MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bca70f1cf0487beef8eb88bf29d7ee39e732092e80f2fe61f891ae09eb408b54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ScarfaceStealer

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	bca70f1cf0487beef8eb88bf29d7ee39e732092e80f2fe61f891ae09eb408b54
SHA3-384 hash:	231a8113484911f5e0f5a400f7211f40b106eeab6452d595a4c019e716a3a282a5a996821c022eec8e470b8aef2722d8
SHA1 hash:	8ad1f3217e060b4813e628e9bb50483a91045b2a
MD5 hash:	2ac838bd8fc39269c06c8df4cb55c340
humanhash:	charlie-august-carbon-robert
File name:	farion.exe
Download:	download sample
Signature	ScarfaceStealer Create hunting rule
File size:	13'072'896 bytes
First seen:	2026-02-05 11:40:36 UTC
Last seen:	2026-02-08 11:28:18 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	8739de86cd836ae1476705562c069cc0 (4 x ScarfaceStealer)
ssdeep	393216:AiJdTAq+jtm9HNaS1/vFyG9J9gKM51OjL:AaFZ++RRvFy0d4wX
TLSH	T121D623E959D5A2E8C4D34650328B43DA31D06A5D41FD4C2D3ADA3C027B11DAFA28EEF7
TrID	25.4% (.ICL) Windows Icons Library (generic) (2059/9) 25.0% (.EXE) OS/2 Executable (generic) (2029/13) 24.7% (.EXE) Generic Win/DOS Executable (2002/3) 24.7% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	burger
Tags:	exe ScarfaceStealer

Intelligence

File Origin

# of uploads :

# of downloads :

111

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/62996f72-61ea-4f26-a92c-78cdf164f21d/

Malware family:

n/a

ID:

File name:

farion.exe

Verdict:

No threats detected

Analysis date:

2026-02-05 11:40:31 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a6a344b7-5887-452d-aaf9-69d35b22c45d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/51799/

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=698481b13361f35a4b0b38b3

Tags:

n/a

Verdict:

Malicious

Labled as:

Win64_Packed_VMProtect_AC_suspicious_application

Link:

https://www.hybrid-analysis.com/sample/bca70f1cf0487beef8eb88bf29d7ee39e732092e80f2fe61f891ae09eb408b54

Verdict:

Clean

File Type:

exe x64

First seen:

2026-02-04T21:28:00Z UTC

Last seen:

2026-02-05T08:54:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/bca70f1cf0487beef8eb88bf29d7ee39e732092e80f2fe61f891ae09eb408b54/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/f1829dbe-8423-4d23-8037-079a8c116f04

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1863905

Signature

Found direct / indirect Syscall (likely to bypass EDR)

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Behaviour

Behavior Graph:

Download SVG

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/bca70f1cf0487beef8eb88bf29d7ee39e732092e80f2fe61f891ae09eb408b54

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bca70f1cf0487beef8eb88bf29d7ee39e732092e80f2fe61f891ae09eb408b54/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/bca70f1cf0487beef8eb88bf29d7ee39e732092e80f2fe61f891ae09eb408b54

Threat name:

Win64.Trojan.Etset

Status:

Malicious

First seen:

2026-02-05 01:48:00 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

21 of 38 (55.26%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xstq6hhqjb5656hlrc7stv7ohhttecjoqdzp4ypysgxat22arnka._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260205-ntjvqafy4c/

Behaviour

Suspicious behavior: EnumeratesProcesses

Unpacked files

SH256 hash:

bca70f1cf0487beef8eb88bf29d7ee39e732092e80f2fe61f891ae09eb408b54

MD5 hash:

2ac838bd8fc39269c06c8df4cb55c340

SHA1 hash:

8ad1f3217e060b4813e628e9bb50483a91045b2a

Link:

https://www.unpac.me/results/a72aa0a0-217c-4037-ad5e-658a83fa19b5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bca70f1cf0487beef8eb88bf29d7ee39e732092e80f2fe61f891ae09eb408b54

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/51799/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample