← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps
WHITE CyberHunter_NL 2025-09-05 Modified: 2025-09-05
29
IOCs
MEDIUM VOLUME
An MDR analysis of the AMOS stealer campaign suggests that the malware is targeting users of Apple's Mac operating system, rather than the Apple Store, as well as those using the “Cracked” app.
disease vectorc serversha1mdr analysisamos stealercrackedappscompromise filename shadetectionamostrojanspy
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
AMOS TrojanSpy
Indicators of Compromise (29)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 25e1c385a14ad06e2707dfee3bf2c484 MD5 of 4a33e10c87795e93c10de3d1a59937909d0093cac937e2a09d3242e7b17a36ce 2025-09-05
FileHash-MD5 36e00e2de5278629464d9ff1215e1eeb MD5 of 3ecf98f90cb170475eef315dad43e125b14757d7fbfdd213d5221c4e31467ee9 2025-09-05
FileHash-MD5 904d94c8674127160a73251e724090fd MD5 of 7a66c1a25b7caee9b6cc26a3199182379b6cdecc8196ac08be9fe03b4d193d6a 2025-09-05
FileHash-SHA1 3782f677ca4eea1c733c967c59d63024aa8b4419 SHA1 of 3ecf98f90cb170475eef315dad43e125b14757d7fbfdd213d5221c4e31467ee9 2025-09-05
FileHash-SHA1 aa534e2fc19c970adc6142cda3f0a3c4309d6e3e 2025-09-05
FileHash-SHA1 d47867a22fbc14d03d3fe9fced3a9b5bf8d7c96e SHA1 of 7a66c1a25b7caee9b6cc26a3199182379b6cdecc8196ac08be9fe03b4d193d6a 2025-09-05
FileHash-SHA1 dcd1af8febaa4d93c9aa3cc0a7f7caa80f750d24 SHA1 of 4a33e10c87795e93c10de3d1a59937909d0093cac937e2a09d3242e7b17a36ce 2025-09-05
FileHash-SHA1 df92d2aac76ad76edeeb5fade987e1111d2742e7 2025-09-05
FileHash-SHA256 3ecf98f90cb170475eef315dad43e125b14757d7fbfdd213d5221c4e31467ee9 2025-09-05
FileHash-SHA256 4a33e10c87795e93c10de3d1a59937909d0093cac937e2a09d3242e7b17a36ce 2025-09-05
FileHash-SHA256 7a66c1a25b7caee9b6cc26a3199182379b6cdecc8196ac08be9fe03b4d193d6a 2025-09-05
URL https://goatramz.com/get4/install.sh 2025-09-05
URL https://goatramz.com/get4/update 2025-09-05
URL https://letrucvert.com/get8/install.sh 2025-09-05
URL https://sivvino.com 2025-09-05
domain dtxxbz1jq070725p93.cfd 2025-09-05
domain ekochist.com 2025-09-05
domain goatramz.com 2025-09-05
domain goipbp9080425d4.cfd 2025-09-05
domain halesmp.com 2025-09-05
domain haxmac.cc 2025-09-05
domain im9ov070725iqu.com 2025-09-05
domain jey90080425s.cfd 2025-09-05
domain letrucvert.com 2025-09-05
domain misshon.com 2025-09-05
domain riv4d3dsr17042596.com 2025-09-05
domain sivvino.com 2025-09-05
domain toutentris.com 2025-09-05
domain x5vw0y8h70804254.cfd 2025-09-05
References (1)
↗ https://www.trendmicro.com/en_us/research/25/i/an-mdr-analysis-of-the-amos-stealer-campaign.html