MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 14 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270
SHA3-384 hash: 231300f712505055d2611fe45bb607cf6c2e05c7948ad3de27054dd1b67bc93640407cf85dc440531609ee3e580ca7a8
SHA1 hash: db077e20e429b93d9b1187cf09869544d83dbe02
MD5 hash: 7bd3201946ef8b8a836bc2f951923adc
humanhash: vermont-georgia-lamp-stream
File name:driver_arm
Download: download sample
File size:5'830'370 bytes
First seen:2026-04-07 23:15:16 UTC
Last seen:Never
File type:php macho
MIME type:application/x-mach-binary
ssdeep 49152:yUqZRvEFx7nIhqLg+Eo6+IFVXX/itd64AmqQ235EoqM:yUqZaFxLwqLg+2+IFxigmgEoqM
TLSH T121466A45BD2D6562D5C976781F6653943339EC088F82C3262628BB3DFEF23588B23761
Magika macho
Reporter johnk3r
Tags:89-36-224-5 byte-io-us datahub-ink loud-sync-online machO minirat

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69d590216a61012f6acfe662
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm base64 expand fingerprint lolbin
Link:
https://www.filescan.io/uploads/69d5900f2346b9da57c69379/reports/bdb3b367-51a9-4846-a1dc-29280ec03c5d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270
Verdict:
Malicious
File Type:
macho x64 le
First seen:
2026-04-08T15:30:00Z UTC
Last seen:
2026-04-08T16:05:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270/results?tab=lookup
Score:
97%
Verdict:
Malware
File Type:
Mach-O
Link:
https://malprob.io/report/0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270
Threat name:
MacOS.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-04-07 23:15:43 UTC
File Type:
MachO64 Little (Exe)
AV detection:
9 of 37 (24.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bkflhullclj2iu7olizar7qeorfnkriu56hke65y7yzgphx22jya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:DetectGoMethodSignatures
Create hunting rule
Author:Wyatt Tauber
Description:Detects Go method signatures in unpacked Go binaries
Rule name:Detect_Go_GOMAXPROCS
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
Rule name:Detect_PowerShell_Obfuscation
Create hunting rule
Author:daniyyell
Description:Detects obfuscated PowerShell commands commonly used in malicious scripts.
Rule name:GoBinTest
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:golang_binary_string
Create hunting rule
Description:Golang strings present
Rule name:Golang_Find_CSC846
Create hunting rule
Author:Ashar Siddiqui
Description:Find Go Signatuers
Rule name:Golang_Find_CSC846_Simple
Create hunting rule
Author:Ashar Siddiqui
Description:Find Go Signatuers
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments