7bd3201946ef8b8a836bc2f951923adc

Hash

MD5: 7bd3201946ef8b8a836bc2f951923adc
SHA1: db077e20e429b93d9b1187cf09869544d83dbe02
SHA256: 0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270
First Seen: 2026-05-27
Last Seen: 2026-05-27

Shortcuts: Hybrid Analysis MalwareBazaar Virustotal

1

Related Reports
0

Related IOCs

Additional Information

MalwareBazaar

                {
    "query_status": "ok",
    "data": [
        {
            "sha256_hash": "0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270",
            "sha3_384_hash": "231300f712505055d2611fe45bb607cf6c2e05c7948ad3de27054dd1b67bc93640407cf85dc440531609ee3e580ca7a8",
            "sha1_hash": "db077e20e429b93d9b1187cf09869544d83dbe02",
            "md5_hash": "7bd3201946ef8b8a836bc2f951923adc",
            "first_seen": "2026-04-07 23:15:16",
            "last_seen": null,
            "file_name": "driver_arm",
            "file_size": 5830370,
            "file_type_mime": "application/x-mach-binary",
            "file_type": "macho",
            "file_format": "MACHO",
            "file_arch": "ARM64",
            "reporter": "johnk3r",
            "origin_country": "CH",
            "anonymous": 0,
            "signature": null,
            "imphash": null,
            "tlsh": "T121466A45BD2D6562D5C976781F6653943339EC088F82C3262628BB3DFEF23588B23761",
            "telfhash": null,
            "gimphash": null,
            "ssdeep": "49152:yUqZRvEFx7nIhqLg+Eo6+IFVXX/itd64AmqQ235EoqM:yUqZaFxLwqLg+2+IFxigmgEoqM",
            "magika": "macho",
            "dhash_icon": null,
            "trid": null,
            "comment": null,
            "archive_pw": null,
            "tags": [
                "89-36-224-5",
                "byte-io-us",
                "datahub-ink",
                "loud-sync-online",
                "macho",
                "minirat"
            ],
            "code_sign": null,
            "delivery_method": null,
            "intelligence": {
                "clamav": null,
                "downloads": "108",
                "uploads": "1",
                "mail": null
            },
            "file_information": null,
            "ole_information": [],
            "yara_rules": [
                {
                    "rule_name": "CP_Script_Inject_Detector",
                    "author": "DiegoAnalytics",
                    "description": "Detects attempts to inject code into another process across PE, ELF, Mach-O binaries",
                    "reference": null
                },
                {
                    "rule_name": "DetectEncryptedVariants",
                    "author": "Zinyth",
                    "description": "Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded",
                    "reference": null
                },
                {
                    "rule_name": "DetectGoMethodSignatures",
                    "author": "Wyatt Tauber",
                    "description": "Detects Go method signatures in unpacked Go binaries",
                    "reference": null
                },
                {
                    "rule_name": "Detect_Go_GOMAXPROCS",
                    "author": "Obscurity Labs LLC",
                    "description": "Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata",
                    "reference": null
                },
                {
                    "rule_name": "Detect_PowerShell_Obfuscation",
                    "author": "daniyyell",
                    "description": "Detects obfuscated PowerShell commands commonly used in malicious scripts.",
                    "reference": null
                },
                {
                    "rule_name": "GoBinTest",
                    "author": null,
                    "description": null,
                    "reference": null
                },
                {
                    "rule_name": "golang",
                    "author": null,
                    "description": null,
                    "reference": null
                },
                {
                    "rule_name": "golang_binary_string",
                    "author": null,
                    "description": "Golang strings present",
                    "reference": null
                },
                {
                    "rule_name": "Golang_Find_CSC846",
                    "author": "Ashar Siddiqui",
                    "description": "Find Go Signatuers",
                    "reference": null
                },
                {
                    "rule_name": "Golang_Find_CSC846_Simple",
                    "author": "Ashar Siddiqui",
                    "description": "Find Go Signatuers",
                    "reference": null
                },
                {
                    "rule_name": "identity_golang",
                    "author": "Eric Yocam",
                    "description": "find Golang malware",
                    "reference": null
                },
                {
                    "rule_name": "RANSOMWARE",
                    "author": "ToroGuitar",
                    "description": null,
                    "reference": null
                },
                {
                    "rule_name": "SHA512_Constants",
                    "author": "phoul (@phoul)",
                    "description": "Look for SHA384/SHA512 constants",
                    "reference": null
                },
                {
                    "rule_name": "vmdetect",
                    "author": "nex",
                    "description": "Possibly employs anti-virtualization techniques",
                    "reference": null
                }
            ],
            "vendor_intel": {
                "CERT-PL_MWDB": {
                    "detection": null,
                    "link": "https://mwdb.cert.pl/sample/0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270/"
                },
                "YOROI_YOMI": {
                    "detection": "Malicious File",
                    "score": "1.00"
                },
                "ReversingLabs": {
                    "threat_name": "MacOS.Trojan.Multiverze",
                    "status": "MALICIOUS",
                    "first_seen": "2026-04-07 23:15:43",
                    "scanner_count": "37",
                    "scanner_match": "9",
                    "scanner_percent": "24.32"
                },
                "Spamhaus_HBL": [
                    {
                        "detection": "suspicious",
                        "link": "https://www.spamhaus.org/hbl/"
                    }
                ],
                "FileScan-IO": {
                    "verdict": "SUSPICIOUS",
                    "threatlevel": "0.5",
                    "confidence": "1.0",
                    "report_link": "https://www.filescan.io/uploads/69d5900f2346b9da57c69379/reports/bdb3b367-51a9-4846-a1dc-29280ec03c5d/overview"
                },
                "Kaspersky": {
                    "verdict": "Malware",
                    "file_type": "macho x64 le",
                    "first_seen": "2026-04-08T15:30:00Z",
                    "last_seen": "2026-04-08T16:05:00Z",
                    "hitscount": 10,
                    "report_link": "https://opentip.kaspersky.com/0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270/results?tab=lookup",
                    "detections": []
                }
            },
            "comments": null
        }
    ]
}

Related Reports

2026-05-27

Wiz

Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

#macOS #T1566 #T1195.002 #T1059.004 #T1547 #T1552 #T1555 #T1056.001 #T1105 #T1059 #JINX-0164 #Suspicious #T1480.001

« Back

⚠ These IoCs were automatically extracted using regular expressions or an LLM and may include non-malicious data.