MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0b8cb19505b5e346e7ebfa6a5d9a888251e3897a1e1d59e56c0c5eded7adfc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ScarfaceStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0b8cb19505b5e346e7ebfa6a5d9a888251e3897a1e1d59e56c0c5eded7adfc5
SHA3-384 hash: 7dea94c779268d50693e364b97d912c8f19cf30bc69990ac57bcee99b6caa282a16f1ae794a7b3ccc50ad83e6c39768b
SHA1 hash: b7193a54d2dfceecdbafb437dcd7cae3e5a5ab22
MD5 hash: c753774a46f9331481622319d260fcef
humanhash: snake-golf-november-diet
File name:Launcher.exe
Download: download sample
Signature ScarfaceStealer
Create hunting rule
File size:90'435'584 bytes
First seen:2026-02-18 13:11:57 UTC
Last seen:2026-02-18 13:39:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bf3f5698d1c8e5d8bbe8d194ac5d544 (41 x ScarfaceStealer)
ssdeep 786432:GAZqtFi3zQzwBs6vNtcZY5Dfw3pgPVlcmXW:GAZui3zQz2jOZKft
TLSH T17B187D03B3A705D5E8F7DA3196E65223A932BC066F3085DF324C17262F73AE05A76B51
TrID 51.9% (.EXE) Win64 Executable (generic) (6522/11/2)
16.1% (.EXE) OS/2 Executable (generic) (2029/13)
15.9% (.EXE) Generic Win/DOS Executable (2002/3)
15.9% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
dhash icon fffcfcf8f1979dcf (1 x ScarfaceStealer)
Reporter burger
Tags:exe ScarfaceStealer stealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
950
Origin country :
NL NL
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/7e9798e6-8bd0-403f-9806-3ff8ca51b620/
Malware family:
n/a
ID:
1
File name:
Launcher.exe
Verdict:
Suspicious activity
Analysis date:
2026-02-18 13:11:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c7a1c87f-861c-4aa3-9bc9-260be377a4b1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6995ba622d369b1ab2850cba
Tags:
n/a
Verdict:
Malicious
Labled as:
W64/Loader.M.gen
Link:
https://www.hybrid-analysis.com/sample/c0b8cb19505b5e346e7ebfa6a5d9a888251e3897a1e1d59e56c0c5eded7adfc5
Verdict:
Malicious
File Type:
exe x64
Detections:
HEUR:Trojan-Downloader.Script.Agent.gen
Link:
https://opentip.kaspersky.com/c0b8cb19505b5e346e7ebfa6a5d9a888251e3897a1e1d59e56c0c5eded7adfc5/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1871165
Signature
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Sigma detected: Potential WinAPI Calls Via CommandLine
Suspicious powershell command line found
Yara detected Generic Loader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1871165 Sample: Launcher.exe Startdate: 18/02/2026 Architecture: WINDOWS Score: 68 27 Multi AV Scanner detection for submitted file 2->27 29 Yara detected Generic Loader 2->29 31 Joe Sandbox ML detected suspicious sample 2->31 33 Sigma detected: Potential WinAPI Calls Via CommandLine 2->33 8 Launcher.exe 1 2->8         started        11 svchost.exe 1 1 2->11         started        process3 dnsIp4 35 Suspicious powershell command line found 8->35 14 Launcher.exe 8->14         started        17 conhost.exe 8->17         started        25 127.0.0.1 unknown unknown 11->25 signatures5 process6 signatures7 37 Suspicious powershell command line found 14->37 19 tasklist.exe 1 14->19         started        21 powershell.exe 4 14->21         started        process8 process9 23 conhost.exe 19->23         started       
Score:
91%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c0b8cb19505b5e346e7ebfa6a5d9a888251e3897a1e1d59e56c0c5eded7adfc5
Gathering data
Verdict:
Malicious
Threat:
Trojan-Downloader.Script.Agent
Link:
https://tip.neiki.dev/file/c0b8cb19505b5e346e7ebfa6a5d9a888251e3897a1e1d59e56c0c5eded7adfc5
Threat name:
Win64.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-02-18 14:18:05 UTC
AV detection:
15 of 38 (39.47%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yc4mwgkqlnpdi3t6x6tklwnirasr4oexuhq5lhswydc633l237cq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/260218-t18qbaes4f/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments