-= Per source details. Do not edit below this line.=-
The package is capable of installing malware from a hardcoded URL. The malware is well-recognized and acts as infostealer. Interestingly, it uses Steam profiles to get the current C2 domain (based on sandbox analysis).
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-03-logax
Reasons (based on the campaign):
infostealer
malware
{
"malicious-packages-origins": [
{
"versions": [
"1",
"1.5",
"2.4",
"2.5",
"2.7",
"2.9",
"3.1",
"3.2",
"3.4",
"3.5",
"3.6",
"3.7",
"3.8",
"3.9",
"4",
"4.2",
"4.3",
"4.5",
"4.8",
"4.9",
"5",
"5.2",
"5.3",
"5.4",
"8.3"
],
"sha256": "14dec44fd3afb9745d8838e0570fb0e0db4fd51f3a101e8b065ea53534286f6c",
"modified_time": "2025-04-23T16:06:27Z",
"source": "reversing-labs",
"id": "RLMA-2025-02512",
"import_time": "2025-04-25T09:36:46.679042013Z"
},
{
"sha256": "2bbac92c2eb7e20fcf7b96dcd2a6e96353d9e5e0cbb7b9de97ec258645995264",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2025-03-18T09:49:12Z",
"source": "kam193",
"id": "pypi/2025-03-logax/logax",
"import_time": "2025-12-02T22:30:55.313127728Z"
},
{
"sha256": "e129e6d6d38e21a039bd2190e3138f1381ad386e45a49521621a8b8ad61f7678",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2025-03-18T09:49:12Z",
"source": "kam193",
"id": "pypi/2025-03-logax/logax",
"import_time": "2025-12-02T23:07:18.339785379Z"
},
{
"versions": [
"1",
"1.5",
"2.7",
"3.8",
"8.3",
"3.6",
"3.7",
"2.4",
"3.5",
"2.5",
"3.2",
"2.9",
"3.1",
"3.4",
"3.9",
"4.0",
"4.2",
"4.3",
"4.5",
"4.8",
"4.9",
"5.2",
"5.0",
"5.3",
"5.4"
],
"sha256": "04e36d292d30c17c677e673242120722d25b56cc1e4c8f11766323e96bcbe2e5",
"modified_time": "2025-03-18T09:49:12Z",
"source": "kam193",
"id": "pypi/2025-03-logax/logax",
"import_time": "2025-12-10T21:38:57.572528169Z"
},
{
"versions": [
"1",
"1.5",
"2.4",
"2.5",
"2.7",
"2.9",
"3.1",
"3.2",
"3.4",
"3.5",
"3.6",
"3.7",
"3.8",
"3.9",
"4.0",
"4.2",
"4.3",
"4.5",
"4.8",
"4.9",
"5.0",
"5.2",
"5.3",
"5.4",
"8.3"
],
"sha256": "0828cc74cc0f7033c0bf58055fc419a5f1db7b5f7f5281e640ba0cd7c4cb416d",
"modified_time": "2025-03-18T09:49:12Z",
"source": "kam193",
"id": "pypi/2025-03-logax/logax",
"import_time": "2025-12-30T22:39:04.12239451Z"
},
{
"sha256": "7efcd8806bb1b3f40893dcfba0dc66b8251397e6a41dd335ca318a116446b599",
"modified_time": "2026-03-18T12:15:38Z",
"source": "reversing-labs",
"id": "RLUA-2026-00475",
"import_time": "2026-03-19T12:19:59.969844807Z"
}
],
"iocs": {
"urls": [
"https://anonfile.io/api/download/rzOy11HD",
"https://anonfile.io/api/download/iJbMXihN",
"https://store4.gofile.io/download/web/dcec487f-df79-4ec0-99d1-ac2cc299329a/Saucy.exe",
"https://steamcommunity.com/profiles/76561199830115115/",
"https://acerputas.90shipsnormal.site/api/log"
],
"domains": [
"acerputas.90shipsnormal.site"
]
}
}