MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e051fd042368a3dbdda8ba75ff1730eb828577b0295e82e90c19ca2a1f44051c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PureLogsStealer


Vendor detections: 7


Intelligence 7 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e051fd042368a3dbdda8ba75ff1730eb828577b0295e82e90c19ca2a1f44051c
SHA3-384 hash: 7f4fe3feb43b5f3913c12c9d8207a68697ee89f46efd41ce06787bb76a4cfe0c753924e0886c9190b79b7438cd3ca577
SHA1 hash: a712df1469709d1b98e46207dee75b3e9e3401ad
MD5 hash: af4ff2dd41ea5bdcb6db44dba35f1319
humanhash: lithium-michigan-tennis-quiet
File name:Installer.iso
Download: download sample
Signature PureLogsStealer
Create hunting rule
File size:17'631'232 bytes
First seen:2026-02-07 12:16:38 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 393216:ypkfrOsCZ2bxlAc3qE7E/QpV9sVm1JHMp+/6ZdNrR8bwF/:ypCrZMBc6E7E/kV9sVMJspMAR8bW
TLSH T13E0733215A16E19ACDB609BA23E2D170564294027C049B4C3FDE31FE87EB472BFCE95D
TrID 88.6% (.NULL) null bytes (2048000/1)
11.0% (.HTP) HomeLab/BraiLab Tape image (256000/1)
0.1% (.ISO) ISO 9660 CD image (2545/36/1)
0.0% (.PP2D) Pro Pixel Demo Image (2013/3/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Magika iso
Reporter aachum
Tags:iso purecrypter PureHVNC PureLogsStealer


Avatar
iamaachum
https://dl89sfilesbase.top/downloads/Vgs3Rm9uZ/AppSetup

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
ES ES
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:ReadMe.txt
File size:761 bytes
SHA256 hash: 8dac22f984bff8e1162b63065ed3b990b44fe9b7a2da940ca3a6053c202a1bc3
MD5 hash: ff0400d5397036ff353727a5f9941455
MIME type:text/plain
Signature PureLogsStealer
File name:Installer_v5014_x64.exe
File size:17'576'448 bytes
SHA256 hash: b7f45956fcc360cdbe6b5b8d7c510dcc46a8c802f0d40dcee5dc3f852ed90b93
MD5 hash: 50e91f0dd8908e00009368be9341807c
MIME type:application/x-dosexec
Signature PureLogsStealer
Vendor Threat Intelligence
Malware configuration found for:
Archives
Details
Archives
extracted archive contents
Link:
https://research.acce.ciphertechsolutions.com/results/54ad77f2-e850-4cdd-bf51-c520b4b938ac/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69872d813cadc639ed8438cb
Tags:
n/a
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/e051fd042368a3dbdda8ba75ff1730eb828577b0295e82e90c19ca2a1f44051c
Verdict:
Malicious
File Type:
iso
First seen:
2026-02-07T09:35:00Z UTC
Last seen:
2026-02-07T10:10:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e051fd042368a3dbdda8ba75ff1730eb828577b0295e82e90c19ca2a1f44051c/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e051fd042368a3dbdda8ba75ff1730eb828577b0295e82e90c19ca2a1f44051c/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/e051fd042368a3dbdda8ba75ff1730eb828577b0295e82e90c19ca2a1f44051c
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-07 12:17:31 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4bi72bbdncr5xxnixj276fzq5obik55qffpif2imdhfcuh2eauoa._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
defense_evasion execution persistence themida trojan
Link:
https://tria.ge/reports/260207-re6bysas5h/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Looks up external IP address via web service
Checks BIOS information in registry
Executes dropped EXE
Themida packer
Command and Scripting Interpreter: PowerShell
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/e051fd042368a3dbdda8ba75ff1730eb828577b0295e82e90c19ca2a1f44051c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:HeavensGate
Create hunting rule
Author:kevoreilly
Description:Heaven's Gate: Switch from 32-bit to 64-mode
Rule name:INDICATOR_EXE_Packed_Themida
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with Themida
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:win32_dotnet_obfuscate
Create hunting rule
Author:Reedus0
Description:Rule for detecting .NET obfuscated malware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PureLogsStealer

iso e051fd042368a3dbdda8ba75ff1730eb828577b0295e82e90c19ca2a1f44051c

(this sample)

PureLogsStealer

Executable exe b7f45956fcc360cdbe6b5b8d7c510dcc46a8c802f0d40dcee5dc3f852ed90b93

  
Link
https://tria.ge/260207-n75dksc17a/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 b7f45956fcc360cdbe6b5b8d7c510dcc46a8c802f0d40dcee5dc3f852ed90b93
  
Dropping
MD5 50e91f0dd8908e00009368be9341807c

Comments