MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f668ba1794464bcdb5a2428dfcc7230a3aaee208e917ef4b7d2a34e0d3ec3c22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MacSync


Vendor detections: 8


Intelligence 8 IOCs YARA 20 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f668ba1794464bcdb5a2428dfcc7230a3aaee208e917ef4b7d2a34e0d3ec3c22
SHA3-384 hash: 621df0b35251808c4f1e253fc4d1063dae4c3ddce3275e83da2ca034f0a3225323ee5f89375fca32c428399f280f30f3
SHA1 hash: 9717c293d4908b58bfad964e28d73240b61441fa
MD5 hash: 31aa8d08e52a8491dbe507e9b5ab6b0d
humanhash: island-skylark-ceiling-ohio
File name:SPAM.zip
Download: download sample
Signature MacSync
Create hunting rule
File size:185'287 bytes
First seen:2026-04-15 11:24:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:6XOkeC5cz2Iq3dkiAmT1MdtesGkVisxEzi1la8NUoqRqlIfoN3HuITkX:6X95M2dBTpkVn9HtDqwN3HQX
TLSH T1B004222C52A56C1FD9F56FFB9FC927C2C1ACF436D62CC986300992901BC5CAE538662D
Magika zip
Reporter JAMESWT_WT
Tags:ALL MacSync MacSync-Stealer zip zipped

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
IT IT
File Archive Information

This file archive contains 13 file(s), sorted by their relevance:

