MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7276c6c6bff30cc9ddd97f4cd3e33102017281ffa7e164819dddc0beb83bafcf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PoseidonStealer

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	7276c6c6bff30cc9ddd97f4cd3e33102017281ffa7e164819dddc0beb83bafcf
SHA3-384 hash:	42a3be02f6b1296d60e8b15444299cf2867901ba69d8e620f7735ec53f1f4d7080e3b0c566f4634c042cd89a1ff396fa
SHA1 hash:	77d98d18af1a784a50cd21dabbe9053749f5e80e
MD5 hash:	8b675b55d9b26ffeba29d6219cd8e353
humanhash:	mississippi-don-pennsylvania-texas
File name:	Arc12645413
Download:	download sample
Signature	PoseidonStealer Create hunting rule
File size:	290'512 bytes
First seen:	2024-06-28 13:26:56 UTC
Last seen:	Never
File type:	macho
MIME type:	application/x-mach-binary
ssdeep	3072:2d/Nn2bZlxuw1T0JgTbThXYPThnyClWNn2bZlvJTHS8TEe3dZuqThn6e:wVn2bZd9hJ0MCCn2bZ55pBdUG0e
TLSH	T1B95445F30727DB02C6C5B7B9728A2B478F10BF062AD51FA1B71CAC845DDC752B869642
TrID	82.2% (.DYLIB) Mac OS X Mach-O universal Dynamically linked shared Library (32500/1/5) 17.7% (.O/DYLIB/BUNDLE) Mac OS X Universal Binary (generic) (7002/2)
Reporter	NDA0E
Tags:	machO PoseidonStealer

Intelligence

File Origin

# of uploads :

1

# of downloads :

160

Origin country :

NL

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.MacOS.Agent-ANG.9752.3169.UNOFFICIAL

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=667eba6017db6c2841b21397win10vpnfull_triage

Tags:

Agent

Verdict:

Malicious

Labled as:

Trojan.MAC.Stealer.35;Gen:Trojan.MAC.Stealer.Generic

Link:

https://www.hybrid-analysis.com/sample/7276c6c6bff30cc9ddd97f4cd3e33102017281ffa7e164819dddc0beb83bafcf

Result

Verdict:

MALICIOUS

Score:

95%

Verdict:

Malware

File Type:

Mach-O universal binary

Link:

https://malprob.io/report/7276c6c6bff30cc9ddd97f4cd3e33102017281ffa7e164819dddc0beb83bafcf

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7276c6c6bff30cc9ddd97f4cd3e33102017281ffa7e164819dddc0beb83bafcf/

Threat name:

MacOS.Trojan.Generic

Status:

Suspicious

First seen:

2024-06-24 19:08:11 UTC

File Type:

Binary (Archive)

Extracted files:

2

AV detection:

9 of 38 (23.68%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oj3mnrv76mgmtxozp5gnhyzraiaxfap7u7qwjam53xal5ob3v7hq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7276c6c6bff30cc9ddd97f4cd3e33102017281ffa7e164819dddc0beb83bafcf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PoseidonStealer

c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05

PoseidonStealer

macho 7276c6c6bff30cc9ddd97f4cd3e33102017281ffa7e164819dddc0beb83bafcf

(this sample)

Dropped by

SHA256 c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05

URLhaus

https://urlhaus.abuse.ch/url/2910993/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2910994/

URLhaus

https://urlhaus.abuse.ch/url/2910992/

URLhaus

https://urlhaus.abuse.ch/url/2910995/

URLhaus

https://urlhaus.abuse.ch/url/2910998/

URLhaus

https://urlhaus.abuse.ch/url/2910997/

URLhaus

https://urlhaus.abuse.ch/url/2910996/

URLhaus

https://urlhaus.abuse.ch/url/2910999/

Dropped by

MD5 02a0407bea1bea006c35c0aa178a573b

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample