MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8050a585fe1d534cafecaa56bda08ce2ef3bc26ea2b0ddad90c6b0c2be1ef3af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8050a585fe1d534cafecaa56bda08ce2ef3bc26ea2b0ddad90c6b0c2be1ef3af
SHA3-384 hash: 65ae0183172a33191c285d6544118b813acfdc0207e2ef38cc2742d3bb5aded3f3a3c16cd25e5ba9ac8fe857258b0ea4
SHA1 hash: c619fa0ef314de17b76fbdeee76bbd97e04f7b46
MD5 hash: 9da6a8e9d56d6ef316d51352c81236ed
humanhash: aspen-social-bravo-table
File name:installer.py
Download: download sample
File size:80'304 bytes
First seen:2023-07-06 13:59:36 UTC
Last seen:Never
File type:
MIME type:text/x-script.python
ssdeep 1536:5NGZS2C+WUuj70wAXvbpwpY+w00M6llsuKvlx+4Roh0f:5NGZS2C+WUuj70wAXvbpwnw0iGuKvOe
TLSH T18D73D8D628076D97A283C41F0186F9A3961C90479D0C643CB6BED3D9EF2A9A9C1F4CF5
Reporter iamdeadlyz
Tags:chainbreaker py RealstStealer


Avatar
Iamdeadlyz
Fake Blockchain Games Deliver RedLine Stealer & Realst Stealer - A New macOS Infostealer Malware
https://iamdeadlyz.gitbook.io/malware-research/july-2023/fake-blockchain-games-deliver-redline-stealer-and-realst-stealer-a-new-macos-infostealer-malware

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
SG SG
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Application.MAC.Generic.1635.16386.27128.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control lolbin masquerade
Link:
https://www.filescan.io/uploads/64a6c8e6784d6094d919e6d5/reports/0593750b-e796-43b4-8229-ed9e8a91351c/overview
Verdict:
Malicious
Labled as:
OSX/Riskware.Keychaindump
Link:
https://www.hybrid-analysis.com/sample/8050a585fe1d534cafecaa56bda08ce2ef3bc26ea2b0ddad90c6b0c2be1ef3af
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8050a585fe1d534cafecaa56bda08ce2ef3bc26ea2b0ddad90c6b0c2be1ef3af/
Threat name:
Win32.Trojan.KeychainDump
Create hunting rule
Status:
Malicious
First seen:
2023-04-03 23:20:42 UTC
File Type:
Text (Python)
AV detection:
4 of 38 (10.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qbiklbp6dvjuzl7mvjll3iem4lxtxqtoukyn3lmqy2ymfpq66oxq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/230706-sjfsjacd75/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8050a585fe1d534cafecaa56bda08ce2ef3bc26ea2b0ddad90c6b0c2be1ef3af

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_decoding
Create hunting rule
Author:iam-py-test
Description:Detect scripts which are decoding base64 encoded data (mainly Python, may apply to other languages)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown a0b8789ef3249b5fa8eb3590cd6f183e24273b5886560233025fc9d8de52ce0b

8050a585fe1d534cafecaa56bda08ce2ef3bc26ea2b0ddad90c6b0c2be1ef3af

(this sample)

  
Link
https://iamdeadlyz.gitbook.io/malware-research/july-2023/fake-blockchain-games-deliver-redline-stealer-and-realst-stealer-a-new-macos-infostealer-malware
  
Dropped by
SHA256 a0b8789ef3249b5fa8eb3590cd6f183e24273b5886560233025fc9d8de52ce0b
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 b08740de7bd8d6805ca2c3c8be1db69fbb7aa9bd6aad1c0582881e4196574aa9
  
Dropped by
MD5 acc451f7b0de769d8e884c81b522b3ff
  
Dropped by
SHA256 fc438c6e231c80c0d5de5b5a194fdba87f88e334414b248047c5e412ed613a6a
  
Dropped by
MD5 4f82e622161a1d3c94fd15474a664309
  
Dropped by
SHA256 2c0cc8b60e502e9a2a82a1a6acdfa340ff43608dd6fdad32db9ce99b383513e3
  
Dropped by
MD5 be4459aef66bcbc4e1478a2974aa3d6d
  
Dropped by
SHA256 e581b456d13a52ac58f91f47916950b6e7442c54d7dfb15b76fff844e00e0382
  
Dropped by
MD5 6665705aa4be11c9da463d22a77196bb
  
Dropped by
MD5 fdff0ccba08c8cc681759c55fa2f5103

Comments