MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 607e5dac2e9d08d913490f8a30e680e8980997e13b426bdd6074bc553883c07b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ScarfaceStealer


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 607e5dac2e9d08d913490f8a30e680e8980997e13b426bdd6074bc553883c07b
SHA3-384 hash: 31b864654e3b89205c2aa460359d929a54a22683eb2476189c684cac890a5dc9c528dfae360cf6296b6221182a078309
SHA1 hash: a3d9509ddb5ef9eb027928a31769d45dc4c75c0f
MD5 hash: 8d0d6271a628f8cc9bff5b2a5fb955e4
humanhash: mississippi-idaho-cola-yellow
File name:Game.exe
Download: download sample
Signature ScarfaceStealer
Create hunting rule
File size:83'392'245 bytes
First seen:2026-01-12 13:02:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 04397e0bcb7648e70cf6570253f46feb (10 x ScarfaceStealer)
ssdeep 393216:yFmNYSYZXCpixyZbvJVANEEgC/Kyxf663DQu58EASEhoIaE2lShBujCm5w1PN3hV:yrHx8iQJhYWuhvYvxOOxeQ
TLSH T1C2086B4666EA04D4F9F79A749AE66213C673BC063F30D5CF3208172A1F736E0997A721
TrID 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
33.1% (.EXE) Generic Win/DOS Executable (2002/3)
33.1% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter lfr
Tags:exe ScarfaceStealer


Avatar
lfr
https://www.patreon.com/file?h=148020759&m=595645853

Intelligence

File Origin
# of uploads :
1
# of downloads :
334
Origin country :
FR FR
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/662f7ea5-566b-467b-bda2-d76997c555a7/
Malware family:
n/a
ID:
1
File name:
Game.exe
Verdict:
Suspicious activity
Analysis date:
2026-01-12 13:02:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8908e184-ee68-4d7c-9d8f-981847017484

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6964f0f7a3ed2a87ae3e91d8
Tags:
malware
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug crypto expand fingerprint installer-heuristic lolbin microsoft_visual_cc nexe overlay packed packed
Link:
https://www.filescan.io/uploads/6964f0f240358be74af94627/reports/13704421-0f75-4d7d-9bcf-b071a1b6c800/overview
Verdict:
Malicious
Labled as:
TR/W64.MalwareX
Link:
https://www.hybrid-analysis.com/sample/607e5dac2e9d08d913490f8a30e680e8980997e13b426bdd6074bc553883c07b
Verdict:
Clean
File Type:
exe x64
First seen:
2026-01-12T08:51:00Z UTC
Last seen:
2026-01-12T10:31:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/607e5dac2e9d08d913490f8a30e680e8980997e13b426bdd6074bc553883c07b/results?tab=lookup
Score:
68%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/607e5dac2e9d08d913490f8a30e680e8980997e13b426bdd6074bc553883c07b
Gathering data
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/607e5dac2e9d08d913490f8a30e680e8980997e13b426bdd6074bc553883c07b
Threat name:
Win64.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2026-01-12 13:02:38 UTC
File Type:
PE+ (Exe)
Extracted files:
18
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mb7f3lbotuense2jb6fdbzua5cmatf7bhnbgxxlaos6fkoedyb5q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260112-p95ykah15d/
Behaviour
Checks processor information in registry
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6e6b643c-eb78-4fac-92ba-5a68db119d5f
Malware family:
DCRat
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/607e5dac2e9d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ScarfaceStealer

Executable exe 607e5dac2e9d08d913490f8a30e680e8980997e13b426bdd6074bc553883c07b

(this sample)

  
Delivery method
Distributed via web download

Comments