MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77008928203ea27e10cf340735c461aaadd041dbd7bef6858ea6663d2d76b32b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 18 File information Comments

SHA256 hash:	77008928203ea27e10cf340735c461aaadd041dbd7bef6858ea6663d2d76b32b
SHA3-384 hash:	97484fa9930984bea3e385faafe27bf6adfd23842819e17f7844b7cb9fba696d0a10c9f545a41c0f5d25abbf4be1c9b5
SHA1 hash:	9b853beb33d4132f39517b898096d3aa5de6e57b
MD5 hash:	e46721c80d5a536ec387ed839f26b013
humanhash:	berlin-summer-yellow-pizza
File name:	stage1.txt
Download:	download sample
File size:	44'919'602 bytes
First seen:	2026-06-28 09:47:56 UTC
Last seen:	Never
File type:	macho
MIME type:	application/x-mach-binary
ssdeep	393216:CJzuKHPyTL5KvRD5CA9L0Gs8oGZytLi7p40bt3Q1c6JuuA/2megIn/fVK5:CJz7AFKnlyt8JBQTJuuHme5/Y
TLSH	T1AEA76BE4391EF927E6CD67BC6F612299B224BC001F91D21A14097FA9CD723E9C7335A1
Magika	macho
Reporter	dinth
Tags:	infostealer machO

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a4132a91548daf709fa94b2

Tags:

stealer virus

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-vm expand lolbin masquerade

Link:

https://www.filescan.io/uploads/6a41329bd6442ebceb027cb2/reports/77da8c1d-17ef-434a-b87e-9231ce3c73b1/overview

Verdict:

Malicious

Labled as:

Mac/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/77008928203ea27e10cf340735c461aaadd041dbd7bef6858ea6663d2d76b32b

Verdict:

Malicious

File Type:

macho x64 le

First seen:

2026-06-25T12:36:00Z UTC

Last seen:

2026-06-28T13:35:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/77008928203ea27e10cf340735c461aaadd041dbd7bef6858ea6663d2d76b32b/results?tab=lookup

Score:

52%

Verdict:

Susipicious

File Type:

Mach-O

Link:

https://malprob.io/report/77008928203ea27e10cf340735c461aaadd041dbd7bef6858ea6663d2d76b32b

Gathering data

Threat name:

MacOS.Trojan.Generic

Status:

Suspicious

First seen:

2026-06-25 17:28:54 UTC

File Type:

MachO64 Little (Exe)

AV detection:

6 of 36 (16.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=o4aiskbah2rh4egpgqdtlrdbvkw5aqo3267pnbmouztd2llwwmvq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/77008928203ea27e10cf340735c461aaadd041dbd7bef6858ea6663d2d76b32b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	dependsonpythonailib Create hunting rule
Author:	Tim Brown
Description:	Hunts for dependencies on Python AI libraries

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries

Rule name:	Detect_Go_GOMAXPROCS Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata

Rule name:	GoBinTest Create hunting rule

Rule name:	golang Create hunting rule

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present

Rule name:	Golang_Find_CSC846 Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	html_auto_download_b64 Create hunting rule
Author:	Tdawg
Description:	html auto download

Rule name:	ldpreload Create hunting rule
Author:	xorseed
Reference:	https://stuff.rop.io/

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

Rule name:	test_rule_vldslv Create hunting rule

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via drive-by

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample