MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8dcf4ee90bbfbd52c182aa80974381871fbc2f9b34b4e81dbcc4eed9777212e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Crocodilus

Vendor detections: 7

Intelligence 7 IOCs YARA 2 File information Comments

SHA256 hash:	c8dcf4ee90bbfbd52c182aa80974381871fbc2f9b34b4e81dbcc4eed9777212e
SHA3-384 hash:	402d122c27b00889bb41b2dfb307a9663cec638950a4fb8ada4943c226aec102657db9fc39a392e815848d3ed5e7f8a6
SHA1 hash:	25617baf83f298e7e1ea085a298bac115cbe0600
MD5 hash:	dc966268be1c40447c73bfc01808dd83
humanhash:	asparagus-venus-massachusetts-hawaii
File name:	rVwMwHK.apk
Download:	download sample
Signature	Crocodilus Create hunting rule
File size:	2'277'512 bytes
First seen:	2025-05-31 13:15:14 UTC
Last seen:	Never
File type:	apk
MIME type:	application/zip
ssdeep	49152:NgmxffHxRfadELjtNOMIZXLttqmENqbpU5Mub1MyUinCEB3kOA5Drz:TffRRYELjzObZXLjqviU5MQ1VZB0OApn
TLSH	T1CCB5F143E708A86EC5F783368B7A462A9516DD668343E7934D54B3383DBB9C01E46FC8
TrID	49.0% (.APK) Android Package (27000/1/5) 24.5% (.JAR) Java Archive (13500/1/2) 19.0% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3) 7.2% (.ZIP) ZIP compressed archive (4000/1)
Magika	apk
Reporter	BastianHein
Tags:	apk Crocodilus

Intelligence

File Origin

# of uploads :

# of downloads :

5'357

Origin country :

Vendor Threat Intelligence

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

android bankbot signed

Link:

https://www.filescan.io/uploads/683b136cfd02ed5e0591ab12/reports/4d29dd69-22c0-4ad9-8e1a-ccd6a28cd339/overview

Result

Link:

https://incinerator.cloud/#/public/report/dc966268be1c40447c73bfc01808dd83/detail

Application Permissions

read SMS or MMS (READ_SMS)

read phone state and identity (READ_PHONE_STATE)

receive WAP (RECEIVE_WAP_PUSH)

take pictures and videos (CAMERA)

receive SMS (RECEIVE_SMS)

send SMS messages (SEND_SMS)

edit SMS or MMS (WRITE_SMS)

directly call phone numbers (CALL_PHONE)

read contact data (READ_CONTACTS)

write contact data (WRITE_CONTACTS)

prevent phone from sleeping (WAKE_LOCK)

full Internet access (INTERNET)

view network status (ACCESS_NETWORK_STATE)

automatically start at boot (RECEIVE_BOOT_COMPLETED)

send SMS-received broadcast (BROADCAST_SMS)

Score:

100%

Verdict:

Malware

File Type:

APK

Link:

https://malprob.io/report/c8dcf4ee90bbfbd52c182aa80974381871fbc2f9b34b4e81dbcc4eed9777212e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c8dcf4ee90bbfbd52c182aa80974381871fbc2f9b34b4e81dbcc4eed9777212e/

Threat name:

Android.Infostealer.Anubis

Status:

Malicious

First seen:

2025-05-29 10:53:12 UTC

File Type:

Binary (Archive)

Extracted files:

454

AV detection:

6 of 23 (26.09%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zdopj3uqxp55klayfkuas5bydby7xqxzwnfu5ao3zrho3f3xeexa._file

Result

Malware family:

crocodilus

Score:

10/10

Tags:

family:crocodilus android banker evasion impact infostealer rat trojan

Link:

https://tria.ge/reports/250531-rxjwnsbj8x/

Behaviour

Uses Crypto APIs (Might try to encrypt user data)

Loads dropped Dex/Jar

Crocodilus

Crocodilus family

Crocodilus payload

Malware Config

C2 Extraction:

http://7162abdd9fd6e28.click

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/2e21e60b-df67-483c-ab6e-9e4f3b1a61d1

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/c8dcf4ee90bbfbd52c182aa80974381871fbc2f9b34b4e81dbcc4eed9777212e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Packer_Android Create hunting rule
Author:	R3R0K
Description:	Android.Packer_Android

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample