MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e279b97a4fcc8187136ca076d0bc25b9b7622483e8f26733fe2574485e6f3a36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e279b97a4fcc8187136ca076d0bc25b9b7622483e8f26733fe2574485e6f3a36
SHA3-384 hash: d841e70242e4c4bec2809d33732da4dd43fd0f88a7731ad2df629e56c004e14da89a8d5650b5812ae82d6bc8e010b9e8
SHA1 hash: 704452bc5928f8afd32ae20650f28e573ad4b133
MD5 hash: c94f1677b7278c0090961481586c9461
humanhash: texas-happy-eighteen-ten
File name:PurgeStealer.exe
Download: download sample
File size:300'544 bytes
First seen:2022-02-22 11:28:23 UTC
Last seen:2022-02-22 13:54:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 529939b14a0e5d7e4127b123ca186e6a
ssdeep 6144:YsVWsITC2aQc+TWYgeWYg955/155/ZvU1pPwkVzYrdsWlqxr6PbRseJZjV:YuWrlaQpWYgeWYg955/155/RFieJH
Threatray 283 similar samples on MalwareBazaar
TLSH T1A8546B0A639A0CD4E9ABD13889838245F7B2FC514B02DBDF2290375E5FB31E19D7E685
File icon (PE):PE icon
dhash icon f0e89496ccf0f0e0
Reporter Anonymous
Tags:exe PurgeStealer


Avatar
Anonymous
https://github.com/PurgerDev/PurgeStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PurgeStealer.zip
Verdict:
Malicious activity
Analysis date:
2022-02-19 23:43:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4fe06a97-2007-4428-b24c-fc408a02c635

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/243245/
Detection(s):
SecuriteInfo.com.Trojan.Malware.300983.susgen.6077.2240.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/7004/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/6214c907ac8ad0468b65f2f4/reports/3e5fdc4e-1274-49b6-a4b2-cc27fbde9927/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/f5246958-62f3-47c5-b09b-5173b0f6969a
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/943899
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e279b97a4fcc8187136ca076d0bc25b9b7622483e8f26733fe2574485e6f3a36/
Verdict:
unknown
Similar samples:
0a223aa68af0c2af0baabda61d82748629078720a017ef4836f3322a76cb691a
2cc5f31570047becc5e77581e2f640afba8d6904c6be61105603d60d01c181d0
3303a19789a73fa70a107f8e35a4ce10bb4f6a69ac041a1947481ed8ae99a11c
4cd754af5d3b9faa7e9626f79fccc35464224247a10f4d01ef502a0423e637a7
6dfd902231e6aa1301c11eca21f5a29456aa020bfe1eb19d05541ab32316a326
8f9cdf75c272fda7df367232756ea065600077804b16506ee5a4203571328217
b10274561191cedb0b16d2a69fdcd4e5062edfe2621842eacd55945ffded3f57
c9de02209482359466292be7bc0464fc65037698b38c1566cd331720e65f8ea0
+ 273 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220222-nlk3tahdan/
Behaviour
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Unpacked files
SH256 hash:
e279b97a4fcc8187136ca076d0bc25b9b7622483e8f26733fe2574485e6f3a36
MD5 hash:
c94f1677b7278c0090961481586c9461
SHA1 hash:
704452bc5928f8afd32ae20650f28e573ad4b133
Link:
https://www.unpac.me/results/bc693acd-ddb7-4a8d-aff2-93020a6bca81/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e279b97a4fcc8187136ca076d0bc25b9b7622483e8f26733fe2574485e6f3a36

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/243245/

Comments