MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 500592a2cfd2536eeac2bd102bd56bb2c5f5fb4aff3c15239c6b9b8113c5f2d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 500592a2cfd2536eeac2bd102bd56bb2c5f5fb4aff3c15239c6b9b8113c5f2d7
SHA3-384 hash: ba4c262fee420dfef1a4642d00040c143f22fc24e9533c19d17fc7025ee9a00553b2b904c60f37a21ba6202e003ad768
SHA1 hash: bf99eead4337843f2865d6622c876e2041ce3d3b
MD5 hash: 09c50c33c99809adc4490ea621b29588
humanhash: finch-ohio-lactose-california
File name:Sales Order - Order Confrimation VTR 1000030878526 - 0061-27-EXOL-Q_pdf.js
Download: download sample
File size:796'356 bytes
First seen:2026-05-13 19:32:38 UTC
Last seen:2026-05-15 09:01:29 UTC
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 3072:XGarS34OVwRSEu6VbX/4B3VjV9MNATNRnE25YkYgG:1r6o7VQNRi
Threatray 5 similar samples on MalwareBazaar
TLSH T150057C1282EA15D8F2B75F6C6EF421584627BDB21C3E918D11844FAD4BB3900CEB5FA7
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika txt
Reporter JAMESWT_WT
Tags:5-101-84-202 everycarebd-com js Spam-ITA

Intelligence

File Origin
# of uploads :
2
# of downloads :
111
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.GT.JS.Backdoor.5.5DBF904C.21216.1800.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a04d1f6953bbcef1c9027f4
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 encrypted lolbin masquerade obfuscated repaired wscript
Link:
https://www.filescan.io/uploads/6a04d2002fcb905ec29545af/reports/6bc4edc0-95ba-499e-89c3-555ad388b563/overview
Verdict:
Malicious
Labled as:
VBS/Obfuscated.G trojan
Link:
https://www.hybrid-analysis.com/sample/500592a2cfd2536eeac2bd102bd56bb2c5f5fb4aff3c15239c6b9b8113c5f2d7
Verdict:
Malicious
File Type:
js
First seen:
2026-05-13T08:41:00Z UTC
Last seen:
2026-05-15T16:56:00Z UTC
Hits:
~1000
Detections:
HEUR:Trojan-Downloader.Script.Generic HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/500592a2cfd2536eeac2bd102bd56bb2c5f5fb4aff3c15239c6b9b8113c5f2d7/results?tab=lookup
Score:
67%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/500592a2cfd2536eeac2bd102bd56bb2c5f5fb4aff3c15239c6b9b8113c5f2d7
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/500592a2cfd2536eeac2bd102bd56bb2c5f5fb4aff3c15239c6b9b8113c5f2d7/
Verdict:
Malicious
Threat:
Trojan.Script
Link:
https://tip.neiki.dev/file/500592a2cfd2536eeac2bd102bd56bb2c5f5fb4aff3c15239c6b9b8113c5f2d7
Threat name:
Win32.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2026-05-13 19:20:21 UTC
File Type:
Text (JavaScript)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kaczfiwp2jjw52wcxuicxvllwlc7l62k746bki44nonyce6f6llq._file
Verdict:
malicious
Label(s):
stubrunner
Create hunting rule
purecrypter
Create hunting rule
Similar samples:
2003bb24fba6a50570bf6cbdecc84549a9cf47849ffcd5250a8b5390751c5707
2ead3b4303a43796d7de2cf5fbd28743b3e1cf9690626ae575d360c474fb0639
9b6b53ffc24cf8ca9350321c1b073a7ff034eca45020453af607be0d455d47dd
ba6576128e1ff343101834b5c3b61cfd6b02089ad4977f0b7226ea3c345fa6b9
error
Result
Malware family:
n/a
Score:
  8/10
Tags:
collection discovery execution persistence
Link:
https://tria.ge/reports/260513-x9n9taet9w/
Behaviour
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
System Time Discovery
Drops file in Windows directory
Accesses Microsoft Outlook profiles
Checks computer location settings
Registers new Windows logon scripts automatically executed at logon.
Badlisted process makes network request
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/500592a2cfd2536eeac2bd102bd56bb2c5f5fb4aff3c15239c6b9b8113c5f2d7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments