MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1598e27a493789c6aaed8686369c4bda52be1d159afbfe3913e568116fad98b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1598e27a493789c6aaed8686369c4bda52be1d159afbfe3913e568116fad98b3
SHA3-384 hash: e491dff186f663122cae0037b695d7c6568f9068953bc46569a20c9ef16530ff88cac459dd1c5999bef6cb743231f815
SHA1 hash: a326a0048fa5462030e92f1153c0e8ff577ab46e
MD5 hash: 6bca984e2af88187d36e5787973a2437
humanhash: ceiling-london-fanta-iowa
File name:Installer.exe
Download: download sample
File size:82'213'888 bytes
First seen:2026-02-01 13:24:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8062a445f5cd940b5daefb09f80bc2a2 (2 x ScarfaceStealer, 1 x RevStealer)
ssdeep 393216:Y9UZyW0PYsIUmgB9S7QJrojJgVXIXT9fN3aoIKF1H5XMutmnnY4nZFUT7HihCLJ+:YJX3mcLmSh81vxOtxth
TLSH T110087C42A3EA05D5F9F79A3489E65213D673BC063B3082DF325C172A1F736E08976B61
TrID 48.7% (.EXE) Win64 Executable (generic) (10522/11/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
dhash icon 1771e8cccce9b2ec
Reporter lfr
Tags:exe


Avatar
lfr
https://hardware-gui.su/

https://c10.patreonusercontent.com/4/patreon-media/p/post/149654962/1497f4f111fe4f7190ca1b820c034fd8/eyJhIjoxLCJwIjoxfQ==/1.zip?token-hash=HQN5m5gt27IT54xIy2ggY8zo_u_KTNAhnkDei955sjM=&token-time=1770249600

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'797
Origin country :
FR FR
Vendor Threat Intelligence
Gathering data
Malware family:
n/a
ID:
1
File name:
Installer.exe
Verdict:
Suspicious activity
Analysis date:
2026-02-01 13:25:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6d6f71e9-8179-4a58-bf6c-4bfc0629e5a2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=697f5456848d0f834c8c6734
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm crypto expand fingerprint lolbin microsoft_visual_cc
Link:
https://www.filescan.io/uploads/697f544d2ffccda09765513a/reports/4977c0c0-76d2-4508-876b-1cc81a029a65/overview
Verdict:
Suspicious
Labled as:
Malware_54.3
Link:
https://www.hybrid-analysis.com/sample/1598e27a493789c6aaed8686369c4bda52be1d159afbfe3913e568116fad98b3
Verdict:
Clean
File Type:
exe x64
First seen:
2026-02-01T10:15:00Z UTC
Last seen:
2026-02-01T10:22:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/1598e27a493789c6aaed8686369c4bda52be1d159afbfe3913e568116fad98b3/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/1598e27a493789c6aaed8686369c4bda52be1d159afbfe3913e568116fad98b3
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/1598e27a493789c6aaed8686369c4bda52be1d159afbfe3913e568116fad98b3
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-01 13:25:21 UTC
File Type:
PE+ (Exe)
Extracted files:
8
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cwmoe6sjg6e4nkxnq2ddnhcl3jjl4hivtl574oit4vubc35ntczq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/260201-qn5lcagz7b/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Obfuscated Files or Information: Command Obfuscation
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1598e27a493789c6aaed8686369c4bda52be1d159afbfe3913e568116fad98b3

(this sample)

  
Delivery method
Distributed via web download

Comments