MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d88ee06812199ed7d3a407454167cb95b00b57f9857f6bc0b987b9e78926ed20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureLogsStealer

Vendor detections: 10

Intelligence 10 IOCs YARA 5 File information Comments

SHA256 hash:	d88ee06812199ed7d3a407454167cb95b00b57f9857f6bc0b987b9e78926ed20
SHA3-384 hash:	cecf6c0383678e52abab55143c18ac8927b3da2a1e7d8d8cd9e42b1e6c29a3856537bfa1b5c122d8160eb760255246a0
SHA1 hash:	4bac3399d459fc43bb36d845cbf3ccadcc9fe39a
MD5 hash:	ee9c34f881f70a0641caf784fa6ebf44
humanhash:	nineteen-fourteen-fillet-alanine
File name:	ee9c34f881f70a0641caf784fa6ebf44.exe
Download:	download sample
Signature	PureLogsStealer Create hunting rule
File size:	835'584 bytes
First seen:	2024-02-29 09:58:16 UTC
Last seen:	2024-02-29 11:15:42 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	12e12319f1029ec4f8fcbed7e82df162 (388 x DCRat, 52 x RedLineStealer, 51 x Formbook)
ssdeep	12288:2ToPWBv/cpGrU3yVtX+t4Vv38MpkVmRuOb4xuTIfJyxQ6s5g6cE6L8TRJtgKYUMn:2TbBv5rUyXVv38pYguTooU5rcfzNUMjb
TLSH	T128050202B9C1D5B2D4721C331A666B11A97DBE201F76CEDF63D06A1EDA315C0DB317A2
TrID	89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39) 3.5% (.EXE) Win64 Executable (generic) (10523/12/4) 2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 1.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.5% (.EXE) Win32 Executable (generic) (4504/4/1)
File icon (PE):
dhash icon	9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter	abuse_ch
Tags:	exe PureLogStealer

Intelligence

File Origin

# of uploads :

# of downloads :

327

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.38920448.13962.7593.UNOFFICIAL

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-vm installer lolbin setupapi sfx shdocvw shell32

Link:

https://www.filescan.io/uploads/65e055685382d6240abb1daa/reports/7501aea7-1eda-4ffd-8e4f-454502848260/overview

Verdict:

Malicious

Labled as:

Trojan.Uztuby

Link:

https://www.hybrid-analysis.com/sample/d88ee06812199ed7d3a407454167cb95b00b57f9857f6bc0b987b9e78926ed20

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/dd490e35-89cb-440f-b009-2d5e192ecef9

Result

Threat name:

PureLog Stealer, zgRAT

Detection:

malicious

Classification:

troj

Score:

54 / 100

Link:

https://www.joesandbox.com/analysis/1400825

Signature

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected PureLog Stealer

Yara detected zgRAT

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/d88ee06812199ed7d3a407454167cb95b00b57f9857f6bc0b987b9e78926ed20

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d88ee06812199ed7d3a407454167cb95b00b57f9857f6bc0b987b9e78926ed20/

Threat name:

Win32.Trojan.Znyonm

Status:

Malicious

First seen:

2024-02-29 09:59:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3choa2asdgpnpu5ea5cucz6lswyawv7zqv7wxqfzq646pcjg5uqa._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/240229-lz2xdadh63/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Unpacked files

SH256 hash:

e1abdb3e3ff2bd80a573b6aa4e46b0bdadd0ecee223ca9b291401639fa0a5a76

MD5 hash:

f30caf5bf4ca5fafa0588f23c84aa80d

SHA1 hash:

3dc961ca9ceb003b06b4296a3d8fe466b6350f94

Detections:

INDICATOR_EXE_Packed_DotNetReactor

Link:

https://www.unpac.me/results/90a724a4-a82d-4924-9d1c-bdbb1619883f/

SH256 hash:

d88ee06812199ed7d3a407454167cb95b00b57f9857f6bc0b987b9e78926ed20

MD5 hash:

ee9c34f881f70a0641caf784fa6ebf44

SHA1 hash:

4bac3399d459fc43bb36d845cbf3ccadcc9fe39a

Link:

https://www.unpac.me/results/90a724a4-a82d-4924-9d1c-bdbb1619883f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d88ee06812199ed7d3a407454167cb95b00b57f9857f6bc0b987b9e78926ed20

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	maldoc_find_kernel32_base_method_1 Create hunting rule
Author:	Didier Stevens (https://DidierStevens.com)

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SelfExtractingRAR Create hunting rule
Author:	Xavier Mertens
Description:	Detects an SFX archive with automatic script execution

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample