MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 415952a85736d07c8bff35ce470b5fd3f47e83f9b27163980ca7febf3d437556. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ScarfaceStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 415952a85736d07c8bff35ce470b5fd3f47e83f9b27163980ca7febf3d437556
SHA3-384 hash: 9f004c4c83d1a7a84c967ccd20062b1b0afecca15a36376b64df9b3be9f5b5134f5fe56c649dd611025343ba1a0f743c
SHA1 hash: 5680ed74772ba8b9c25bde13ba4d0ac58868f956
MD5 hash: 0f2fa975a1c50608d17b510b7cf873b0
humanhash: dakota-freddie-six-quiet
File name:Nexora.exe
Download: download sample
Signature ScarfaceStealer
Create hunting rule
File size:71'354'880 bytes
First seen:2026-03-01 16:10:38 UTC
Last seen:2026-03-01 16:40:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 772ec87d3452991a9933a3ba0d9963a9 (13 x ScarfaceStealer)
ssdeep 393216:hn1XQgPR2k3m5C507G9ITEc5eAlkLbQurxMWhAsIyNOPS0B4AycWsCYaxFzwW/tL:h1XR7AsxYqt2oRGj5rs3wb8/
TLSH T1B5F7594262EA04C4F9F7DA359AE65217D673BC166F3081CF325C172A1F736E08976B22
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter burger
Tags:exe Rhadamanthys ScarfaceStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
128
Origin country :
NL NL
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/6cc44309-8676-4782-a91f-d2fa87691ab1/
Malware family:
n/a
ID:
1
File name:
Nexora.exe
Verdict:
No threats detected
Analysis date:
2026-03-01 16:10:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1f3bfadc-bbf8-40b6-a001-385e479609e8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a464b38fffa866e3b3dd08
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm crypto expand fingerprint lolbin microsoft_visual_cc
Link:
https://www.filescan.io/uploads/69a4652d97feb4afd662baf1/reports/ad4f822c-dfe1-4d2b-ad4f-d5ded8179f4f/overview
Verdict:
Malicious
Labled as:
Win64/Kryptik.GLN trojan
Link:
https://www.hybrid-analysis.com/sample/415952a85736d07c8bff35ce470b5fd3f47e83f9b27163980ca7febf3d437556
Verdict:
Clean
File Type:
exe x64
Link:
https://opentip.kaspersky.com/415952a85736d07c8bff35ce470b5fd3f47e83f9b27163980ca7febf3d437556/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1876528
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/415952a85736d07c8bff35ce470b5fd3f47e83f9b27163980ca7febf3d437556
Gathering data
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/415952a85736d07c8bff35ce470b5fd3f47e83f9b27163980ca7febf3d437556
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ifmvfkcxg3ihzc77gxheoc272p2h5a7zwjywhgamu77l6pkdovla._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/260301-tm5rhabx9c/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Obfuscated Files or Information: Command Obfuscation
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments