MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 403ed4b0217fa0092e9e7ad8cb0f8cacfe9a501f35470e446136e7ca4d475b29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ScarfaceStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 403ed4b0217fa0092e9e7ad8cb0f8cacfe9a501f35470e446136e7ca4d475b29
SHA3-384 hash: 0d6b37d032b4a09d84bc8190ea6905acfbbdb534423511fddf026747b48e491af0c9a4910f598833e0e6ba547e3b6941
SHA1 hash: b189dffb2daf5ef72ed682597ab467e0ae0a7d00
MD5 hash: 636fe5d8ed1ad92b490854cfc2c11b86
humanhash: victor-winner-beer-alanine
File name:Loader.exe
Download: download sample
Signature ScarfaceStealer
Create hunting rule
File size:71'438'848 bytes
First seen:2026-02-28 05:27:42 UTC
Last seen:2026-02-28 06:34:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 772ec87d3452991a9933a3ba0d9963a9 (13 x ScarfaceStealer)
ssdeep 393216:1n1XQgPR2k3m5C507G9ITEc5eAlkLbQurxMWhAsIyNOPS0B4AycWsCYaxFzwW/tL:11XR7AsxYqt2oRGj5rs3wb8/
TLSH T186F7594262EA04C4F9F7DA359AE65217D673BC166F3081CF325C172A1F736E08976B22
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter tcains1
Tags:exe ScarfaceStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
140
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/6f495931-4022-4c4b-a5cc-601f2ae369f1/
Malware family:
n/a
ID:
1
File name:
_403ed4b0217fa0092e9e7ad8cb0f8cacfe9a501f35470e446136e7ca4d475b29.exe
Verdict:
No threats detected
Analysis date:
2026-02-28 05:30:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/17627706-6e18-4eae-a634-b2012ea1f15b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a27d0b8fffa866e3b327d9
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm crypto expand fingerprint lolbin microsoft_visual_cc stealer
Link:
https://www.filescan.io/uploads/69a27cfbcd25bfe1dfdc7c13/reports/1ab3efb1-be9b-43f6-9872-52662c610977/overview
Verdict:
Malicious
Labled as:
Win64/Kryptik.GLN trojan
Link:
https://www.hybrid-analysis.com/sample/403ed4b0217fa0092e9e7ad8cb0f8cacfe9a501f35470e446136e7ca4d475b29
Verdict:
Clean
File Type:
exe x64
Link:
https://opentip.kaspersky.com/403ed4b0217fa0092e9e7ad8cb0f8cacfe9a501f35470e446136e7ca4d475b29/results?tab=lookup
Score:
93%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/403ed4b0217fa0092e9e7ad8cb0f8cacfe9a501f35470e446136e7ca4d475b29
Gathering data
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/403ed4b0217fa0092e9e7ad8cb0f8cacfe9a501f35470e446136e7ca4d475b29
Threat name:
Win64.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-28 05:29:05 UTC
File Type:
PE+ (Exe)
Extracted files:
8
AV detection:
3 of 36 (8.33%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ia7njmbbp6qaslu6plmmwd4mvt7juua7gvdq4rdbg3t4utkhlmuq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/260228-f58dfscv2c/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Obfuscated Files or Information: Command Obfuscation
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ScarfaceStealer

Executable exe 403ed4b0217fa0092e9e7ad8cb0f8cacfe9a501f35470e446136e7ca4d475b29

(this sample)

  
Delivery method
Distributed via web download

Comments