MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8613819cb4978591f4d98edd56bf3fdcc9f52245778416406d5b1e582a7024b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AmosStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8613819cb4978591f4d98edd56bf3fdcc9f52245778416406d5b1e582a7024b
SHA3-384 hash: 56278c3fc1072149a2094e3b8d7e861bef5ebe700f1e0ace9dc106667740e57ac49ba67b986847d61f2a4e44673639f4
SHA1 hash: c42095e7214c65536e405d1bc7f39afe9fcdb61e
MD5 hash: 78e59679cfdbfc2832feaf9b918edb81
humanhash: comet-nebraska-dakota-venus
File name:Hisefuhu
Download: download sample
Signature AmosStealer
Create hunting rule
File size:551'072 bytes
First seen:2026-03-02 10:35:09 UTC
Last seen:Never
File type:php macho
MIME type:application/x-mach-binary
ssdeep 12288:OlJw8AF9MMVLW4s2SEv8LWiR6/8JGYPdzj:OlnhU0ii
TLSH T116C44B2720796440FC4532B9FBCBB6FBAE103D7207BC94B89E81C72359FA2759A4514B
TrID 82.2% (.DYLIB) Mac OS X Mach-O universal Dynamically linked shared Library (32500/1/5)
17.7% (.O/DYLIB/BUNDLE) Mac OS X Universal Binary (generic) (7002/2)
Magika macho
Reporter BlinkzSec
Tags:144-172-92-231 AmosStealer machO

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
ES ES
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.MacOS.Stealer-FS.35497937.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a567ee002d37d5c982a467
Tags:
stealer virus
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
amos stealer
Link:
https://www.filescan.io/uploads/69a567e310e80629d4f85f65/reports/a7d00a8b-154b-4919-8912-2ec0a4001614/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/c8613819cb4978591f4d98edd56bf3fdcc9f52245778416406d5b1e582a7024b
Verdict:
Malicious
File Type:
macho fat
First seen:
2026-02-10T10:30:00Z UTC
Last seen:
2026-02-10T17:25:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-PSW.OSX.Amos.bg
Link:
https://opentip.kaspersky.com/c8613819cb4978591f4d98edd56bf3fdcc9f52245778416406d5b1e582a7024b/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
Mach-O universal binary
Link:
https://malprob.io/report/c8613819cb4978591f4d98edd56bf3fdcc9f52245778416406d5b1e582a7024b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8613819cb4978591f4d98edd56bf3fdcc9f52245778416406d5b1e582a7024b/
Verdict:
Malicious
Threat:
Family.AMOSSTEALER
Link:
https://tip.neiki.dev/file/c8613819cb4978591f4d98edd56bf3fdcc9f52245778416406d5b1e582a7024b
Threat name:
MacOS.Trojan.Amos
Create hunting rule
Status:
Malicious
First seen:
2026-02-10 16:20:51 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zbqtqgoljf4fsh2ntdw5k27t7xgj6urek54eczag2wy6lavhajfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/c8613819cb4978591f4d98edd56bf3fdcc9f52245778416406d5b1e582a7024b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AmosStealer

php macho c8613819cb4978591f4d98edd56bf3fdcc9f52245778416406d5b1e582a7024b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3788346/
  
URLhaus
https://urlhaus.abuse.ch/url/3788481/
  
URLhaus
https://urlhaus.abuse.ch/url/3788482/

Comments