MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dafc00c3c65b1abe74a9933c3ff94455fee4e982e16f4378748997664facb6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MacSync

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	3dafc00c3c65b1abe74a9933c3ff94455fee4e982e16f4378748997664facb6c
SHA3-384 hash:	a7f588808af0b18071975729bc982744b48d0388da22d8dea3ec6284976a97ee69ed95cf24040067f7f6438e5f9bcdec
SHA1 hash:	172d5f187f313fdaa025ba89a8d966b08bf01c68
MD5 hash:	c1cdb1625b98d2bf531971ea8bd2637f
humanhash:	butter-vegan-nineteen-bluebird
File name:	Trezor Suite
Download:	download sample
Signature	MacSync Create hunting rule
File size:	139'120 bytes
First seen:	2025-12-11 12:43:15 UTC
Last seen:	Never
File type:	macho
MIME type:	application/x-mach-binary
ssdeep	768:B7nsrz9lGl0fPl1111111111111111YtswMZEefQXll0KRrkFvwNLsB:9G1111111111111111Yt0fQiJS
TLSH	T152D3C5DB6B08054BC59E217B83A603C26233F36D59F1433E015496446FA77DFA36F68A
TrID	82.2% (.DYLIB) Mac OS X Mach-O universal Dynamically linked shared Library (32500/1/5) 17.7% (.O/DYLIB/BUNDLE) Mac OS X Universal Binary (generic) (7002/2)
Magika	macho
Reporter	0xb0mb3r
Tags:	machO macOS MacSync stealer trojan

0x_b0mb3r

Trojanized version of trezor hardware wallet companion. deployed by MacSync Stealer payload

Intelligence

File Origin

# of uploads :

# of downloads :

117

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=693abc67bde6a3e5971040a2

Tags:

n/a

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/693abc681eac7b9b76a5bc25/reports/91337846-c9fb-4291-a2b6-952758dcf620/overview

Verdict:

Malicious

Labled as:

Trojan.MAC.Odyssey.Generic

Link:

https://www.hybrid-analysis.com/sample/3dafc00c3c65b1abe74a9933c3ff94455fee4e982e16f4378748997664facb6c

Verdict:

Malicious

File Type:

macho fat

First seen:

2025-12-11T10:32:00Z UTC

Last seen:

2025-12-11T12:15:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-PSW.OSX.FakeWallet.a

Link:

https://opentip.kaspersky.com/3dafc00c3c65b1abe74a9933c3ff94455fee4e982e16f4378748997664facb6c/results?tab=lookup

Score:

97%

Verdict:

Malware

File Type:

Mach-O universal binary

Link:

https://malprob.io/report/3dafc00c3c65b1abe74a9933c3ff94455fee4e982e16f4378748997664facb6c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3dafc00c3c65b1abe74a9933c3ff94455fee4e982e16f4378748997664facb6c/

Verdict:

Malicious

Threat:

Trojan-PSW.OSX.FakeWallet

Link:

https://tip.neiki.dev/file/3dafc00c3c65b1abe74a9933c3ff94455fee4e982e16f4378748997664facb6c

Threat name:

MacOS.Trojan.Generic

Status:

Suspicious

First seen:

2025-12-11 12:44:16 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

6 of 24 (25.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hwx4adb4mwy2xz2ktez4h74uivp64tuyfylpin4hjcmxmzh2znwa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3dafc00c3c65b1abe74a9933c3ff94455fee4e982e16f4378748997664facb6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample