MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d0c3719afef2b4f8c02dd291702a558008881e49df5d47c1c76c12f070b9f37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PureLogsStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d0c3719afef2b4f8c02dd291702a558008881e49df5d47c1c76c12f070b9f37
SHA3-384 hash: ef3ba92ba00c35cc85380fef8f575fae44fd18c19fd46a979ba0ab3c444e267cf18d0069d49b2c87c94bcdecc77b021a
SHA1 hash: 66e8fa9f4ca2e01281826f2e9f304de4a6ba0c97
MD5 hash: 23cad24465d730936b5c3d2b7de5bfd1
humanhash: asparagus-montana-crazy-cardinal
File name:23cad24465d730936b5c3d2b7de5bfd1
Download: download sample
Signature PureLogsStealer
Create hunting rule
File size:114'800 bytes
First seen:2024-07-12 15:39:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:vL5xU6ADGGQw8B6LCgvdxmyKy5XptysjihJA/vzsz:vLrwEBICgvdMgXjnjIJ4sz
TLSH T17DB3123289F51A1BE9ADB0BCDB594DC1A52FF0E1642C219DE648AD38FD43BC64332A54
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter zbetcheckin
Tags:PureLogStealer zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
FR FR
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:fatherscientificpro.exe
File size:167'424 bytes
SHA256 hash: 767ad6a683c15dc908cd12b10e115c9b3dd1de419ac8f84ce80ccbfd7c0a564a
MD5 hash: 9bb5801a445ab29f9717c875eec016ef
MIME type:application/x-dosexec
Signature PureLogStealer
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoaderNET.987.29728.6216.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.DownLoaderNET.987.3852.14194.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66914e543bfaa4adffc83846win7simulatehigh_evasion
Tags:
Generic Static Stealth Dldr
Result
Verdict:
Suspicious
File Type:
PE File
Link:
https://app.docguard.net/0d0c3719afef2b4f8c02dd291702a558008881e49df5d47c1c76c12f070b9f37/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
advpack CAB explorer installer lolbin microsoft_visual_cc packed rundll32 setupapi sfx shell32
Link:
https://www.filescan.io/uploads/66914e547a9d16520070ed9c/reports/708b8351-9512-4df7-9a3d-c30a2b4efc06/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0d0c3719afef2b4f8c02dd291702a558008881e49df5d47c1c76c12f070b9f37
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/0d0c3719afef2b4f8c02dd291702a558008881e49df5d47c1c76c12f070b9f37
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
98%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/0d0c3719afef2b4f8c02dd291702a558008881e49df5d47c1c76c12f070b9f37
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d0c3719afef2b4f8c02dd291702a558008881e49df5d47c1c76c12f070b9f37/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-07-12 11:33:14 UTC
File Type:
Binary (Archive)
Extracted files:
40
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bugdognp54vu7dac3uuroavflaairapetx25i7a4o3as6bylt43q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
collection persistence spyware stealer
Link:
https://tria.ge/reports/240712-tynbla1ekk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Adds Run key to start application
Executes dropped EXE
Reads WinSCP keys stored on the system
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0d0c3719afef2b4f8c02dd291702a558008881e49df5d47c1c76c12f070b9f37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PureLogStealer

zip 0d0c3719afef2b4f8c02dd291702a558008881e49df5d47c1c76c12f070b9f37

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2951773/

Comments


Avatar
zbet commented on 2024-07-12 15:39:49 UTC

url : hxxp://176.123.2.229/empty/fatherscientificpro.zip