MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cca2eeac64728e61d1e301401045bbb2f8ead75cd481f1b54ff3ba02bba299eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 4 File information Comments

SHA256 hash: cca2eeac64728e61d1e301401045bbb2f8ead75cd481f1b54ff3ba02bba299eb
SHA3-384 hash: 2e474881ae7dee5ef50cca9f423a1842118a0b1340fcebcac64c3da85466b920b76262cdf5ab55a2162ee8cd66b98535
SHA1 hash: b1b9665b2e95ead14c942d417440056e773828e8
MD5 hash: d178a644aacd5fccd3a043a09782ecb3
humanhash: stream-dakota-mexico-kansas
File name:cca2eeac64728e61d1e301401045bbb2f8ead75cd481f1b54ff3ba02bba299eb
Download: download sample
File size:627'768 bytes
First seen:2026-07-15 08:30:46 UTC
Last seen:Never
File type:php macho
MIME type:application/x-mach-binary
ssdeep 12288:B+pW4RfhTpZAz/vKDEcStbhpQs1C7L+/8VO2nfk7OHDZkHF1IpXlf811:BIhTpZM/yEc/sA7tY2nfkCSe211
TLSH T125D46D2B0261B09CE586803073DB66B39E20F57D69667C1B27E1DB353EB9DB1831A317
Magika macho
Reporter Anonymous
Tags:machO

Intelligence


File Origin
# of uploads :
1
# of downloads :
88
Origin country :
EG EG
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
99.1%
Tags:
ransomware stealer virus
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
base64 bash lolbin
Verdict:
Malicious
File Type:
macho x64 le
First seen:
2026-06-15T07:48:00Z UTC
Last seen:
2026-07-16T19:02:00Z UTC
Hits:
~10
Threat name:
MacOS.Trojan.Multiverze
Status:
Malicious
First seen:
2026-04-28 11:33:26 UTC
File Type:
MachO64 Little (Exe)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:ldpreload
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:RANSOMWARE
Author:ToroGuitar

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments