MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de2ef69a5c7ccae38bf78c537829bc426908defe4331d9959332ce4b89c70054. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de2ef69a5c7ccae38bf78c537829bc426908defe4331d9959332ce4b89c70054
SHA3-384 hash: accd6c330beef6f074234b262d25b4fad53e2d7db83b23647f0f80acc3582d67b154a9401f5760402ab888defe52609d
SHA1 hash: d7a9209f36975ad3e0c21a10c1fb6a012d043663
MD5 hash: c218ddacf50108ae4e1685ef918f5034
humanhash: muppet-aspen-magazine-emma
File name:Sotarmaf.apk
Download: download sample
File size:762'913 bytes
First seen:2024-02-20 15:28:22 UTC
Last seen:2025-03-24 04:12:37 UTC
File type: apk
MIME type:application/zip
ssdeep 12288:bIfe2hSvoLbyoIRIsyMEuYze2hSvoLbyole2hSvoLbyoEoyK6CjoX371SQU:UfLBbeIsyMHYzLBb3LBb+G6971Sz
TLSH T104F4232A20D7CB12D5A2C6F8B4931CE116378B8D69557FD80079BC8FEE184C0EB556BB
TrID 63.7% (.APK) Android Package (32500/1/6)
26.4% (.JAR) Java Archive (13500/1/2)
7.8% (.ZIP) ZIP compressed archive (4000/1)
1.9% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter MrMalware
Tags:android apk LockScreen Ransomware signed

Code Signing Certificate

Organisation:Android
Issuer:Android
Algorithm:sha1WithRSAEncryption
Valid from:2008-02-29T01:33:46Z
Valid to:2035-07-17T01:33:46Z
Serial number: 936eacbe07f201df
Intelligence: 1801 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
4
# of downloads :
1'311
Origin country :
CL CL
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
android
Link:
https://www.filescan.io/uploads/65d4c5457ec1345fd981458f/reports/5f7e04ac-4b20-445d-a4ef-30e1835fe6a1/overview
Result
Link:
https://incinerator.cloud/#/public/report/c218ddacf50108ae4e1685ef918f5034/detail
Application Permissions
display system-level alerts (SYSTEM_ALERT_WINDOW)
automatically start at boot (RECEIVE_BOOT_COMPLETED)
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1395413
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
n/a
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/de2ef69a5c7ccae38bf78c537829bc426908defe4331d9959332ce4b89c70054
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/de2ef69a5c7ccae38bf78c537829bc426908defe4331d9959332ce4b89c70054/
Threat name:
Android.Ransomware.Congur
Create hunting rule
Status:
Malicious
First seen:
2024-01-20 20:39:53 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3yxpngs4ptfohc7xrrjxqkn4ijuqrxx6imy5tfmtglhexcohabka._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
android
Link:
https://tria.ge/reports/240220-swwdraae9w/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
SNC
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/de2ef69a5c7ccae38bf78c537829bc426908defe4331d9959332ce4b89c70054

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments