MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a103462a3933e381b06b239b43bbc4ae9b4af4ea5af56a301df6dbcf4a43ee8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureLogsStealer

Vendor detections: 11

Intelligence 11 IOCs 1 YARA 8 File information Comments

SHA256 hash:	1a103462a3933e381b06b239b43bbc4ae9b4af4ea5af56a301df6dbcf4a43ee8
SHA3-384 hash:	f1a76f08d989952b4259f8e8f7abaa09dc39344b0378777609a0c967fe5226be91a81569ce147a2d422563e0e35f75b9
SHA1 hash:	16df9114e8dd746fd41aa9f4b41ce233cc5da7fb
MD5 hash:	60b9e56fa68dc6bc17949d31fec7387c
humanhash:	jig-violet-fifteen-michigan
File name:	arquivo_20250908021144.exe
Download:	download sample
Signature	PureLogsStealer Create hunting rule
File size:	588'288 bytes
First seen:	2025-09-08 11:15:19 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'751 x AgentTesla, 19'656 x Formbook, 12'248 x SnakeKeylogger)
ssdeep	12288:x2AqJVwhZLTbJXc+xsVuLwxayC3r8/TjktAPKxwgCRWsZhiucR:IVs7s+xsIkYustAPKinxTeR
TLSH	T12DC4234E6AE9D2A8C6B1173FECF6830213D6C253E4038F9EF186776D51537BAC606216
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10522/11/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	pr0xylife
Tags:	exe PureLogsStealer

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
45.137.70.55:5888	https://threatfox.abuse.ch/ioc/1584049/

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

arquivo_20250908021144.exe

Verdict:

No threats detected

Analysis date:

2025-09-08 11:16:47 UTC

Tags:

anti-evasion

Link:

https://app.any.run/tasks/0290dacf-7d3a-4bde-9435-235928dbb560

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/26235/

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68bebaeeb20052598878f975

Tags:

n/a

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Using the Windows Management Instrumentation requests

Creating a window

Creating a file

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 net_reactor obfuscated packed packed

Link:

https://www.filescan.io/uploads/68bebaea0e06820e2750cb96/reports/dfab51f0-abbd-4fce-94d8-5fe96d6df9ca/overview

Verdict:

Malicious

Labled as:

Jalapeno.Generic

Link:

https://www.hybrid-analysis.com/sample/1a103462a3933e381b06b239b43bbc4ae9b4af4ea5af56a301df6dbcf4a43ee8

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-09-05T11:01:00Z UTC

Last seen:

2025-09-05T11:01:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/1a103462a3933e381b06b239b43bbc4ae9b4af4ea5af56a301df6dbcf4a43ee8/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/70aa4c7c-b845-4c34-b774-71ee185cb9d7

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/1a103462a3933e381b06b239b43bbc4ae9b4af4ea5af56a301df6dbcf4a43ee8

Verdict:

inconclusive

YARA:

10 match(es)

Tags:

.Net Executable Managed .NET PE (Portable Executable) PE File Layout SOS: 0.64 Win 32 Exe x86

Link:

https://app.malva.re/file/60b9e56fa68dc6bc17949d31fec7387c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1a103462a3933e381b06b239b43bbc4ae9b4af4ea5af56a301df6dbcf4a43ee8/

Threat name:

ByteCode-MSIL.Trojan.Jalapeno

Status:

Malicious

First seen:

2025-09-06 01:21:23 UTC

AV detection:

25 of 38 (65.79%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=diidiyvdsm7dqgygwi43io54jlu3jl2ouwxvniyb35w3z5feh3ua._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250908-nczvlsbj41/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/6756a0c4-1c7b-44b6-bc62-5c5605e5229c

Unpacked files

SH256 hash:

1a103462a3933e381b06b239b43bbc4ae9b4af4ea5af56a301df6dbcf4a43ee8

MD5 hash:

60b9e56fa68dc6bc17949d31fec7387c

SHA1 hash:

16df9114e8dd746fd41aa9f4b41ce233cc5da7fb

Link:

https://www.unpac.me/results/73938028-8b29-4e7e-8bb1-71b7466ef7f9/

SH256 hash:

ddb5666ac782751b254b210485234984729d0472723dbb5ac3c8c406df5e19c8

MD5 hash:

7dc9bbd1f6f0703d419a9fccebbb720c

SHA1 hash:

0724b0701869947d83a104b5ec51aabbec66466f

Detections:

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/73938028-8b29-4e7e-8bb1-71b7466ef7f9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/1a103462a3933e381b06b239b43bbc4ae9b4af4ea5af56a301df6dbcf4a43ee8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/26235/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample