860ef29773cf680ed765cb08ac3072cb
Hash
- MD5: 860ef29773cf680ed765cb08ac3072cb
- SHA1: 6ca184cb838a989220254ff1914313d774e65712
- SHA256: 0b028b781950641818800fee2b4bf68e4ef2bcee53fe71a21755275ba108783d
- First Seen: 2026-05-27
- Last Seen: 2026-05-27
-
1
Related Reports
-
0
Related IOCs
Additional Information
MalwareBazaar
{
"query_status": "ok",
"data": [
{
"sha256_hash": "0b028b781950641818800fee2b4bf68e4ef2bcee53fe71a21755275ba108783d",
"sha3_384_hash": "f896fbf10c376ca632cebb4b2c1b88f599c54c094648e7c9cad2b8b081e9a012507667a7a5c46db707b10f3317c8c502",
"sha1_hash": "6ca184cb838a989220254ff1914313d774e65712",
"md5_hash": "860ef29773cf680ed765cb08ac3072cb",
"first_seen": "2026-04-07 23:15:50",
"last_seen": null,
"file_name": "driver",
"file_size": 6252240,
"file_type_mime": "application/x-mach-binary",
"file_type": "macho",
"file_format": "MACHO",
"file_arch": "X86_64",
"reporter": "johnk3r",
"origin_country": "CH",
"anonymous": 0,
"signature": null,
"imphash": null,
"tlsh": "T1CB564A57ECA145A9C1AED2318AA29253BB317C495F2123D32B50F7383F73BE069B9750",
"telfhash": null,
"gimphash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"ssdeep": "98304:hBjL6vNoEuahOqzTArIHwZBzR9ulaE4bBF:hRTEphOsdHcylHu",
"magika": "macho",
"dhash_icon": null,
"trid": null,
"comment": null,
"archive_pw": null,
"tags": [
"89-36-224-5",
"byte-io-us",
"datahub-ink",
"loud-sync-online",
"macho",
"minirat"
],
"code_sign": null,
"delivery_method": null,
"intelligence": {
"clamav": null,
"downloads": "110",
"uploads": "1",
"mail": null
},
"file_information": null,
"ole_information": [],
"yara_rules": [
{
"rule_name": "CP_Script_Inject_Detector",
"author": "DiegoAnalytics",
"description": "Detects attempts to inject code into another process across PE, ELF, Mach-O binaries",
"reference": null
},
{
"rule_name": "DetectEncryptedVariants",
"author": "Zinyth",
"description": "Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded",
"reference": null
},
{
"rule_name": "DetectGoMethodSignatures",
"author": "Wyatt Tauber",
"description": "Detects Go method signatures in unpacked Go binaries",
"reference": null
},
{
"rule_name": "Detect_Go_GOMAXPROCS",
"author": "Obscurity Labs LLC",
"description": "Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata",
"reference": null
},
{
"rule_name": "Detect_PowerShell_Obfuscation",
"author": "daniyyell",
"description": "Detects obfuscated PowerShell commands commonly used in malicious scripts.",
"reference": null
},
{
"rule_name": "GoBinTest",
"author": null,
"description": null,
"reference": null
},
{
"rule_name": "golang",
"author": null,
"description": null,
"reference": null
},
{
"rule_name": "golang_binary_string",
"author": null,
"description": "Golang strings present",
"reference": null
},
{
"rule_name": "golang_duffcopy_amd64",
"author": null,
"description": null,
"reference": null
},
{
"rule_name": "Golang_Find_CSC846",
"author": "Ashar Siddiqui",
"description": "Find Go Signatuers",
"reference": null
},
{
"rule_name": "Golang_Find_CSC846_Simple",
"author": "Ashar Siddiqui",
"description": "Find Go Signatuers",
"reference": null
},
{
"rule_name": "identity_golang",
"author": "Eric Yocam",
"description": "find Golang malware",
"reference": null
},
{
"rule_name": "MD5_Constants",
"author": "phoul (@phoul)",
"description": "Look for MD5 constants",
"reference": null
},
{
"rule_name": "RANSOMWARE",
"author": "ToroGuitar",
"description": null,
"reference": null
},
{
"rule_name": "RIPEMD160_Constants",
"author": "phoul (@phoul)",
"description": "Look for RIPEMD-160 constants",
"reference": null
},
{
"rule_name": "SHA1_Constants",
"author": "phoul (@phoul)",
"description": "Look for SHA1 constants",
"reference": null
},
{
"rule_name": "SHA512_Constants",
"author": "phoul (@phoul)",
"description": "Look for SHA384/SHA512 constants",
"reference": null
},
{
"rule_name": "vmdetect",
"author": "nex",
"description": "Possibly employs anti-virtualization techniques",
"reference": null
}
],
"vendor_intel": {
"CERT-PL_MWDB": {
"detection": null,
"link": "https://mwdb.cert.pl/sample/0b028b781950641818800fee2b4bf68e4ef2bcee53fe71a21755275ba108783d/"
},
"YOROI_YOMI": {
"detection": "Malicious File",
"score": "1.00"
},
"ReversingLabs": {
"threat_name": "MacOS.Trojan.Generic",
"status": "SUSPICIOUS",
"first_seen": "2026-04-07 23:16:21",
"scanner_count": "24",
"scanner_match": "8",
"scanner_percent": "33.33"
},
"Spamhaus_HBL": [
{
"detection": "suspicious",
"link": "https://www.spamhaus.org/hbl/"
}
],
"FileScan-IO": {
"verdict": "SUSPICIOUS",
"threatlevel": "0.5",
"confidence": "1.0",
"report_link": "https://www.filescan.io/uploads/69d590462346b9da57c693d7/reports/4ca1e116-7ecf-46c4-92b8-c07b4f03f00b/overview"
},
"Kaspersky": {
"verdict": "Malware",
"file_type": "macho x64 le",
"first_seen": "2026-04-08T15:30:00Z",
"last_seen": "2026-04-08T16:05:00Z",
"hitscount": 10,
"report_link": "https://opentip.kaspersky.com/0b028b781950641818800fee2b4bf68e4ef2bcee53fe71a21755275ba108783d/results?tab=lookup",
"detections": []
}
},
"comments": null
}
]
}