MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a42eece43aad2e2a2f98d41b1b48025c252452318a864d32d0f9156adaabe65b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a42eece43aad2e2a2f98d41b1b48025c252452318a864d32d0f9156adaabe65b
SHA3-384 hash: adc70db920a5bd2b51f3caf6a7cf80096bac43f39f2252f6d3a998c231921998e11b044e30c65107ab32410822c678ea
SHA1 hash: 6900bf0b0551abe56dacfdb8182eec3429de68fb
MD5 hash: cddd5a271ee05b7b7945d3dfce33e50e
humanhash: bakerloo-lake-bakerloo-nevada
File name:shell
Download: download sample
File size:8'127'522 bytes
First seen:2025-09-04 15:01:36 UTC
Last seen:2025-09-06 13:45:20 UTC
File type:php macho
MIME type:application/x-mach-binary
ssdeep 98304:9q6sbbTAsaNn7WCNreZlaqiWvAEIuwMywGv0wCs:9VsbbTAsaNn8Ww7FwM5I6s
TLSH T1E8866D647D0DF467EB8DB5792F3263D835297C805B82C3071518BB6E9EF2BA84B22570
Magika macho
Reporter marsomx
Tags:FakeCaptcha machO meshsorterio-com

Intelligence

File Origin
# of uploads :
2
# of downloads :
38
Origin country :
IT IT
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68b9a9e6eb163e0ec1845878
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
expand lolbin threat
Link:
https://www.filescan.io/uploads/68b9a9e21c81c34281de99fb/reports/ac68af0e-1c66-40c8-8505-8c1fba4e858a/overview
Verdict:
Malicious
Labled as:
OSX_Packed_Obfuscated_A_suspicious
Link:
https://www.hybrid-analysis.com/sample/a42eece43aad2e2a2f98d41b1b48025c252452318a864d32d0f9156adaabe65b
Verdict:
Malicious
File Type:
macho x64 le
First seen:
2025-08-29T16:18:00Z UTC
Last seen:
2025-08-29T16:18:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.OSX.Agent.gen
Link:
https://opentip.kaspersky.com/a42eece43aad2e2a2f98d41b1b48025c252452318a864d32d0f9156adaabe65b/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
Mach-O
Link:
https://malprob.io/report/a42eece43aad2e2a2f98d41b1b48025c252452318a864d32d0f9156adaabe65b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a42eece43aad2e2a2f98d41b1b48025c252452318a864d32d0f9156adaabe65b/
Threat name:
MacOS.PUA.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-29 11:32:29 UTC
File Type:
MachO64 Little (Exe)
AV detection:
10 of 24 (41.67%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uqxozzb2vuxcul4y2qnrwsaclqssiurrrkde2mwq7ekwvwvl4znq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a42eece43aad2e2a2f98d41b1b48025c252452318a864d32d0f9156adaabe65b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:DetectGoMethodSignatures
Create hunting rule
Author:Wyatt Tauber
Description:Detects Go method signatures in unpacked Go binaries
Rule name:Detect_Golang_Binary
Create hunting rule
Author:Andrew Morrow
Description:Detects binaries compiled with Go
Rule name:Detect_Go_GOMAXPROCS
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
Rule name:GoBinTest
Create hunting rule
Rule name:golang_binary_string
Create hunting rule
Description:Golang strings present
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments