-= Per source details. Do not edit below this line.=-
When importing the module and a specific file exists in the current directory, obfuscated code downloads and starts the next stage of obfuscated code (cstealer infostealer)
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-10-pyutiltool
Reasons (based on the campaign):
infostealer
obfuscation
infostealer:cstealer
{
"malicious-packages-origins": [
{
"versions": [
"1",
"1.1",
"1.11"
],
"sha256": "99a43f917636ec3c9bb4e8dbaebb560d4a70fc2d1453f96b88a157c7d075265e",
"modified_time": "2024-12-09T06:50:11Z",
"source": "reversing-labs",
"id": "RLMA-2024-11034",
"import_time": "2024-12-09T14:38:43.487146145Z"
},
{
"sha256": "b90d7d71847109d990cadb70f118634fe9a7d0de543d66171d00c16ea46e28c6",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-10-03T16:34:31Z",
"source": "kam193",
"id": "pypi/2024-10-pyutiltool/exflibrary",
"import_time": "2025-12-02T22:30:55.178156345Z"
},
{
"sha256": "95deb938eb8fd38976a38faf2fd2117318966fc829c080f35d6d999ff37d1236",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-10-03T16:34:31Z",
"source": "kam193",
"id": "pypi/2024-10-pyutiltool/exflibrary",
"import_time": "2025-12-02T23:07:18.185619391Z"
},
{
"versions": [
"1.0",
"1.1",
"1.11"
],
"sha256": "4f4768515cdcf198881be036187f2b7ad9672cc51cf24c1c5b5a7f6a5847a430",
"modified_time": "2024-10-03T16:34:31Z",
"source": "kam193",
"id": "pypi/2024-10-pyutiltool/exflibrary",
"import_time": "2025-12-10T21:38:57.46993604Z"
},
{
"sha256": "d70a951a48be6a991cf76704e0cd0e232aeb4abf5de7b93db78b040f9590f43e",
"modified_time": "2026-03-18T12:13:39Z",
"source": "reversing-labs",
"id": "RLUA-2026-00306",
"import_time": "2026-03-19T12:19:43.89711033Z"
}
],
"iocs": {
"urls": [
"https://blockatlaspro.com/application.py",
"https://blockatlaspro.com/test.py"
],
"domains": [
"blockatlaspro.com"
]
}
}