3318c614fa7d74b71c81f0e5532cc27e
Hash
- MD5: 3318c614fa7d74b71c81f0e5532cc27e
- SHA1: 0614fe623f6014bccae634e15e3c883a41aa89ee
- SHA256: a35d2b67fa478a7174e308b43ce30bf69b3bc6f44fa76197fdf95fc2fbc1cf5b
- First Seen: 2026-05-27
- Last Seen: 2026-05-27
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "a35d2b67fa478a7174e308b43ce30bf69b3bc6f44fa76197fdf95fc2fbc1cf5b",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/a35d2b67fa478a7174e308b43ce30bf69b3bc6f44fa76197fdf95fc2fbc1cf5b"
},
"attributes": {
"trid": [
{
"file_type": "Mac OS X Mach-O 64-bit ARM executable",
"probability": 100.0
}
],
"first_submission_date": 1778227610,
"type_tags": [
"executable",
"mac",
"macho"
],
"unique_sources": 1,
"last_submission_date": 1778227610,
"type_description": "Mach-O",
"sandbox_verdicts": {
"Zenbox macOS": {
"category": "harmless",
"malware_classification": [
"CLEAN"
],
"sandbox_name": "Zenbox macOS",
"confidence": 98
}
},
"times_submitted": 1,
"vhash": "5ec1315c81eda7419ee2cdd7ac6193aa",
"last_analysis_stats": {
"malicious": 28,
"suspicious": 0,
"undetected": 32,
"harmless": 0,
"timeout": 0,
"confirmed-timeout": 0,
"failure": 2,
"type-unsupported": 13
},
"total_votes": {
"harmless": 0,
"malicious": 1
},
"md5": "3318c614fa7d74b71c81f0e5532cc27e",
"popular_threat_classification": {
"suggested_threat_label": "trojan.minirat/godoor",
"popular_threat_category": [
{
"value": "trojan",
"count": 18
}
],
"popular_threat_name": [
{
"value": "minirat",
"count": 10
},
{
"value": "godoor",
"count": 2
},
{
"value": "gorat",
"count": 2
}
]
},
"type_tag": "macho",
"filecondis": {
"raw_md5": "1089c751b1fbbc94b733c38f1c7282a5",
"dhash": "00203c3e2e252000"
},
"magika": "MACHO",
"reputation": -1,
"sha256": "a35d2b67fa478a7174e308b43ce30bf69b3bc6f44fa76197fdf95fc2fbc1cf5b",
"size": 5830322,
"last_modification_date": 1779628812,
"detectiteasy": {
"filetype": "Mach-O64",
"values": [
{
"info": "EXECUTE64",
"type": "Operation system",
"name": "macOS"
}
]
},
"meaningful_name": "a.out",
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260523",
"category": "undetected",
"result": null
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260524",
"category": "malicious",
"result": "Trojan.OSX.Minirat.m!c"
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260524",
"category": "malicious",
"result": "Trojan.Generic.39937509"
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260524",
"category": "malicious",
"result": "macho.trojan.minirat"
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260523",
"category": "undetected",
"result": null
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260523",
"category": "undetected",
"result": null
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260523",
"category": "malicious",
"result": "Trojan.Generic.39937509"
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.235",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260522",
"category": "undetected",
"result": null
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "undetected",
"result": null
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.53.59597",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.53.59598",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1213",
"engine_update": "20260522",
"category": "undetected",
"result": null
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260524",
"category": "malicious",
"result": "OSX/Agent.GT trojan"
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260515",
"category": "malicious",
"result": "MacOS:Minirat-A [Trj]"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260524",
"category": "malicious",
"result": "Malicious (score: 99)"
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260524",
"category": "malicious",
"result": "HEUR:Backdoor.OSX.GoDoor.ag"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260524",
"category": "malicious",
"result": "Trojan.Generic.39937509"
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260521",
"category": "undetected",
"result": null
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260524",
"category": "malicious",
"result": "Backdoor.MiniRAT/OSX!1.13E12 (CLASSIC)"
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260523",
"category": "malicious",
"result": "OSX/GoRat-E"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260524",
"category": "malicious",
"result": "Trojan.TR/OSX.Minirat.A"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260524",
"category": "malicious",
"result": "Trojan.Generic.39937509"
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14532",
"engine_update": "20260524",
"category": "malicious",
"result": "ti!A35D2B67FA47"
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "undetected",
"result": null
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260524",
"category": "malicious",
"result": "Trojan.Generic.39937509 (B)"
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.4.16.0",
"engine_update": "20260524",
"category": "malicious",
"result": "Trojan.OSX.Agent"
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44659AVA:64.31297",
"engine_update": "20260524",
"category": "malicious",
"result": "Trojan.Generic.39937509"
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260523",
"category": "undetected",
"result": null
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260524",
"category": "malicious",
"result": "iOS/ABTrojan.SWOK-"
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260524",
"category": "malicious",
"result": "TR/OSX.Minirat.A"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.245.174",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38674",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260524",
"category": "malicious",
"result": "Trojan.Generic.D26165E5"
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260523",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107030",
"engine_update": "20260523",
"category": "malicious",
"result": "OSX/GoRat-E"
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260524",
"category": "malicious",
"result": "Trojan:MacOS/MiniRat.DA!MTB"
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1779616962",
"engine_update": "20260524",
"category": "malicious",
"result": "Detected"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260522",
"category": "undetected",
"result": null
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-05-24.02",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260524",
"category": "malicious",
"result": "Osx.Backdoor.Godoor.Fflw"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260523",
"category": "undetected",
"result": null
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "7483923:7483923:dce9a18:dce9a18",
"engine_update": "20260523",
"category": "malicious",
"result": "Backdoor/OSX.MiniRAT.a"
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260522",
"category": "undetected",
"result": null
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260523",
"category": "malicious",
"result": "OSX/Agent.GT!tr"
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260515",
"category": "malicious",
"result": "MacOS:Minirat-A [Trj]"
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260524",
"category": "undetected",
"result": null
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Backdoor:MacOS/MiniRat.DM8PHU"
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5607",
"engine_update": "20260522",
"category": "failure",
"result": null
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260523",
"category": "failure",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260524-00",
"engine_update": "20260524",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260520",
"category": "type-unsupported",
"result": null
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.261",
"engine_update": "20260521",
"category": "type-unsupported",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260516",
"category": "type-unsupported",
"result": null
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.781",
"engine_update": "20260522",
"category": "type-unsupported",
"result": null
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "type-unsupported",
"result": null
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260524",
"category": "type-unsupported",
"result": null
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "type-unsupported",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "type-unsupported",
"result": null
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "type-unsupported",
"result": null
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260524",
"category": "type-unsupported",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260524",
"category": "type-unsupported",
"result": null
}
},
"macho_info": [
{
"info": {
"sha256": "a35d2b67fa478a7174e308b43ce30bf69b3bc6f44fa76197fdf95fc2fbc1cf5b"
},
"commands": [
{
"type": "LC_BUILD_VERSION"
},
{
"type": "LC_MAIN"
},
{
"type": "LC_DYLD_INFO_ONLY"
},
{
"type": "LC_SYMTAB"
},
{
"type": "LC_DYSYMTAB"
},
{
"type": "LC_LOAD_DYLINKER"
},
{
"type": "LC_LOAD_DYLIB"
},
{
"type": "LC_UUID"
},
{
"type": "LC_CODE_SIGNATURE"
}
],
"segments": [
{
"name": "__PAGEZERO",
"fileoff": "0x0",
"vmsize": "0x100000000",
"filesize": "0x0",
"vmaddr": "0x0"
},
{
"name": "__TEXT",
"fileoff": "0x0",
"vmsize": "0x2d8000",
"filesize": "0x2d8000",
"vmaddr": "0x100000000",
"sections": [
{
"type": "S_REGULAR",
"flags": [
"SECTION_ATTRIBUTES_USR",
"SECTION_ATTRIBUTES_SYS"
],
"name": "__text"
},
{
"type": "S_SYMBOL_STUBS",
"flags": [
"SECTION_ATTRIBUTES_USR",
"SECTION_ATTRIBUTES_SYS"
],
"name": "__symbol_stub1"
},
{
"type": "S_REGULAR",
"name": "__rodata"
}
]
},
{
"name": "__DATA_CONST",
"fileoff": "0x2d8000",
"vmsize": "0x23e840",
"filesize": "0x23e840",
"vmaddr": "0x1002d8000",
"sections": [
{
"type": "S_REGULAR",
"name": "__rodata"
},
{
"type": "S_CSTRING_LITERALS",
"flags": [
"S_8BYTE_LITERALS"
],
"name": "__got"
},
{
"type": "S_REGULAR",
"name": "__typelink"
},
{
"type": "S_REGULAR",
"name": "__itablink"
},
{
"type": "S_REGULAR",
"name": "__gosymtab"
},
{
"type": "S_REGULAR",
"name": "__gopclntab"
}
]
},
{
"name": "__DATA",
"fileoff": "0x518000",
"vmsize": "0x80f70",
"filesize": "0x4a2e0",
"vmaddr": "0x100518000",
"sections": [
{
"type": "S_REGULAR",
"name": "__go_buildinfo"
},
{
"type": "S_REGULAR",
"name": "__go_fipsinfo"
},
{
"type": "S_REGULAR",
"name": "__noptrdata"
},
{
"type": "S_REGULAR",
"name": "__data"
},
{
"type": "S_ZEROFILL",
"name": "__bss"
},
{
"type": "S_ZEROFILL",
"name": "__noptrbss"
}
]
},
{
"name": "__LINKEDIT",
"fileoff": "0x564000",
"vmsize": "0x2b6b2",
"filesize": "0x2b6b2",
"vmaddr": "0x10059c000"
}
],
"headers": {
"cpu_subtype": "ARM64_ALL",
"magic": "0xfeedfacf",
"size_cmds": 2144,
"num_cmds": 17,
"file_type": "executable file",
"cpu_subtype_lib64": false,
"flags": [
"DYLDLINK",
"PIE"
],
"cpu_type": "ARM64",
"reserved": "0x0",
"entrypoint": "0x77ed0"
},
"platform": 1,
"libs": [
"/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation",
"/System/Library/Frameworks/Security.framework/Versions/A/Security",
"/usr/lib/libSystem.B.dylib",
"/usr/lib/libresolv.9.dylib"
]
}
],
"symhash": "8ce68bc8f030e33dcf118e2f2ffc887a",
"magic": "Mach-O 64-bit arm64 executable, flags:<|DYLDLINK|PIE>",
"first_seen_itw_date": 1778582012,
"goresym": {
"summary": {
"total_files": 698,
"total_userFunctions": 893,
"total_stdFunctions": 5496,
"total_dependencies": 0,
"total_types": 0,
"total_interfaces": 0
},
"report_preview": {
"buildId": "rR4FtrkG2FjWUwwdT4F1/he80w3imBWhIkbi3V9Av/1Lx_Ybugdi-hdyzxzi4y/pn6uoZ0QlOayvKOe_9CT",
"version": "1.25.8",
"arch": "arm64",
"os": "darwin",
"buildInfo": {
"goVersion": "go1.25.8",
"path": "alibaba.xyz/minirat",
"settings": [
{
"key": "-buildmode",
"value": "exe"
},
{
"key": "-compiler",
"value": "gc"
},
{
"key": "-trimpath",
"value": "true"
},
{
"key": "CGO_ENABLED",
"value": "0"
},
{
"key": "GOARCH",
"value": "arm64"
},
{
"key": "GOOS",
"value": "darwin"
},
{
"key": "GOARM64",
"value": "v8.0"
},
{
"key": "vcs",
"value": "git"
},
{
"key": "vcs.revision",
"value": "dfd224461edb06c556ee0d5677bd78ddda80b910"
},
{
"key": "vcs.time",
"value": "2026-03-20T09:13:30Z"
},
{
"key": "vcs.modified",
"value": "true"
}
]
}
}
},
"last_analysis_date": 1779621318,
"names": [
"profiler"
],
"crowdsourced_yara_results": [
{
"ruleset_id": "0122a7f913",
"ruleset_version": "0122a7f913|589bbefc22847193cac455858fa15e627d671918",
"ruleset_name": "Windows_API_Function",
"rule_name": "Windows_API_Function",
"match_date": 1779621616,
"description": "This signature detects the presence of a number of Windows API functionality often seen within embedded executables. When this signature alerts on an executable, it is not an indication of malicious behavior. However, if seen firing in other file types, deeper investigation may be warranted.",
"author": "InQuest Labs",
"source": "https://github.com/InQuest/yara-rules-vt"
}
],
"sha1": "0614fe623f6014bccae634e15e3c883a41aa89ee",
"tlsh": "T1DF466B85BD1D6462D6CD76781F6653943739FC088F82C3162628BB3DBEF23588B23661",
"ssdeep": "49152:aquDOvPckI1//4NDCWN0L+nfvl+r/ys/i9i64AmRS35EliK5:aquDAckI1nIDRN0L+nF+rLiNmOEliK5",
"tags": [
"macho",
"arm",
"self-signed",
"signed",
"64bits"
],
"signature_info": {
"Identifier": "a.out",
"TeamIdentifier": "not set",
"Format": "Mach-O thin (arm64)",
"CDHash": "0cee08c15ae30bb499b1c07c477e50c723c4983c",
"Hash choices": "sha256",
"CandidateCDHash sha256": "0cee08c15ae30bb499b1c07c477e50c723c4983c",
"CandidateCDHashFull sha256": "0cee08c15ae30bb499b1c07c477e50c723c4983c66ef2c131908b34fa5440fdc",
"Info.plist": "not bound",
"CMSDigest": "0cee08c15ae30bb499b1c07c477e50c723c4983c66ef2c131908b34fa5440fdc",
"CMSDigestType": "2"
},
"crowdsourced_ai_results": [
{
"analysis": "The binary is a Go-compiled Remote Access Trojan (RAT) belonging to the 'minirat' family, as evidenced by the Go module path 'alibaba.xyz/minirat'. It contains explicit backdoor and spyware capabilities, including system profiling (gathering UUID and agent info), virtual machine detection ('IsVirtualMachine'), arbitrary command execution ('ExecuteCommand'), file upload/download functionality, directory zipping for data exfiltration ('ZipDirectory', 'ZipAndUploadDirectory'), and persistence mechanisms ('Persist').",
"verdict": "malicious",
"category": "code_insight",
"source": "palm",
"id": "a35d2b67fa478a7174e308b43ce30bf69b3bc6f44fa76197fdf95fc2fbc1cf5b-file-palm"
}
]
}
}
}