MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15f5bd35e6ee3577ebb66f724177e417f95ad6b688f54e32bd6db6b8d0f27666. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ScarfaceStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15f5bd35e6ee3577ebb66f724177e417f95ad6b688f54e32bd6db6b8d0f27666
SHA3-384 hash: 00d4bda170d3ab0ce3d0e3eb9a3dbea65376f9b2492acfb6338fa873671bf166c2e3359ed4a0088ba6b16d27d25b423f
SHA1 hash: b5026b858acaa056a890061d7b0724632bf22e15
MD5 hash: aca7275bb8b68d7b44d54bc988b28b5b
humanhash: carpet-maryland-seven-vermont
File name:setup.exe
Download: download sample
Signature ScarfaceStealer
Create hunting rule
File size:12'641'792 bytes
First seen:2026-02-27 21:21:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8739de86cd836ae1476705562c069cc0 (14 x ScarfaceStealer)
ssdeep 196608:IsJS6EDhMZ2c5LGFE9LO/a2tJgu/oy6ZFmYJFT8QHviGxQoGb1S35/UwBBY9C7:IYi/GIE9K/a2tCu/mDbHSm3/W
TLSH T1DBD623FD0AD242B494D34A40718B93AA75C1724E86FC4C1E3DD72D02262ADEE654EEF7
TrID 33.1% (.EXE) Win64 Executable (generic) (6522/11/2)
25.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.4% (.ICL) Windows Icons Library (generic) (2059/9)
10.3% (.EXE) OS/2 Executable (generic) (2029/13)
10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter tcains1
Tags:exe ScarfaceStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/2543cd92-9b22-4c20-94dc-68032a7b2b73/
Malware family:
n/a
ID:
1
File name:
https://github.com/elfkamikadze38o1ez/fortnite-private-panel-2026/releases/download/new/FPP-Setup-6.4.2-x64.rar
Verdict:
No threats detected
Analysis date:
2026-02-27 21:18:50 UTC
Tags:
github
Link:
https://app.any.run/tasks/6c718381-fe1b-407e-a107-d0680bb97418

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/54934/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a20ae1c950ab5d9ab240af
Tags:
vmprotect
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/69a20adccd25bfe1dfdc37da/reports/c0baacc4-5dbd-40d9-b7e8-ed72330f1c4c/overview
Verdict:
Malicious
Labled as:
Trojan[Packed]/Win64.VMProtect
Link:
https://www.hybrid-analysis.com/sample/15f5bd35e6ee3577ebb66f724177e417f95ad6b688f54e32bd6db6b8d0f27666
Verdict:
Clean
File Type:
exe x64
Link:
https://opentip.kaspersky.com/15f5bd35e6ee3577ebb66f724177e417f95ad6b688f54e32bd6db6b8d0f27666/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a2606aa0-8b78-4cf4-8baf-a44958141cf9
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/15f5bd35e6ee3577ebb66f724177e417f95ad6b688f54e32bd6db6b8d0f27666
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/aca7275bb8b68d7b44d54bc988b28b5b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15f5bd35e6ee3577ebb66f724177e417f95ad6b688f54e32bd6db6b8d0f27666/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/15f5bd35e6ee3577ebb66f724177e417f95ad6b688f54e32bd6db6b8d0f27666
Threat name:
Win64.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-27 21:21:43 UTC
File Type:
PE+ (Exe)
Extracted files:
7
AV detection:
17 of 38 (44.74%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cx232npg5y2xp25wn5zec57ec74vvvvwrd2u4mv5nw3lruhsozta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260227-z7k6gsgw5g/
Behaviour
Suspicious behavior: EnumeratesProcesses
Unpacked files
SH256 hash:
15f5bd35e6ee3577ebb66f724177e417f95ad6b688f54e32bd6db6b8d0f27666
MD5 hash:
aca7275bb8b68d7b44d54bc988b28b5b
SHA1 hash:
b5026b858acaa056a890061d7b0724632bf22e15
Link:
https://www.unpac.me/results/b80c5335-fb93-4a21-a4b4-bf5a94816429/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/15f5bd35e6ee3577ebb66f724177e417f95ad6b688f54e32bd6db6b8d0f27666

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ScarfaceStealer

Executable exe 15f5bd35e6ee3577ebb66f724177e417f95ad6b688f54e32bd6db6b8d0f27666

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/54934/

Comments