MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6149bacfb02eb3db6f95947bc57d89bfb92b90f16f92a61266ea6fbec81d10b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6149bacfb02eb3db6f95947bc57d89bfb92b90f16f92a61266ea6fbec81d10b7
SHA3-384 hash: 9f8af1e3107c7f2614cb3b36bea18d3c974d963b293bfefb8bd21c7aead060d96dd168f62d228467e80976596ad771b5
SHA1 hash: 57ba15d54018b6870fe27dbf2475a0a4d540511e
MD5 hash: 788332a83e8c9cfa0d78ddf8a27bd4be
humanhash: papa-nine-robert-dakota
File name:AM Management _Strategic OTC Collaboration Proposal.docx.scpt
Download: download sample
File size:136'732 bytes
First seen:2025-10-21 17:49:14 UTC
Last seen:Never
File type:
MIME type:application/octet-stream
ssdeep 3072:lOkDhLpp+gpDUhGqQcFO95rAhU1mgRmdXVb:lOkDFqIxchUpRmX
TLSH T10BD34AAA23E12628ED57B8F5C2CBDB7177B360205E7B48056BC68FF9434D4709BD6224
Magika unknown
Reporter moonlock_lab
Tags:DPRK macOS scpt


Avatar
moonlock_lab
Likely an initial infection vector from DPRK campaign, might be delivered via email or other social platforms.

Intelligence

File Origin
# of uploads :
1
# of downloads :
159
Origin country :
UA UA
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68f86e81ad6ce0f5ad40916a
Tags:
virus agent
Verdict:
Unknown
File Type:
unknown
Link:
https://opentip.kaspersky.com/6149bacfb02eb3db6f95947bc57d89bfb92b90f16f92a61266ea6fbec81d10b7/results?tab=lookup
Gathering data
Threat name:
MacOS.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-10-16 10:55:24 UTC
File Type:
Binary
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mfe3vt5qf2z5w34vsr54k7mjx64sxehrn6jkmetg5jx35sa5cc3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/6149bacfb02eb3db6f95947bc57d89bfb92b90f16f92a61266ea6fbec81d10b7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://x.com/moonlock_lab/status/1980683916571996312
  
X
https://x.com/moonlock_lab/status/1980683916571996312
  
X
https://x.com/moonlock_lab/status/1980683916571996312
  
Delivery method
Other

Comments