MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dbb1e32c62ab33822baeb4f35744075831f17af8a0b6303c1dcd389d41dc5eaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dbb1e32c62ab33822baeb4f35744075831f17af8a0b6303c1dcd389d41dc5eaa
SHA3-384 hash: 02d05bcbd8ae8a141b8b8f809f428fdff6fe6e03abaf87e2a2d74c99c99667fefe7d38f49b396840ec11fdda2f429416
SHA1 hash: 6427f1b20fdb667d340cf1672669db5c72d7a223
MD5 hash: 4d8fd8e875d4e5379fdac97b4088a1e2
humanhash: texas-missouri-hamper-burger
File name:app (10).apk
Download: download sample
File size:14'260'167 bytes
First seen:2025-06-30 18:13:24 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 393216:iMtGgA+E2etAByjHMR9/rfz2gpDn7BvuC9OUWli5hxZ34ay3aT:ioJE2etYyAR9/pjOJKzKad
TLSH T1FBE63387EB5AE963E1A7D63743BE415B56198C84C753F3831B94B12C1DB3AC08786EC8
TrID 43.5% (.APK) Android Package (27000/1/5)
21.7% (.JAR) Java Archive (13500/1/2)
16.9% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
11.2% (.MAFF) Mozilla Archive Format (gen) (7000/1/1)
6.4% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter mohit
Tags:android apk chinese malware

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
IN IN
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 crypto evasive fingerprint signed
Link:
https://www.filescan.io/uploads/6862d4027423ff017c37961e/reports/71ca955b-aa5c-4b32-915b-ffb92019a64e/overview
Result
Link:
https://incinerator.cloud/#/public/report/4d8fd8e875d4e5379fdac97b4088a1e2/detail
Application Permissions
read phone state and identity (READ_PHONE_STATE)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
read external storage contents (READ_EXTERNAL_STORAGE)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)
read sensitive log data (READ_LOGS)
write contact data (WRITE_CONTACTS)
take pictures and videos (CAMERA)
record audio (RECORD_AUDIO)
list accounts (GET_ACCOUNTS)
directly call phone numbers (CALL_PHONE)
coarse (network-based) location (ACCESS_COARSE_LOCATION)
fine (GPS) location (ACCESS_FINE_LOCATION)
modify global system settings (WRITE_SETTINGS)
view network status (ACCESS_NETWORK_STATE)
full Internet access (INTERNET)
view Wi-Fi status (ACCESS_WIFI_STATE)
change network connectivity (CHANGE_NETWORK_STATE)
control vibrator (VIBRATE)
change your audio settings (MODIFY_AUDIO_SETTINGS)
change Wi-Fi status (CHANGE_WIFI_STATE)
prevent phone from sleeping (WAKE_LOCK)
control flashlight (FLASHLIGHT)
directly install applications (INSTALL_PACKAGES)
Score:
94%
Verdict:
Malware
File Type:
APK
Link:
https://malprob.io/report/dbb1e32c62ab33822baeb4f35744075831f17af8a0b6303c1dcd389d41dc5eaa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dbb1e32c62ab33822baeb4f35744075831f17af8a0b6303c1dcd389d41dc5eaa/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3oy6gldcvmzyek5owtzvorahlay7c6xyuc3dapa5zu4j2qo4l2va._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
android collection credential_access defense_evasion discovery evasion impact persistence
Link:
https://tria.ge/reports/250630-wvb59shr8w/
Behaviour
Checks CPU information
Checks memory information
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Queries information about active data network
Queries the mobile country code (MCC)
Queries the unique device ID (IMEI, MEID, IMSI)
Checks Android system properties for emulator presence.
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Checks if the Android device is rooted.
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/c0f7d6c7-0469-49f1-8740-21f381ddbf69
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/dbb1e32c62ab33822baeb4f35744075831f17af8a0b6303c1dcd389d41dc5eaa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments