MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08693f66da4a44c36e1a690f055876c763c0c0742c42e33faf39b9519c3d9dcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



PureLogsStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments

SHA256 hash: 08693f66da4a44c36e1a690f055876c763c0c0742c42e33faf39b9519c3d9dcc
SHA3-384 hash: fb37aedf38a5b123abc3087b2e82bd27c1ec951ec4d8760ca784c4ace4b46972b54bb4f32a94b1b16436163ffe3cb374
SHA1 hash: dbbf7dd5a2189f56c670c7c3b9c7fe06d12aa040
MD5 hash: fd1ee25f514405ec3c3167435ecdf080
humanhash: dakota-zebra-orange-missouri
File name:Purchase_Order_Quote_Confirmation_November07-2025_pdf.txz.rar
Download: download sample
Signature PureLogsStealer
File size:305'838 bytes
First seen:2026-07-03 18:01:27 UTC
Last seen:2026-07-03 18:03:06 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:xNzw2hgyoC0yfOsn+6sNm69DhjjbokDVJ4BM10Q7tGnW:xlwelowf9sNmUD9jr4BMHtGnW
TLSH T19454230667AF426EECA6831487E9DC0D8CFB556B07E68A05C197F9BB3D0171C24CD98B
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter TomU
Tags:PureLogsStealer rar

Intelligence


File Origin
# of uploads :
2
# of downloads :
49
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Purchase Order Quote_Confirmation_November07-2025_pdf.js
File size:2'109'818 bytes
SHA256 hash: 51c35d576c037a5479a89da8fc6f94e3d3c0c24343fd9686ef6f75eae4ca8e65
MD5 hash: 555c995df75379f17fae42f1485f94cc
MIME type:text/plain
Signature PureLogsStealer
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Tags:
stration trojan virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 conhost downloader encrypted evasive lolbin masquerade obfuscated powershell repaired wscript
Verdict:
Malicious
File Type:
rar
First seen:
2026-06-30T03:55:00Z UTC
Last seen:
2026-07-03T04:56:00Z UTC
Hits:
~10
Gathering data
Threat name:
Win32.Trojan.Sonbokli
Status:
Malicious
First seen:
2026-06-29 23:12:02 UTC
AV detection:
6 of 38 (15.79%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

PureLogsStealer

rar 08693f66da4a44c36e1a690f055876c763c0c0742c42e33faf39b9519c3d9dcc

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments