MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d79c24c70a0806514ed9b228afe795723ec88a212c2042eb0dd764dd403c4ba9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d79c24c70a0806514ed9b228afe795723ec88a212c2042eb0dd764dd403c4ba9
SHA3-384 hash: 4c3f705f4c4ab6cad198bef5f3008e38851774ad60cd1f8c29b9bd5caf12c3ac98029eb09bc1b7f0565a45dd07306440
SHA1 hash: eac986c66ced8151a4bbe5fcf162d79fe4b70d0e
MD5 hash: e3087590986bb8ad49da7b8cfe08dfbc
humanhash: yellow-ohio-wisconsin-yellow
File name:d79c24c70a0806514ed9b228afe795723ec88a212c2042eb0dd764dd403c4ba9
Download: download sample
File size:15'164'039 bytes
First seen:2025-09-16 20:27:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:NxiRWwIBRQ4gZAkAA2OtM9SbSm4+QuNk/Z4wWtOvJ25jf5mE/O9BRIIcqnsv4JnI:NIRWwGKAkAOZC+Qr4GS5mESUwhDtJ/g
TLSH T13EE622D6F7C9992FC4375032C9BA56F652874C528E838F436945720C69BBAD80F4AFC8
TrID 60.6% (.APK) Android Package (27000/1/5)
30.3% (.JAR) Java Archive (13500/1/2)
8.9% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter P4nd3m1cb0y
Tags:android apk NFC phantomcard zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
US US
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6894bf881e8a59ee04e728ed
Tags:
emotet java
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
base64 crypto evasive expand fingerprint lolbin signed
Link:
https://www.filescan.io/uploads/68c9c87a0d1238ff0aad3d3e/reports/6e22c89b-c541-4ed4-8d98-6fa3984ed01e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d79c24c70a0806514ed9b228afe795723ec88a212c2042eb0dd764dd403c4ba9
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d79c24c70a0806514ed9b228afe795723ec88a212c2042eb0dd764dd403c4ba9
Verdict:
Unknown
File Type:
apk
Link:
https://opentip.kaspersky.com/d79c24c70a0806514ed9b228afe795723ec88a212c2042eb0dd764dd403c4ba9/results?tab=lookup
Score:
96%
Verdict:
Malware
File Type:
APK
Link:
https://malprob.io/report/d79c24c70a0806514ed9b228afe795723ec88a212c2042eb0dd764dd403c4ba9
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d79c24c70a0806514ed9b228afe795723ec88a212c2042eb0dd764dd403c4ba9/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=26ocjrykbadfctwzwiuk7z4voi7mrcrbfqqef2yn25sn2qb4jouq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
DriveBy Activity
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/d79c24c70a0806514ed9b228afe795723ec88a212c2042eb0dd764dd403c4ba9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://x.com/P4nd3m1cb0y/status/1968049145543119146

Comments


Avatar
commented on 2025-09-17 00:57:33 UTC

IP: 181.41.200.116
RELEVANT PORTS
0: 3000
Type: HTML
Directory: /
URLParameters: step=cartao-aproximado
1: 1285
Type: WebSocket