MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2fb4d5936e7d7e6d1f620d3ed07725d8948e07a8da64468aa0d2a4de6c6cd66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ScarfaceStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e2fb4d5936e7d7e6d1f620d3ed07725d8948e07a8da64468aa0d2a4de6c6cd66
SHA3-384 hash: 4840e7b052ff876ae2746602617db2a008c509a0f3d6b9973c533222ca71a30c7f3534e8f8dd5816c8267b0b18dff500
SHA1 hash: c8f3a764d1c4581f4ee22abcabfbe93c91a813a1
MD5 hash: 1fd6371995dab4bf2b3ee179e4312df3
humanhash: victor-bakerloo-helium-football
File name:Latest_Software_v4.1.Last.exe
Download: download sample
Signature ScarfaceStealer
Create hunting rule
File size:71'366'656 bytes
First seen:2026-03-01 13:57:05 UTC
Last seen:2026-03-01 14:47:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 772ec87d3452991a9933a3ba0d9963a9 (13 x ScarfaceStealer)
ssdeep 393216:8n1XQgPR2k3m5C507G9ITEc5eAlkLbQurxMWhAsIyNOPS0B4AycWsCYaxFzwW/tL:81XR7AsxYqt2oRGj5rs3wb8/
TLSH T1DCF7594262EA05C4F9F7DA358AE65217D673BC166F3081CF325C172A1F736E08976B22
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter aachum
Tags:exe fullsofts-org ScarfaceStealer


Avatar
iamaachum
https://fullsofts.org/

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
ES ES
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/b47afdf9-a446-467a-ba3e-cca28f18d247/
Malware family:
n/a
ID:
1
File name:
Latest_Software_v4.1.Last.exe
Verdict:
Suspicious activity
Analysis date:
2026-03-01 13:58:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/706122eb-9517-463f-bb52-dd6d119d5e69

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a445e0c950ab5d9ab3073a
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm crypto expand fingerprint lolbin masquerade microsoft_visual_cc
Link:
https://www.filescan.io/uploads/69a445ca97feb4afd6629ef7/reports/830dba47-794a-42f7-ab4c-cd7e44ea5561/overview
Verdict:
Malicious
Labled as:
Win64/Kryptik.GLN trojan
Link:
https://www.hybrid-analysis.com/sample/e2fb4d5936e7d7e6d1f620d3ed07725d8948e07a8da64468aa0d2a4de6c6cd66
Verdict:
Clean
File Type:
exe x64
Link:
https://opentip.kaspersky.com/e2fb4d5936e7d7e6d1f620d3ed07725d8948e07a8da64468aa0d2a4de6c6cd66/results?tab=lookup
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1876488
Behaviour
Behavior Graph:
n/a
Score:
92%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/e2fb4d5936e7d7e6d1f620d3ed07725d8948e07a8da64468aa0d2a4de6c6cd66
Gathering data
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/e2fb4d5936e7d7e6d1f620d3ed07725d8948e07a8da64468aa0d2a4de6c6cd66
Threat name:
Win64.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-03-01 11:40:39 UTC
File Type:
PE+ (Exe)
Extracted files:
8
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4l5u2wjw47l6nupwedj62b3slweuryd2rwtei2fkbuve3zwgzvta._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/260301-q9h98scs8c/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Obfuscated Files or Information: Command Obfuscation
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e2fb4d5936e7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ScarfaceStealer

Executable exe e2fb4d5936e7d7e6d1f620d3ed07725d8948e07a8da64468aa0d2a4de6c6cd66

(this sample)

  
Link
https://tria.ge/260301-qwby1abt9g/behavioral1
  
Delivery method
Distributed via web download

Comments