MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ca1d98dae8fefc4d83ed93cddb1b1682741cb168e460c5e91286e85bd5cadce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AmosStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ca1d98dae8fefc4d83ed93cddb1b1682741cb168e460c5e91286e85bd5cadce
SHA3-384 hash: cd8b14440b58e7ad0c8c243c6b90139d1467e0a2b3811ea9dc8c8a3f5d39ecf13f5998907f10e470098197df279d41a9
SHA1 hash: 682a52a219d812ef7e21ddfed47d67a9aca4e9c0
MD5 hash: 5b74d77757d1c94ee6250df138c58f99
humanhash: seventeen-queen-carolina-spaghetti
File name:install.sh
Download: download sample
Signature AmosStealer
Create hunting rule
File size:119 bytes
First seen:2025-02-12 15:27:15 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:3JyKFKuVIAHOyOmW2BbRALpHg8RIVIAHDaFOdUAHZIAn:3JZFZ4ynW23Txa4
TLSH T146B01272C430C02111F10C442101E040DDF140700BD483436034CC303EB4420CE4E30D
Magika shell
Reporter aachum
Tags:AmosStealer macOS sh


Avatar
iamaachum
https://applepistudios.com/ce/install.sh

C2: http://82.115.223.9/contact\
URLMalware sample (SHA256 hash)SignatureTags
https://applepistudios.com/ce/updaten/an/aAmosStealer macho

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
ES ES
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67acbddb4f5583c4c4d86beblinux22vpnfull_triage
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67acbde74d32c7a4e2bb5b41/reports/946850ce-d6e3-4821-ad31-c5f4891be8d7/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/3ca1d98dae8fefc4d83ed93cddb1b1682741cb168e460c5e91286e85bd5cadce
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ca1d98dae8fefc4d83ed93cddb1b1682741cb168e460c5e91286e85bd5cadce/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hsq5tdnor7x4jwb63e6n3mnrnatudsywrzdayxurfbxilpk4vxha._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/250212-svxkesxmcw/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Amos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3ca1d98dae8fefc4d83ed93cddb1b1682741cb168e460c5e91286e85bd5cadce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AmosStealer

sh 3ca1d98dae8fefc4d83ed93cddb1b1682741cb168e460c5e91286e85bd5cadce

(this sample)

AmosStealer

php macho b50f754f4b646d433a013191d4fe005638bbcde4626ea9f4d9fe6bcba6138f03

  
Link
https://tria.ge/250212-sr3l9sxkar/
  
Delivery method
Distributed via web download
  
Dropping
MD5 44b0f8a7ecacef3484590e1b399234e1
  
Dropping
SHA256 b50f754f4b646d433a013191d4fe005638bbcde4626ea9f4d9fe6bcba6138f03

Comments