MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureLogsStealer

Vendor detections: 12

Intelligence 12 IOCs YARA 3 File information Comments

SHA256 hash:	515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7
SHA3-384 hash:	5fd6152d76667948e6c35319caffcd6872e67b058f0a52f5fbc52f1798b705c8ae32da6c94d1e61c738093ad6099da88
SHA1 hash:	84a437ada773a6679b20fa2fe205e6715c35481b
MD5 hash:	031c02d5a95223074c0771eff6799cbe
humanhash:	eighteen-alabama-five-skylark
File name:	515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7
Download:	download sample
Signature	PureLogsStealer Create hunting rule
File size:	732'160 bytes
First seen:	2026-02-05 15:03:17 UTC
Last seen:	2026-02-05 15:26:37 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'795 x AgentTesla, 19'693 x Formbook, 12'274 x SnakeKeylogger)
ssdeep	12288:W3ITnCtqwm6lf5PTAh86LqNv5x7Be5T9rKrPmI2IIFlRiCh5TL8WysQBF:72V1nswx745T9rYT0nlVNo
TLSH	T17CF40118261FD806C4A11FB419B2E3B89BB58FD9B941C607CFE53EDFF13AA581854386
TrID	69.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.0% (.EXE) Win64 Executable (generic) (10522/11/4) 6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.2% (.EXE) Win32 Executable (generic) (4504/4/1) 1.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Magika	pebin
Reporter	adrian__luca
Tags:	exe PureLogsStealer

Intelligence

File Origin

# of uploads :

# of downloads :

111

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

RoboSki

Details

Link:

https://research.acce.ciphertechsolutions.com/results/1a59e0b0-e1ce-42d6-ac36-fee603217951/

Malware family:

n/a

ID:

File name:

20260112_BAOC_1xxxxx879_4219_4219.exe

Verdict:

Malicious activity

Analysis date:

2026-01-15 06:06:02 UTC

Tags:

netreactor purehvnc stealer

Link:

https://app.any.run/tasks/bde99038-313e-46bd-a37c-95a95982b383

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/51885/

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6984b17bae5379bb6609bf5d

Tags:

agenttesla stealer virus msil

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-01-11T23:55:00Z UTC

Last seen:

2026-02-07T13:35:00Z UTC

Hits:

~1000

Detections:

HEUR:Trojan-PSW.MSIL.Agensla.gen VHO:Trojan-PSW.Win32.ReaderDB.gen Trojan-PSW.PureLogs.TCP.C&C PDM:Trojan.Win32.Generic HEUR:Trojan.MSIL.Injector.gen Trojan.MSIL.Inject.sb Trojan.MSIL.Crypt.sb

Link:

https://opentip.kaspersky.com/515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/5d6efc58-eaa3-431f-9054-8268c2156578

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.30 Win 32 Exe x86

Link:

https://app.malva.re/file/031c02d5a95223074c0771eff6799cbe

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7/

Verdict:

Malicious

Threat:

Family.PUREHVNC

Link:

https://tip.neiki.dev/file/515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7

Threat name:

ByteCode-MSIL.Trojan.PureLogStealer

Status:

Malicious

First seen:

2026-01-12 03:03:16 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 36 (72.22%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=kfldrxbdbjsjfbbirpxvgpfzd6ivuztlkoaozptxapjiycqebhtq._file

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery

Link:

https://tria.ge/reports/260205-se8mragy5g/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Unpacked files

SH256 hash:

515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7

MD5 hash:

031c02d5a95223074c0771eff6799cbe

SHA1 hash:

84a437ada773a6679b20fa2fe205e6715c35481b

Link:

https://www.unpac.me/results/1ac77844-9419-4c3a-afeb-c29fdf700756/

SH256 hash:

73c64a7bc79b06e79da1d9e0e6e5cf8f258dede8ac5f1a99b30cf3b79ebcaba5

MD5 hash:

44bf6b9ddd40e3969d77cce9277baf0b

SHA1 hash:

0f29c0113de08d097836225611c4043b14411504

Detections:

SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/1ac77844-9419-4c3a-afeb-c29fdf700756/

SH256 hash:

98a1042ae972cff23b7e923a74c717243dffeb8dee140db5fd8e0ff44c9c218f

MD5 hash:

577ba22e27531a69c7cf75256bd7f7de

SHA1 hash:

2e067d6472440cc027a9ae0c6e9c788f7b89a962

Link:

https://www.unpac.me/results/1ac77844-9419-4c3a-afeb-c29fdf700756/

SH256 hash:

5e0754f79a76a1a43b9a68e28bdc9be116b669e5be50b6d3ffbc0c41eca1b2b0

MD5 hash:

96d1bc601d1c06ef851f30c6d37ebf63

SHA1 hash:

497c82f14f2e4897e2e7a2f871a949de40ba03c0

Link:

https://www.unpac.me/results/1ac77844-9419-4c3a-afeb-c29fdf700756/

SH256 hash:

5d650028d7899aa8445ed5ec3df4d46975bd70102d71f3be4d2e20b41f053074

MD5 hash:

6718fd4116e3af0c9c138396a4e4b5a9

SHA1 hash:

8774a1c992689d5b893842ea5a3de3c7c4846976

Detections:

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/1ac77844-9419-4c3a-afeb-c29fdf700756/

Parent samples :

e6264e23ab6c57f4c3afde927733cdaf959061a5f0fb89d5802d83d047fb11e9
8dc0327f4ce514126c41ec3d9243acc9ce79648e0aa41435acd7ceb1d83f2292
515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.61

Link:

https://yomi.yoroi.company/submissions/515638dc230a649284288bef533cb91f915a666b5380ecbe7703d28c0a0409e7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/51885/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample