MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f31ee868127fb5d76cda34e369cb95be0f483577e0cf8c7332d38deef4d7384b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	f31ee868127fb5d76cda34e369cb95be0f483577e0cf8c7332d38deef4d7384b
SHA3-384 hash:	c4986a6b2bb5791edefb2a3c692ad4028a2dea4671d584aefee404a4734a1f31ca71cb347873afcffd2da35e8ce380bd
SHA1 hash:	1c2e6c65fcb8f6673c2da2b7d268b0e7852188cc
MD5 hash:	17fe15a096f7e236fb1a2626443020a3
humanhash:	illinois-uranus-stream-spring
File name:	clean.apk
Download:	download sample
File size:	13'210'994 bytes
First seen:	2025-12-08 12:22:45 UTC
Last seen:	Never
File type:	apk
MIME type:	application/zip
ssdeep	393216:vIMI95jarR4gF0CT7zu2R8UumpawSVAyGoXyaReyidfNF:vInyrNSY7zP82CAXeJR4
TLSH	T1FAD62306F748E01EC5BBC0334E77027511950D46D9A6EB232A69B21C9EBBE888F4DFC5
TrID	42.8% (.APK) Android Package (27000/1/5) 21.4% (.JAR) Java Archive (13500/1/2) 16.6% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3) 12.6% (.XPI) Mozilla Firefox browser extension (8000/1/1) 6.3% (.ZIP) ZIP compressed archive (4000/1)
Magika	apk
Reporter	juroots
Tags:	apk signed

Code Signing Certificate

Organisation:	zhangshuo
Issuer:	zhangshuo
Algorithm:	sha256WithRSAEncryption
Valid from:	2015-11-02T06:48:12Z
Valid to:	2115-10-09T06:48:12Z
Serial number:	0b466a73
Thumbprint Algorithm:	SHA256
Thumbprint:	d669b9dd5bcdc24e4777bbb6ada44bfb558f510b150aa0f72f828b3ace2883ca
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

android base64 crypto evasive fingerprint signed

Link:

https://www.filescan.io/uploads/6936c34bbc15eab491f71164/reports/76a19626-f2b6-48f4-810b-c7355dcf3bb8/overview

Result

Link:

https://incinerator.cloud/#/public/report/17fe15a096f7e236fb1a2626443020a3/detail

Application Permissions

read external storage contents (READ_EXTERNAL_STORAGE)

read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)

mount and unmount file systems (MOUNT_UNMOUNT_FILESYSTEMS)

Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)

coarse (network-based) location (ACCESS_COARSE_LOCATION)

display system-level alerts (SYSTEM_ALERT_WINDOW)

retrieve running applications (GET_TASKS)

measure application storage space (GET_PACKAGE_SIZE)

kill background processes (KILL_BACKGROUND_PROCESSES)

full Internet access (INTERNET)

view network status (ACCESS_NETWORK_STATE)

view Wi-Fi status (ACCESS_WIFI_STATE)

prevent phone from sleeping (WAKE_LOCK)

change network connectivity (CHANGE_NETWORK_STATE)

reorder applications running (REORDER_TASKS)

control vibrator (VIBRATE)

create Bluetooth connections (BLUETOOTH)

change your audio settings (MODIFY_AUDIO_SETTINGS)

change Wi-Fi status (CHANGE_WIFI_STATE)

delete all application cache data (CLEAR_APP_CACHE)

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/f31ee868127fb5d76cda34e369cb95be0f483577e0cf8c7332d38deef4d7384b

Verdict:

Unknown

File Type:

apk

Link:

https://opentip.kaspersky.com/f31ee868127fb5d76cda34e369cb95be0f483577e0cf8c7332d38deef4d7384b/results?tab=lookup

Score:

69%

Verdict:

Susipicious

File Type:

APK

Link:

https://malprob.io/report/f31ee868127fb5d76cda34e369cb95be0f483577e0cf8c7332d38deef4d7384b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f31ee868127fb5d76cda34e369cb95be0f483577e0cf8c7332d38deef4d7384b/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6mpoq2asp625o3g2gtrwts4vxyhuqnlx4dhyy4zs2og655gxhbfq._file

Gathering data

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/423ec05d-be35-4de7-a4dc-cdc3d6ecbd1e

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.30

Link:

https://yomi.yoroi.company/submissions/f31ee868127fb5d76cda34e369cb95be0f483577e0cf8c7332d38deef4d7384b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk f31ee868127fb5d76cda34e369cb95be0f483577e0cf8c7332d38deef4d7384b

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3729248/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample