MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d2944f334acc2722e643ad9742a081314ff2bd8c4b71ddf5561636dc3e83377. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureLogsStealer

Vendor detections: 14

Intelligence 14 IOCs YARA 5 File information Comments

SHA256 hash:	6d2944f334acc2722e643ad9742a081314ff2bd8c4b71ddf5561636dc3e83377
SHA3-384 hash:	91adafcf4d03ec8d4b7afb762bd361a04623fe290ca23188cf3228a96b925b648b9da2d8a6fd15ce71af9f4906a16b1c
SHA1 hash:	a7da42466b7d2a3a393286ffd31fa075c4ac3f22
MD5 hash:	c1f104002abe1d773a02bb3e0d46625b
humanhash:	tennessee-vermont-oven-golf
File name:	SecuriteInfo.com.Win64.MalwareX-gen.55813551
Download:	download sample
Signature	PureLogsStealer Create hunting rule
File size:	705'880 bytes
First seen:	2025-09-24 13:41:48 UTC
Last seen:	2025-09-26 04:06:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	97e5a31c945b50f9f6676688768eef5e (8 x PureLogsStealer)
ssdeep	12288:Q2pUvPywXvph8z5h/cfAdLisjyz+AxfihZg690Faew4:dQR0Lis+KUfiY690Fnw4
TLSH	T1A5E401E1BEE46CCADA35523851D5C622353DFAD089A34B0BD23066361E23ED13DDA7C6
TrID	44.4% (.EXE) Win64 Executable (generic) (10522/11/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe PureLogsStealer

Intelligence

File Origin

# of uploads :

# of downloads :

133

Origin country :

Vendor Threat Intelligence

Malware family:

amadey

ID:

File name:

cb349ab1e15994b9f34615263406e468bcba840dc41ffbd829ea06c4e37ed59a

Verdict:

Malicious activity

Analysis date:

2025-09-24 13:28:12 UTC

Tags:

github python auto-sch stealc stealer miner smb amadey botnet phishing payload auto-reg anti-evasion xenorat rat networm amus diamotrix clipper auto-startup evasion njrat bladabindi cobaltstrike backdoor pyinstaller telegram lumma pastebin websocket koistealer koiloader koi snake keylogger discord

Link:

https://app.any.run/tasks/c7a58166-0ef7-478b-b5a5-c461fd32b563

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28811/

Detection(s):

SecuriteInfo.com.Win64.MalwareX-gen.55813551.UNOFFICIAL

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68d543d7cc9425144151d4df

Tags:

injection obfusc virus

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for analyzing tools

Searching for the window

Creating a file in the Windows subdirectories

Сreating synchronization primitives

Connection attempt

Sending a custom TCP request

Using the Windows Management Instrumentation requests

Creating a window

Reading critical registry keys

Stealing user critical data

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug expand hacktool lolbin obfuscated overlay packed packed packer_detected

Link:

https://www.filescan.io/uploads/68d3f5d474e5a28989910b10/reports/b642d106-16d6-44f9-a12a-dfebe71254f2/overview

Verdict:

Malicious

Labled as:

Zusy.Generic

Link:

https://www.hybrid-analysis.com/sample/6d2944f334acc2722e643ad9742a081314ff2bd8c4b71ddf5561636dc3e83377

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-09-24T09:03:00Z UTC

Last seen:

2025-09-24T09:03:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/6d2944f334acc2722e643ad9742a081314ff2bd8c4b71ddf5561636dc3e83377/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/3921eba9-b877-4f9a-bbac-e28d733f32f5

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/6d2944f334acc2722e643ad9742a081314ff2bd8c4b71ddf5561636dc3e83377

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/c1f104002abe1d773a02bb3e0d46625b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6d2944f334acc2722e643ad9742a081314ff2bd8c4b71ddf5561636dc3e83377/

Threat name:

Win64.Infostealer.Tinba

Status:

Malicious

First seen:

2025-09-24 12:01:44 UTC

File Type:

PE+ (Exe)

AV detection:

20 of 24 (83.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=nuuuj4zuvtbheltehlmxikqicmkp6k6yys3r3x2vmfrw3q7ign3q._file

Verdict:

malicious

Label(s):

katzstealer

donut_injector

Similar samples:

error

PureLogsStealer

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250924-q6dkkshq2s/

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/d593e0b6-36c7-4d30-aec0-f3927c45569e

Unpacked files

SH256 hash:

6d2944f334acc2722e643ad9742a081314ff2bd8c4b71ddf5561636dc3e83377

MD5 hash:

c1f104002abe1d773a02bb3e0d46625b

SHA1 hash:

a7da42466b7d2a3a393286ffd31fa075c4ac3f22

Link:

https://www.unpac.me/results/4b3c588f-ac72-4f27-8765-2b891b5245f4/

Malware family:

DonutLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/6d2944f334ac/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Check_FindWindowA_iat Create hunting rule

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PureLogsStealer

exe 6d2944f334acc2722e643ad9742a081314ff2bd8c4b71ddf5561636dc3e83377

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3630973/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/28811/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample