MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa2a7e4f080ce26715e69732901e80ef2d44f0666fa25c41ee52da9e7c2c4388. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa2a7e4f080ce26715e69732901e80ef2d44f0666fa25c41ee52da9e7c2c4388
SHA3-384 hash: 0228372d1ac6faec4305856c02e6f0133933088c2f3ed7d10d334de976d45a28c97483416382680803fe56ce9e5189d4
SHA1 hash: 95c0d163fa2e3eadfb08cb6e5eaa0f8993ef601c
MD5 hash: 023ec2bcfcb3480eeb68726671ff1ce8
humanhash: hydrogen-quiet-dakota-india
File name:khrum.apk
Download: download sample
File size:955'714 bytes
First seen:2026-06-25 17:36:38 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 12288:jGLT/7gLM2n3qUUu8MM+QAM+tPi/chqk3L3K7AGXrJIW0rS0uhfmXytl2o3q0AwZ:4/FDu8MM+QArPhqsLaUoqnrS79XLGHc
TLSH T1601533D7A7A2DAB7C20BB77D03C8C37BE730558A82AD952BA154D8725C3147EBF00654
TrID 77.1% (.JAR) Java Archive (13500/1/2)
22.8% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter BastianHein
Tags:apk Oblivion signed

Code Signing Certificate

Organisation:9h9bhac3
Issuer:9h9bhac3
Algorithm:sha384WithRSAEncryption
Valid from:2026-05-27T12:16:08Z
Valid to:2053-10-12T12:16:08Z
Serial number: ce5501b8173f993a
Thumbprint Algorithm:SHA256
Thumbprint: 815b73ac1c02b40c623ecfa219fdbfd6326fe48ce9ce12905efd84f87177a7dd
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Android.Spy.1597.origin.10656.17295.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Android.Spy.1597.origin.7730.422.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
signed
Link:
https://www.filescan.io/uploads/6a3d672bee92ec5c8e32d273/reports/5a5ad6a1-49cd-491c-a95e-8b281017dc92/overview
Result
Link:
https://incinerator.cloud/#/public/report/023ec2bcfcb3480eeb68726671ff1ce8/detail
Application Permissions
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
full Internet access (INTERNET)
Verdict:
Malicious
File Type:
apk
First seen:
2026-06-16T05:05:00Z UTC
Last seen:
2026-06-25T23:42:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/fa2a7e4f080ce26715e69732901e80ef2d44f0666fa25c41ee52da9e7c2c4388/results?tab=lookup
Score:
92%
Verdict:
Malware
File Type:
APK
Link:
https://malprob.io/report/fa2a7e4f080ce26715e69732901e80ef2d44f0666fa25c41ee52da9e7c2c4388
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa2a7e4f080ce26715e69732901e80ef2d44f0666fa25c41ee52da9e7c2c4388/
Threat name:
Android.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-06-16 09:23:49 UTC
File Type:
Binary (Archive)
Extracted files:
42
AV detection:
6 of 36 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ivh4tyibtrgofpgs4zjahua54wuj4dgn6rfyqpoklnj47bmioea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fa2a7e4f080ce26715e69732901e80ef2d44f0666fa25c41ee52da9e7c2c4388

File information

The table below shows additional information about this malware sample such as delivery method and external references.

apk fa2a7e4f080ce26715e69732901e80ef2d44f0666fa25c41ee52da9e7c2c4388

(this sample)

apk 62f841f620cea0ce084274878184808bd346da7195edb079a81ceb7fe346bb75

  
Dropping
SHA256 62f841f620cea0ce084274878184808bd346da7195edb079a81ceb7fe346bb75
  
Dropping
MD5 9f53dceee7e9e285f93e75ca1a2fe023

Comments