File name:a08f80d89df04f503711b12fbd317dcc1b8c6e93c91d56f1393a495a41d0f818.sh
File size:1'446 bytes
SHA256 hash: a08f80d89df04f503711b12fbd317dcc1b8c6e93c91d56f1393a495a41d0f818
MD5 hash: a7397fd869bb33c13fa4bd845cc8cabb
MIME type:text/x-shellscript
Signature MacSync
File name:f5471a00bb6cdaf01e44311c04de2e66c6f92ccc4b8e42bbb1bcb4e48f86ef3e
File size:50'320 bytes
SHA256 hash: f5471a00bb6cdaf01e44311c04de2e66c6f92ccc4b8e42bbb1bcb4e48f86ef3e
MD5 hash: 18c5bcbae0dc94147a15838fe8b4279c
MIME type:application/x-mach-binary
Signature MacSync
File name:8809d3421c09669f88330adf3007b933abec13bf6ed105a785a97c7df2625301.osacript
File size:35'814 bytes
SHA256 hash: 8809d3421c09669f88330adf3007b933abec13bf6ed105a785a97c7df2625301
MD5 hash: 00b09a930ce5ffa9c304c636a783bc36
MIME type:text/plain
Signature MacSync
File name:c99e428528208565a51e34518b90e835e39d150fce729846a46e2f657c4b093b.sh
File size:1'450 bytes
SHA256 hash: c99e428528208565a51e34518b90e835e39d150fce729846a46e2f657c4b093b
MD5 hash: 66459a3577da51fd5d36252be37121d2
MIME type:text/x-shellscript
Signature MacSync
File name:93caa4d9bf4bf9412a2200afd334a5a839d8e488f8a7eda5c479bc9590757e6c.sh
File size:1'450 bytes
SHA256 hash: 93caa4d9bf4bf9412a2200afd334a5a839d8e488f8a7eda5c479bc9590757e6c
MD5 hash: 89cd106522464f79f783b031d7449a69
MIME type:text/x-shellscript
Signature MacSync
File name:6f33360d3a3dc60454a64d74e1ac586f6a184b3886df46471b10e520c5fe0644.vba
File size:35'607 bytes
SHA256 hash: 6f33360d3a3dc60454a64d74e1ac586f6a184b3886df46471b10e520c5fe0644
MD5 hash: 3e54a15863075466749f7d833f9b48f0
MIME type:text/plain
Signature MacSync
File name:58a327a07bd10e46951c452e7ca3261f59d2fb71864db6091cd09dc7fb6565ce.sh
File size:1'444 bytes
SHA256 hash: 58a327a07bd10e46951c452e7ca3261f59d2fb71864db6091cd09dc7fb6565ce
MD5 hash: 65a4e1e3a9cf1196274d5314528aa589
MIME type:text/x-shellscript
Signature MacSync
File name:a0cb3fefdb5c4fcc0ff9ad271be92a8bec06010501a03a808548da527236a972.sh
File size:1'434 bytes
SHA256 hash: a0cb3fefdb5c4fcc0ff9ad271be92a8bec06010501a03a808548da527236a972
MD5 hash: 5db52fc2645bd69b3e8b5cdf3f3b7f82
MIME type:text/x-shellscript
Signature MacSync
File name:f80ff072316e2d62490df743cbd5363bfb6ec5459409cc162d0602f7a1c607bb
File size:8'936 bytes
SHA256 hash: f80ff072316e2d62490df743cbd5363bfb6ec5459409cc162d0602f7a1c607bb
MD5 hash: d79abf51b21fa607f2c463c309c144da
MIME type:application/x-mach-binary
Signature MacSync
File name:26133e5ab0aca6665ddf99fe9c3d260c7ac402e321047e744f3949fb795f03d1.sh
File size:1'434 bytes
SHA256 hash: 26133e5ab0aca6665ddf99fe9c3d260c7ac402e321047e744f3949fb795f03d1
MD5 hash: e68be00a43d884175f102e50a508db52
MIME type:text/x-shellscript
Signature MacSync
File name:69ef599a58d03b3ff11947589162943110fa91ea734faf121787ee9aa34d8d0e.sh
File size:1'432 bytes
SHA256 hash: 69ef599a58d03b3ff11947589162943110fa91ea734faf121787ee9aa34d8d0e
MD5 hash: e58d91ef40850e7aabde1ec25ad2fe59
MIME type:text/x-shellscript
Signature MacSync
File name:421e31c6b98a4133ef4a8a92efa9f3488dc5aa2867eb83cc3ea928ed59116b5d.sh
File size:1'440 bytes
SHA256 hash: 421e31c6b98a4133ef4a8a92efa9f3488dc5aa2867eb83cc3ea928ed59116b5d
MD5 hash: 728ff67bdad1b3f523a6e45935bcb82d
MIME type:text/x-shellscript
Signature MacSync
File name:47a5467c35b34a28035d82ad75b75a3c1b26bdc6891e1e342db7d4a94f31ed82.dmg
File size:165'927 bytes
SHA256 hash: 47a5467c35b34a28035d82ad75b75a3c1b26bdc6891e1e342db7d4a94f31ed82
MD5 hash: 4751708675acf38a37791bc9881b97fd
MIME type:application/zlib
Signature MacSync
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/1fe05300-768e-4aa2-8f5b-9382393468df/
Detection(s):
Macos.Trojan.AMOS-10057844-0
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69df75a2f68adfe1003a06fb
Tags:
malware
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f668ba1794464bcdb5a2428dfcc7230a3aaee208e917ef4b7d2a34e0d3ec3c22
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/f668ba1794464bcdb5a2428dfcc7230a3aaee208e917ef4b7d2a34e0d3ec3c22
Score:
81%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/f668ba1794464bcdb5a2428dfcc7230a3aaee208e917ef4b7d2a34e0d3ec3c22
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f668ba1794464bcdb5a2428dfcc7230a3aaee208e917ef4b7d2a34e0d3ec3c22/
Threat name:
MacOS.Trojan.MacSyncStealer
Create hunting rule
Status:
Malicious
First seen:
2026-04-15 11:26:10 UTC
File Type:
Binary (Archive)
Extracted files:
29
AV detection:
18 of 36 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6zuluf4uizf43nncikg7zrzdbi5k5yqi5el66s35fi2obu7mhqra._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/260415-n9pqxadt2l/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f668ba1794464bcdb5a2428dfcc7230a3aaee208e917ef4b7d2a34e0d3ec3c22

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:evilcrackz
Create hunting rule
Author:stu
Description:test - file evilcrackz.macho
Reference:https://github.com/Neo23x0/yarGen
Rule name:INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs
Create hunting rule
Author:ditekSHen
Description:Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
Rule name:INDICATOR_SUSPICIOUS_Binary_Embedded_MFA_Browser_Extension_IDs
Create hunting rule
Author:ditekSHen
Description:Detect binaries embedding considerable number of MFA browser extension IDs.
Rule name:INDICATOR_SUSPICIOUS_Go_Infostealer_Discord_Generic
Create hunting rule
Author:Yara Rule Generator
Description:Detects a Go-based infostealer that targets Discord tokens by locating the 'Local State' file, decrypting the master key with DPAPI, and exfiltrating tokens.
Reference:Internal analysis of decompiled code. Generic version.
Rule name:Macos_Infostealer_Wallets_8e469ea0
Create hunting rule
Author:Elastic Security
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments