MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 08693f66da4a44c36e1a690f055876c763c0c0742c42e33faf39b9519c3d9dcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
PureLogsStealer
Vendor detections: 9
| SHA256 hash: | 08693f66da4a44c36e1a690f055876c763c0c0742c42e33faf39b9519c3d9dcc |
|---|---|
| SHA3-384 hash: | fb37aedf38a5b123abc3087b2e82bd27c1ec951ec4d8760ca784c4ace4b46972b54bb4f32a94b1b16436163ffe3cb374 |
| SHA1 hash: | dbbf7dd5a2189f56c670c7c3b9c7fe06d12aa040 |
| MD5 hash: | fd1ee25f514405ec3c3167435ecdf080 |
| humanhash: | dakota-zebra-orange-missouri |
| File name: | Purchase_Order_Quote_Confirmation_November07-2025_pdf.txz.rar |
| Download: | download sample |
| Signature | PureLogsStealer |
| File size: | 305'838 bytes |
| First seen: | 2026-07-03 18:01:27 UTC |
| Last seen: | 2026-07-03 18:03:06 UTC |
| File type: | rar |
| MIME type: | application/x-rar |
| ssdeep | 6144:xNzw2hgyoC0yfOsn+6sNm69DhjjbokDVJ4BM10Q7tGnW:xlwelowf9sNmUD9jr4BMHtGnW |
| TLSH | T19454230667AF426EECA6831487E9DC0D8CFB556B07E68A05C197F9BB3D0171C24CD98B |
| TrID | 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1) |
| Magika | rar |
| Reporter | |
| Tags: | PureLogsStealer rar |
Intelligence
File Origin
# of uploads :
2
# of downloads :
49
Origin country :
CHFile Archive Information
This file archive contains 1 file(s), sorted by their relevance:
| File name: | Purchase Order Quote_Confirmation_November07-2025_pdf.js |
|---|---|
| File size: | 2'109'818 bytes |
| SHA256 hash: | 51c35d576c037a5479a89da8fc6f94e3d3c0c24343fd9686ef6f75eae4ca8e65 |
| MD5 hash: | 555c995df75379f17fae42f1485f94cc |
| MIME type: | text/plain |
| Signature | PureLogsStealer |
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Tags:
stration trojan virus
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
base64 conhost downloader encrypted evasive lolbin masquerade obfuscated powershell repaired wscript
Verdict:
Suspicious
Labled as:
Trojan.Generic
Verdict:
Malicious
File Type:
rar
First seen:
2026-06-30T03:55:00Z UTC
Last seen:
2026-07-03T04:56:00Z UTC
Hits:
~10
Gathering data
Threat name:
Win32.Trojan.Sonbokli
Status:
Malicious
First seen:
2026-06-29 23:12:02 UTC
AV detection:
6 of 38 (15.79%)
Threat level:
5/5
Detection(s):
Suspicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
PureLogsStealer
rar 08693f66da4a44c36e1a690f055876c763c0c0742c42e33faf39b9519c3d9dcc
(this sample)
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.