MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 faced2adeaec0288a1ceba72d695abb40fead5349e61b54f701b7e07e931a1e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PureHVNC


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: faced2adeaec0288a1ceba72d695abb40fead5349e61b54f701b7e07e931a1e3
SHA3-384 hash: 0ae294db00b5bad57d3b1604e2d95658319b5d70f67e76548af396ea6c3dbb3c4cdb32e3683b5cd3c28cfb5cb616b60b
SHA1 hash: 58d7b2dfa1066dac73477614a793d49784c5b361
MD5 hash: b1cf9b8a873596479cfe0d46a9cd86fe
humanhash: sink-xray-alabama-mexico
File name:GMISI_Payment_Proof_Invoices_11547USD.js
Download: download sample
Signature PureHVNC
Create hunting rule
File size:1'112'832 bytes
First seen:2026-05-20 06:49:28 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:oXHwrioznSYfDdcInek0fZQSs5WVmxB1Eo+g7Vp89yd9mAMfo6YGguFS9c4js1un:YHwrioznSYfDdLnek0fZm5kwAex6YdH
Threatray 77 similar samples on MalwareBazaar
TLSH T184350D26E7E94019F2F28F50BE7744359877BF162E2DD95C2284054D45B2A08E8BEB3F
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika javascript
Reporter JAMESWT_WT
Tags:108-171-192-181 js kevtel-com PureHVNC Spam-ITA

Intelligence

File Origin
# of uploads :
1
# of downloads :
160
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.JS.Starter.160.18498.26260.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a0d597f4f2b29ce040198db
Tags:
virus shell spawn
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 encrypted masquerade repaired
Link:
https://www.filescan.io/uploads/6a0d59bbefbd399b39bdc84f/reports/b0ab32fa-26da-4f3b-a327-a66707ee0879/overview
Verdict:
Suspicious
Labled as:
JS/Agent.EGM
Link:
https://www.hybrid-analysis.com/sample/faced2adeaec0288a1ceba72d695abb40fead5349e61b54f701b7e07e931a1e3
Verdict:
Malicious
File Type:
js
First seen:
2026-05-20T00:14:00Z UTC
Last seen:
2026-05-22T05:17:00Z UTC
Hits:
~1000
Detections:
Trojan.MSIL.Agent.sb HEUR:Trojan.Script.Generic HEUR:Trojan-Downloader.Script.Generic
Link:
https://opentip.kaspersky.com/faced2adeaec0288a1ceba72d695abb40fead5349e61b54f701b7e07e931a1e3/results?tab=lookup
Score:
29%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/faced2adeaec0288a1ceba72d695abb40fead5349e61b54f701b7e07e931a1e3
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/faced2adeaec0288a1ceba72d695abb40fead5349e61b54f701b7e07e931a1e3/
Verdict:
Malicious
Threat:
Trojan.MSIL.Agent
Link:
https://tip.neiki.dev/file/faced2adeaec0288a1ceba72d695abb40fead5349e61b54f701b7e07e931a1e3
Threat name:
Script-JS.Trojan.Redirector
Create hunting rule
Status:
Malicious
First seen:
2026-05-20 03:59:53 UTC
File Type:
Text (JavaScript)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7lhnflpk5qbiriooxjznnfnlwqh6vvjutzq3kt3qdn7ap2jruhrq._file
Verdict:
malicious
Label(s):
purecrypter
Create hunting rule
stubrunner
Create hunting rule
Similar samples:
2abef9c410a3a2675ac87b87a6c0afcc6e7ac3eb4ea79d78ed4fd12ae0b6f934
PureHVNC
3defedb00eacf41a0ada69c1382f13a694c762281c62dcd6eb7a149f311723cc
PureHVNC
500592a2cfd2536eeac2bd102bd56bb2c5f5fb4aff3c15239c6b9b8113c5f2d7
PureHVNC
579085581348296ae88419296edc6a8e91acf4463c7994112b5c3f7f3653710e
PureHVNC
5d2a2c2695bc838b3d43c8d300427111005186f6e9dfee24bf8a8136e705bcd5
PureHVNC
61d424c2e3c5d8db831dc1cc697dfa4a94ebe86e008c24c31bfd34641815273a
PureHVNC
c2fb02b85873a6ca9a28f0aa422901a90687d21040af2e65ff8bbd0f3f7a5127
PureHVNC
d218c6a408aac1ed96d166aa142c4535726af2767bbf473859df0e1091b9be81
PureHVNC
error
PureHVNC
+ 67 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
collection discovery execution persistence
Link:
https://tria.ge/reports/260520-hl8wzsht2v/
Behaviour
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Time Discovery
Drops file in Windows directory
Accesses Microsoft Outlook profiles
Checks computer location settings
Registers new Windows logon scripts automatically executed at logon.
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Malware family:
PureRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/faced2adeaec/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/faced2adeaec0288a1ceba72d695abb40fead5349e61b54f701b7e07e931a1e3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments