MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ede7f3ece611ba6c1ac4a02cf6a618b4ebd7eec6d9426b2baab3b5e26246e275. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ede7f3ece611ba6c1ac4a02cf6a618b4ebd7eec6d9426b2baab3b5e26246e275
SHA3-384 hash: 8948d6fa4f49224b6bfe6fcc946f3f71b126e16b85949f0a11231f0392da18420e534c9539c8792f8b017070eb18ca8b
SHA1 hash: 9bf5f405fd26370268c85620b85a32dbca797495
MD5 hash: e0d34c4285e457ef2a69d01e23b4a9a6
humanhash: don-pennsylvania-south-yellow
File name:com.apple.icloud.sync
Download: download sample
File size:673'216 bytes
First seen:2026-04-01 19:11:59 UTC
Last seen:Never
File type:php macho
MIME type:application/x-mach-binary
ssdeep 6144:3qBnkfzKkJ2C6D9PVQIygQd39UvPW55Sq0qR2GFaMwSI6z7WUjP:aBnkfzvJ2C09dqdNQP+5wS2GnZzSgP
TLSH T1AFE409232344A624C17AF2FA124B4B1CAF72FD51C3A507E63769906ECFB53115E25BCA
TrID 82.2% (.DYLIB) Mac OS X Mach-O universal Dynamically linked shared Library (32500/1/5)
17.7% (.O/DYLIB/BUNDLE) Mac OS X Universal Binary (generic) (7002/2)
Magika macho
Reporter smica83
Tags:DPRK machO

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
HU HU
Vendor Threat Intelligence
Gathering data
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69cd6e173a18a6e1ddf06a9d
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
masquerade threat unknown
Link:
https://www.filescan.io/uploads/69cd6e162346b9da57b7a3eb/reports/405bb7c7-4e6a-44fb-a99d-c9ac9546c37a/overview
Verdict:
Malicious
Labled as:
Mac/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/ede7f3ece611ba6c1ac4a02cf6a618b4ebd7eec6d9426b2baab3b5e26246e275
Verdict:
Clean
File Type:
macho fat
Link:
https://opentip.kaspersky.com/ede7f3ece611ba6c1ac4a02cf6a618b4ebd7eec6d9426b2baab3b5e26246e275/results?tab=lookup
Score:
98%
Verdict:
Malware
File Type:
Mach-O universal binary
Link:
https://malprob.io/report/ede7f3ece611ba6c1ac4a02cf6a618b4ebd7eec6d9426b2baab3b5e26246e275
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ede7f3ece611ba6c1ac4a02cf6a618b4ebd7eec6d9426b2baab3b5e26246e275/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/ede7f3ece611ba6c1ac4a02cf6a618b4ebd7eec6d9426b2baab3b5e26246e275
Threat name:
MacOS.Trojan.NukeSped
Create hunting rule
Status:
Malicious
First seen:
2026-03-31 23:02:23 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
2 of 38 (5.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5xt7h3hgcg5gygweuawpnjqywtv5p3wg3fbgwk5kwo26eysg4j2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/ede7f3ece611ba6c1ac4a02cf6a618b4ebd7eec6d9426b2baab3b5e26246e275

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:XCSSET_Strings
Create hunting rule
Author:@is_henderson
Description:Rule based on deob strings - easymode

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments