMS (RECEIVE_SMS)
read external storage contents (READ_EXTERNAL_STORAGE)
write contact data (WRITE_CONTACTS)
full Internet access (INTERNET)
prevent phone from sleeping (WAKE_LOCK)
control vibrator (VIBRATE)
view network status (ACCESS_NETWORK_STATE)
allow use of fingerprint (USE_FINGERPRINT)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
C2DM permissions (RECEIVE)
Allows cloud to device messaging (C2D_MESSAGE)
Verdict:
Malicious
File Type:
apk
First seen:
2026-06-21T16:24:00Z UTC
Last seen:
2026-06-25T23:49:00Z UTC
Hits:
~10
Threat name:
Android.Trojan.Egairtigado
Status:
Malicious
First seen:
2026-06-21 20:05:00 UTC
File Type:
Binary (Archive)
Extracted files:
210
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Result
Malware family:
Score:
  10/10
Tags:
family:irata android infostealer rat trojan
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments