MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19501f24019e35e66f134aac6cd959be0fb03429bd23b6b1b90b4e88cc4658e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19501f24019e35e66f134aac6cd959be0fb03429bd23b6b1b90b4e88cc4658e7
SHA3-384 hash: eee227930df06cae3184f475f58e160098467e5442fafeae29e96de77c0a790d643428358c8d1c50c8d2cbf2fb621272
SHA1 hash: 11aa63ee749d9e0c0c5e4c8a4839a024a80b04f8
MD5 hash: b02ced38f23d0458f1d6f10a8163c6a1
humanhash: emma-six-eight-failed
File name:Loader.exe
Download: download sample
File size:90'454'016 bytes
First seen:2026-02-05 14:03:09 UTC
Last seen:2026-02-05 14:31:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bf3f5698d1c8e5d8bbe8d194ac5d544 (1 x ScarfaceStealer)
ssdeep 786432:4AZqtFi3zQzwBs6vNtcZY5Dfw3pgPVlcmXWWh:4AZui3zQz2jOZKftP
TLSH T146187D03B3A705D5E8F7DA3196E65223A932BC066F3085DF324C17262F73AE05A76B51
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter burger
Tags:exe stealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'919
Origin country :
NL NL
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/2449c0d2-cff8-488b-9536-328629f373de/
Malware family:
n/a
ID:
1
File name:
Loader.exe
Verdict:
Suspicious activity
Analysis date:
2026-02-05 14:02:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9b2acab2-bd14-4a9e-b581-160552f745c8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6984a2f2117f8ed80109ba4c
Tags:
n/a
Verdict:
Malicious
Labled as:
Trojan.Win64.Agent
Link:
https://www.hybrid-analysis.com/sample/19501f24019e35e66f134aac6cd959be0fb03429bd23b6b1b90b4e88cc4658e7
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-02-05T10:58:00Z UTC
Last seen:
2026-02-06T06:08:00Z UTC
Hits:
~1000
Detections:
HEUR:Trojan-Downloader.Script.Agent.gen BSS:Trojan.Win32.Generic
Link:
https://opentip.kaspersky.com/19501f24019e35e66f134aac6cd959be0fb03429bd23b6b1b90b4e88cc4658e7/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1863994
Signature
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Sigma detected: Potential WinAPI Calls Via CommandLine
Suspicious powershell command line found
Yara detected Generic Loader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1863994 Sample: Loader.exe Startdate: 05/02/2026 Architecture: WINDOWS Score: 68 22 Multi AV Scanner detection for submitted file 2->22 24 Yara detected Generic Loader 2->24 26 Joe Sandbox ML detected suspicious sample 2->26 28 Sigma detected: Potential WinAPI Calls Via CommandLine 2->28 8 Loader.exe 1 2->8         started        process3 signatures4 30 Suspicious powershell command line found 8->30 11 Loader.exe 8->11         started        14 conhost.exe 8->14         started        process5 signatures6 32 Suspicious powershell command line found 11->32 16 tasklist.exe 1 11->16         started        18 powershell.exe 4 11->18         started        process7 process8 20 conhost.exe 16->20         started       
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/19501f24019e35e66f134aac6cd959be0fb03429bd23b6b1b90b4e88cc4658e7
Gathering data
Verdict:
Malicious
Threat:
Trojan-Downloader.Script.Agent
Link:
https://tip.neiki.dev/file/19501f24019e35e66f134aac6cd959be0fb03429bd23b6b1b90b4e88cc4658e7
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-05 14:02:20 UTC
File Type:
PE+ (Exe)
Extracted files:
11
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dfib6jabty26m3ytjkwgzwkzxyh3anbjxur3nmnzbnhirtcgldtq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/260205-rc1cxsdx5g/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments