MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfee6ea9cafc674b93a8460b9e6beea7f0eb0c28e28d1190309347fd1514dbb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dfee6ea9cafc674b93a8460b9e6beea7f0eb0c28e28d1190309347fd1514dbb6
SHA3-384 hash: 4a0c959343df66a63461bf05e2121861286744976a9374b35b7922662e90ccefff8b691bf11450194c65b0f0f7cf0e95
SHA1 hash: 0d55ba7883b0732bf99cc0aa8d9e85fb5c56513a
MD5 hash: c2e5c4adad409d2bc85d8a10ed424786
humanhash: vermont-skylark-speaker-lake
File name:TeamsApp.zip
Download: download sample
File size:1'931'674 bytes
First seen:2026-04-21 17:59:05 UTC
Last seen:2026-04-23 08:13:36 UTC
File type: zip
MIME type:application/zip
ssdeep 49152:xzLptb3G987QsMvsI6i++7HQA2lHzqJLjjw44G5B44N:xzLptb3+sB+7Hj2pILjjwyBh
TLSH T16095339BC0A9181EE10C657B84D1B9FA4C2926B6FD0E21CE469C45D843FB5F9CDCF682
Magika zip
Reporter mauroeldritch
Tags:DPRK Mach-O Man macOS zip


Avatar
mauroeldritch
Lazarus' Mach-O Man Stage 2 - Fake Teams App downloaded by teamsSDK.bin

Intelligence

File Origin
# of uploads :
3
# of downloads :
282
Origin country :
UY UY
File Archive Information

This file archive contains 7 file(s), sorted by their relevance:

File name:Assets.car
File size:190'504 bytes
SHA256 hash: fb0a2954908884840414b31e4011fbdda3f289e7fd23c7ef8341956c451c3340
MD5 hash: d1c1082d2b8efab225c257777da7c6fd
MIME type:application/octet-stream
File name:Appicon.png
File size:58'126 bytes
SHA256 hash: 2e7a135fd0f374080c3451e90fc93fabac77b787e22e1ad6b9d692f46906b699
MD5 hash: 7da2bef93d773273699561ff3460fb99
MIME type:image/png
File name:TeamApp
File size:2'163'360 bytes
SHA256 hash: da4c156e240ba254f2a88ecd980cc5c1410814745ac08ddc68abb2d19eff277c
MD5 hash: 5ea8f313a51ded53f6f6754e9adf659d
MIME type:application/x-mach-binary
File name:AppIcon.icns
File size:88'186 bytes
SHA256 hash: 2b3b0d33ced2dd5b570e4289facf16ad9b3ecdfd32a7b23a9ef07caabe378793
MD5 hash: 6a22ba1a7104701236e54a1787defc98
MIME type:image/x-icns
File name:Info.plist
File size:1'377 bytes
SHA256 hash: fdebd69dff07886d04f6419c9966021c8791d71ecea871d857e01febde6efc0c
MD5 hash: 0d93f7fb23d9b98abea1842112aed93b
MIME type:text/xml
File name:PkgInfo
File size:8 bytes
SHA256 hash: 82502191c9484b04d685374f9879a0066069c49b8acae7a04b01d38d07e8eca0
MD5 hash: 23b7d7d024abb0f558420e098800bf27
MIME type:text/plain
File name:CodeResources
File size:3'124 bytes
SHA256 hash: 1f4092801240942f0b813ea31d5f7d0347ccdfaa640281af6865d1ee6ba96732
MD5 hash: 1c997d9979020df01ea70a8926e1f5e2
MIME type:text/xml
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/ee8a77af-9486-4e97-b8a9-a062fa7e7d0a/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6997d15ec950ab5d9aafa22f
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/dfee6ea9cafc674b93a8460b9e6beea7f0eb0c28e28d1190309347fd1514dbb6
Verdict:
Malicious
File Type:
zip
First seen:
2026-04-22T08:05:00Z UTC
Last seen:
2026-04-22T08:21:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/dfee6ea9cafc674b93a8460b9e6beea7f0eb0c28e28d1190309347fd1514dbb6/results?tab=lookup
Score:
83%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/dfee6ea9cafc674b93a8460b9e6beea7f0eb0c28e28d1190309347fd1514dbb6
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Zip Archive
Link:
https://app.malva.re/file/c2e5c4adad409d2bc85d8a10ed424786
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dfee6ea9cafc674b93a8460b9e6beea7f0eb0c28e28d1190309347fd1514dbb6/
Threat name:
MacOS.Trojan.NukeSpeed
Create hunting rule
Status:
Malicious
First seen:
2026-04-21 17:59:29 UTC
File Type:
Binary (Archive)
Extracted files:
23
AV detection:
7 of 37 (18.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=37xg5kok7rtuxe5iiyfz427ou7yowdbi4kgrdebqsnd72fiu3o3a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
macos
Link:
https://tria.ge/reports/260421-xec83aax7j/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dfee6ea9cafc674b93a8460b9e6beea7f0eb0c28e28d1190309347fd1514dbb6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectTelegramTokens
Create hunting rule
Author:TTK
Description:Detect Telegram Bot Tokens (TTK)
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:telegram_bot_api
Create hunting rule
Author:rectifyq
Description:Detects file containing Telegram Bot API
Rule name:test_something_rule
Create hunting rule
Author:test
Rule name:Weedhack_Family_Generic
Create hunting rule
Author:jlab
Description:Generic Weedhack family detection

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://any.run/cybersecurity-blog/lazarus-macos-malware-mach-o-man/
  
Dropped by
Mach-O Man
  
Delivery method
Other

Comments