MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PoseidonStealer

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05
SHA3-384 hash:	52c0e07b77052afe8e8d3ba4c6b72628e0d2798f81b4f219be199b1e2e09533d2cccf25a3c2488ac4037d4372479567c
SHA1 hash:	707dfef59b96cdc6df074b4d913d2fd39540924e
MD5 hash:	02a0407bea1bea006c35c0aa178a573b
humanhash:	maine-november-lima-july
File name:	Arc12645413.dmg
Download:	download sample
Signature	PoseidonStealer Create hunting rule
File size:	749'924 bytes
First seen:	2024-06-28 13:04:45 UTC
Last seen:	Never
File type:
MIME type:	application/zlib
ssdeep	12288:ctlfnf3ncKqbjookPyQPyrDkQwv/d9rqdhHlNjC+zqLxL8slo/hORkj:MmRw7XPg4prqdRpuLx4slo5
TLSH	T1DFF423355D0E7E30DDD246B1C035E8879CD93DCF9E79662AE927A84CA1D831062E4ECB
TrID	97.6% (.DMG) Macintosh Disk image (BZlib compressed) (83000/1/20) 2.3% (.) ZLIB compressed data (var. 4) (2000/1)
Reporter	NDA0E
Tags:	dmg PoseidonStealer

NDA0E

https://37.27.82.196/Arc12645413.dmg

Intelligence

File Origin

# of uploads :

1

# of downloads :

139

Origin country :

GR

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.FileRepMalware.17858.18222.UNOFFICIAL

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=667f08ea7d0a7ff58bc76374win10vpnfull_triage

Tags:

Uvlx

Verdict:

Malicious

Labled as:

DMG/ABTrojan.GJVR

Link:

https://www.hybrid-analysis.com/sample/c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05/

Threat name:

MacOS.Trojan.Multiverze

Status:

Malicious

First seen:

2024-06-24 19:08:13 UTC

File Type:

Binary (Archive)

Extracted files:

6

AV detection:

11 of 24 (45.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yfut5z2h4mkudem7qtp2rhrwzjnxib2aisyyczlnsxl7icxtjicq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

FindPOS

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PoseidonStealer

c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05

(this sample)

PoseidonStealer

macho 7276c6c6bff30cc9ddd97f4cd3e33102017281ffa7e164819dddc0beb83bafcf

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2910993/

URLhaus

https://urlhaus.abuse.ch/url/2910994/

URLhaus

https://urlhaus.abuse.ch/url/2910992/

URLhaus

https://urlhaus.abuse.ch/url/2910995/

URLhaus

https://urlhaus.abuse.ch/url/2910998/

URLhaus

https://urlhaus.abuse.ch/url/2910997/

URLhaus

https://urlhaus.abuse.ch/url/2910996/

URLhaus

https://urlhaus.abuse.ch/url/2910999/

Dropping

SHA256 7276c6c6bff30cc9ddd97f4cd3e33102017281ffa7e164819dddc0beb83bafcf

Dropping

MD5 8b675b55d9b26ffeba29d6219cd8e353

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample