MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdcd06685d903376381212452bb6b89d36f8fd836a37cb2a6d92393d0ae5ed77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdcd06685d903376381212452bb6b89d36f8fd836a37cb2a6d92393d0ae5ed77
SHA3-384 hash: 819be211f7627feda730e38be513d7c0372280e29354a41311d86328a92aeb6ac9485d4d1546425467b5f4e212413b29
SHA1 hash: 56888307781f48e7eeeb0d12a48f1989b79be557
MD5 hash: c15afea92911c651863e7e12c66d496e
humanhash: summer-sierra-aspen-missouri
File name:RoyalMatkaApp.apk
Download: download sample
File size:18'365'248 bytes
First seen:2025-11-22 11:15:17 UTC
Last seen:Never
File type: apk
MIME type:application/zip
ssdeep 393216:cQomyW2zi+koeumK8lpyZPeA3dijdzpVt2T:c1WooK8l4ZfwZLt2T
TLSH T1F507229EF368E92EC43390364D6A1232155B0D62FA42E7776938731C78B7AD44F49BC8
TrID 65.0% (.APK) Android Package (27000/1/5)
25.3% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
9.6% (.ZIP) ZIP compressed archive (4000/1)
Magika apk
Reporter juroots
Tags:apk

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
RO RO
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
base64 crypto evasive finger fingerprint lolbin signed
Link:
https://www.filescan.io/uploads/69219c45f96b58f0dc7ff7fe/reports/f676d00e-ce08-4214-8219-1b810f6c2fa9/overview
Result
Link:
https://incinerator.cloud/#/public/report/c15afea92911c651863e7e12c66d496e/detail
Application Permissions
record audio (RECORD_AUDIO)
read external storage contents (READ_EXTERNAL_STORAGE)
read/modify/delete external storage contents (WRITE_EXTERNAL_STORAGE)
Allows an application to request installing packages. (REQUEST_INSTALL_PACKAGES)
full Internet access (INTERNET)
allow use of fingerprint (USE_FINGERPRINT)
view network status (ACCESS_NETWORK_STATE)
prevent phone from sleeping (WAKE_LOCK)
C2DM permissions (RECEIVE)
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/fdcd06685d903376381212452bb6b89d36f8fd836a37cb2a6d92393d0ae5ed77
Score:
11%
Verdict:
Benign
File Type:
APK
Link:
https://malprob.io/report/fdcd06685d903376381212452bb6b89d36f8fd836a37cb2a6d92393d0ae5ed77
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fdcd06685d903376381212452bb6b89d36f8fd836a37cb2a6d92393d0ae5ed77/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7xgqm2c5sazxmoascjcsxnvytu3pr7mdni34wktnsi4t2cxf5v3q._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
android discovery
Link:
https://tria.ge/reports/251122-ndj6jsgp9v/
Behaviour
Acquires the wake lock
Queries information about active data network
Verdict:
Unknown
Tags:
stealer
YARA:
MacoOS_CthulhuStealer
Link:
https://app.threat.zone/submission/b8f166d8-922f-4b77-906f-eeea7ab00501
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

apk fdcd06685d903376381212452bb6b89d36f8fd836a37cb2a6d92393d0ae5ed77

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3714111/
  
Delivery method
Distributed via web download

Comments