MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce5768c813e1acc449d0dd4af0bbb2db04d3ed87ac516ca265aff99340b54160. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PureLogsStealer


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce5768c813e1acc449d0dd4af0bbb2db04d3ed87ac516ca265aff99340b54160
SHA3-384 hash: 6264c74fb6e8542b03fecd9a87b750507b062af0e27c8c83077b070ca2d0770c0bbbfc7c31b93134d8ec6df24feebc55
SHA1 hash: 475d6f3cd08c5edd19993ace8c1a758c49739f37
MD5 hash: 3744114d4f933e80ec4c13d74958bc27
humanhash: oklahoma-connecticut-missouri-lactose
File name:PurchaseOrder_00871_Shanghuigou_20260603.pdf.zip
Download: download sample
Signature PureLogsStealer
Create hunting rule
File size:153'191 bytes
First seen:2026-06-06 18:44:56 UTC
Last seen:2026-06-08 14:52:01 UTC
File type: zip
MIME type:application/zip
ssdeep 3072:DPF4URZEay3b5HI9KhGM9dBFDkpqnhdyajIZQH141akdL9C:DPFBwFIVMvBFDCaQQHa1lx9C
TLSH T16BE322357907679D1439C58E7D8FE50F27D58C764EB8323039EA8003AB97B91E2C5E18
Magika zip
Reporter TomU
Tags:PureLogsStealer zip

Intelligence

File Origin
# of uploads :
3
# of downloads :
133
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:PurchaseOrder_00871_Shanghuigou_20260603.pdf.js
File size:797'520 bytes
SHA256 hash: f272a51c813b2d3c3748457bd842ae2125596dc6786e1a326bac2479b01273cf
MD5 hash: e75d3ba263f9668d4b3d3ba1305e0065
MIME type:text/plain
Signature PureLogsStealer
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/0f359a1c-eec0-4527-8fe3-e54c6097eb2c/
Detection(s):
Win.Trojan.Suspect-34
Create hunting rule

Sanesecurity.Foxhole.Zip_badexts48.UNOFFICIAL
Create hunting rule

Sanesecurity.Foxhole.Zip_fs676.UNOFFICIAL
Create hunting rule

Sanesecurity.Foxhole.Zip_JsNum.Up.UNOFFICIAL
Create hunting rule

Archive.Filetype.DualExtJS-6168221-2
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a2119bef8676ad4d360f02a
Tags:
infosteal rapid
Result
Verdict:
Malicious
File Type:
JS File - Malicious
Link:
https://app.docguard.net/ce5768c813e1acc449d0dd4af0bbb2db04d3ed87ac516ca265aff99340b54160/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 conhost masquerade powershell repaired
Link:
https://www.filescan.io/uploads/6a246ad277463968d61af768/reports/433abc9b-ab5e-4eea-90fa-fcbcd2c30083/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/ce5768c813e1acc449d0dd4af0bbb2db04d3ed87ac516ca265aff99340b54160
Verdict:
Malicious
File Type:
zip
First seen:
2026-06-03T21:54:00Z UTC
Last seen:
2026-06-08T05:28:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/ce5768c813e1acc449d0dd4af0bbb2db04d3ed87ac516ca265aff99340b54160/results?tab=lookup
Score:
51%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/ce5768c813e1acc449d0dd4af0bbb2db04d3ed87ac516ca265aff99340b54160
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce5768c813e1acc449d0dd4af0bbb2db04d3ed87ac516ca265aff99340b54160/
Threat name:
Win32.Trojan.Redirector
Create hunting rule
Status:
Malicious
First seen:
2026-06-04 02:57:24 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zzlwrsat4gwmisoq3vfpbo5s3mcnh3mhvriwzitfv74zgqfvifqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ce5768c813e1acc449d0dd4af0bbb2db04d3ed87ac516ca265aff99340b54160

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

PureLogsStealer

zip ce5768c813e1acc449d0dd4af0bbb2db04d3ed87ac516ca265aff99340b54160

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments