MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c18d8fd2df13229cd0bce8ae2483a0f8c29604bdbaef26beba28fa28483dad5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureLogsStealer

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	7c18d8fd2df13229cd0bce8ae2483a0f8c29604bdbaef26beba28fa28483dad5
SHA3-384 hash:	4d1e8f5b37fc9fc0c8a6e317977ff72de59ff88deb17d54faa4bdeff66f1e37170e134912d09fc5411dc4eb2e11d79bb
SHA1 hash:	f5cdcc6365f0c8056d59db974a2b6fa9fa7d8cc4
MD5 hash:	df6ed495d4907f835df22ceb61d41cb2
humanhash:	massachusetts-butter-illinois-juliet
File name:	Payment_Update_Profoma_Invoice_pdf.txz.rar
Download:	download sample
Signature	PureLogsStealer Create hunting rule
File size:	110'246 bytes
First seen:	2026-06-08 14:29:11 UTC
Last seen:	2026-06-08 15:01:21 UTC
File type:	rar
MIME type:	application/x-rar
ssdeep	3072:GGcnm6gqbsqmWuyMD/io2qXc0S8UZ3eqwyfHl8:GGDWAqmyMTZ9K85898
TLSH	T1ABB312739310D9528B19F7FC4808EC234FBA1EF9D173A6B115D5FB223C96694A16CE41
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	TomU
Tags:	PureLogsStealer rar

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	output_hkfw54uc.js
File size:	815'954 bytes
SHA256 hash:	c32b6b3dc86e292e46c705726ed9ac425c02391702fad0fa3c9d38a1580291fe
MD5 hash:	f88fdac911750272f8228dbe060d071b
MIME type:	text/plain
Signature	PureLogsStealer

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/e82dec4c-33fb-4ee6-8e38-7050fbb455e5/

Detection(s):

Sanesecurity.Foxhole.JS_Rar_1.UNOFFICIAL

SecuriteInfo.com.Suspicious-Rar-JS.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a26d1e6ae2f98c00a68e34f

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

conhost obfuscated powershell repaired

Link:

https://www.filescan.io/uploads/6a26d1df8161ac6cb55d45d5/reports/ee84be8a-c6db-4fe5-a25d-f0f00f93f0a1/overview

Verdict:

Malicious

Link:

https://www.hybrid-analysis.com/sample/7c18d8fd2df13229cd0bce8ae2483a0f8c29604bdbaef26beba28fa28483dad5

Verdict:

Malicious

File Type:

rar

First seen:

2026-06-08T13:06:00Z UTC

Last seen:

2026-06-09T08:08:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/7c18d8fd2df13229cd0bce8ae2483a0f8c29604bdbaef26beba28fa28483dad5/results?tab=lookup

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7c18d8fd2df13229cd0bce8ae2483a0f8c29604bdbaef26beba28fa28483dad5/

Threat name:

Win32.Trojan.Vigorf

Status:

Malicious

First seen:

2026-06-08 07:06:50 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pqmnr7jn6ezcttilz2foesb2b6gcsycl3oxpe27lukh2fbed3lkq._file

Result

Malware family:

n/a

Score:

8/10

Tags:

defense_evasion execution

Link:

https://tria.ge/reports/260608-r2nenaez8k/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Hide Artifacts: Hidden Window

Checks computer location settings

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7c18d8fd2df13229cd0bce8ae2483a0f8c29604bdbaef26beba28fa28483dad5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

PureLogsStealer

rar 7c18d8fd2df13229cd0bce8ae2483a0f8c29604bdbaef26beba28fa28483dad5

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample