MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e79bf224441e7892090bb9c54fca3e264377202b1c79fde91c8d762a0aafe9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ScarfaceStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e79bf224441e7892090bb9c54fca3e264377202b1c79fde91c8d762a0aafe9b
SHA3-384 hash: b28ef823e55a81afbf0f7cd7db4560bfbd2b84c049c5ed2fd162cdabc47d0b1a1f1962cea3e276bdb0d57fd8f19f435b
SHA1 hash: 3008b913799ddbf3ccf0ea8b51821800fde165f1
MD5 hash: d915cbf584f3fac508a626b2b461d556
humanhash: speaker-low-berlin-march
File name:Nexora.exe
Download: download sample
Signature ScarfaceStealer
Create hunting rule
File size:71'450'112 bytes
First seen:2026-02-28 12:16:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 772ec87d3452991a9933a3ba0d9963a9 (13 x ScarfaceStealer)
ssdeep 393216:jn1XQgPR2k3m5C507G9ITEc5eAlkLbQurxMWhAsIyNOPS0B4AycWsCYaxFzwW/tJ:j1XR7AsxYqt2oRGj5rs3wb8/9
TLSH T1D2F7594262EA05C4F9F7DA358AE65217D673BC166F3081CF325C172A1F736E08976B22
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter burger
Tags:exe Rhadamanthys ScarfaceStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
NL NL
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/4123c60d-e350-4f59-b226-140f7332a48e/
Malware family:
n/a
ID:
1
File name:
Nexora.exe
Verdict:
Suspicious activity
Analysis date:
2026-02-28 12:16:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1c82a6b9-1698-4427-9fc7-a635c4c89d8c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a2dc59c950ab5d9ab27e61
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm crypto expand fingerprint lolbin microsoft_visual_cc
Link:
https://www.filescan.io/uploads/69a2dcd710e80629d4f686ea/reports/aa59e8a8-c86b-4ac9-afaa-e52648af30c9/overview
Verdict:
Malicious
Labled as:
Win64/Kryptik.GLN trojan
Link:
https://www.hybrid-analysis.com/sample/5e79bf224441e7892090bb9c54fca3e264377202b1c79fde91c8d762a0aafe9b
Verdict:
Clean
File Type:
exe x64
Link:
https://opentip.kaspersky.com/5e79bf224441e7892090bb9c54fca3e264377202b1c79fde91c8d762a0aafe9b/results?tab=lookup
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1876348
Behaviour
Behavior Graph:
n/a
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/5e79bf224441e7892090bb9c54fca3e264377202b1c79fde91c8d762a0aafe9b
Gathering data
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/5e79bf224441e7892090bb9c54fca3e264377202b1c79fde91c8d762a0aafe9b
Threat name:
Win64.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-28 12:15:21 UTC
File Type:
PE+ (Exe)
Extracted files:
8
AV detection:
8 of 24 (33.33%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lz436iseihtysieqxoofj7fd4jsdo4qcwhdz7xurzdlwfifk72nq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/260228-pf9pnafy2a/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Obfuscated Files or Information: Command Obfuscation
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments