MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29295f7e090d0548a146ec1b9ed8b19235d65470e5580059c2ee99508ada3593. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XenoRAT


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29295f7e090d0548a146ec1b9ed8b19235d65470e5580059c2ee99508ada3593
SHA3-384 hash: 22bb498a7e7cf4b49cd0a55db37135cc64dfc50d7f59ba49d1d020e185ccda7f7cbea55094412e73c917971f20012c9b
SHA1 hash: 7908c2f542f0596439b4cd07a6442a9ec3ab3c8c
MD5 hash: f7dae4bd05bcf7bc8dc041abdfbbe5b8
humanhash: item-lake-cat-beer
File name:chrome.zip
Download: download sample
Signature XenoRAT
Create hunting rule
File size:20'849 bytes
First seen:2026-02-04 01:54:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 384:nPswGC3/SSes2L4w+9f10P+QzFTL72U9yuWIZ48WQkxe4vPiiz:nUwGgM2f1i+GL72u6FD9iiz
TLSH T10592D0BE70D60B90C33A40FFFD5C047502B50E866B5D692B729895877E254846BEF077
Magika zip
Reporter hunter_huang
Tags:XenoRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
44
Origin country :
VN VN
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:chrome.exe
File size:47'104 bytes
SHA256 hash: b29d58ae43eedee7c1323d496648cb2bbb5cf1aca9d4f382f9860123d507bb79
MD5 hash: 810051c344c495a82b73a157df863280
MIME type:application/x-dosexec
Signature XenoRAT
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/aa116e9c-bcbb-492b-8b05-725c0c4da5ec/
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6982a7076b1af47db72c98d2
Tags:
dropper virus
Result
Verdict:
Malicious
File Type:
PE File
Link:
https://app.docguard.net/29295f7e090d0548a146ec1b9ed8b19235d65470e5580059c2ee99508ada3593/results/dashboard
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm barys base64 cmd fingerprint lolbin obfuscated reconnaissance schtasks xenorat
Link:
https://www.filescan.io/uploads/6982ebea930564ff3c88c83e/reports/f7ae3309-7392-4a4e-a793-9a059d4f23b6/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/29295f7e090d0548a146ec1b9ed8b19235d65470e5580059c2ee99508ada3593
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/29295f7e090d0548a146ec1b9ed8b19235d65470e5580059c2ee99508ada3593
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
65%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/29295f7e090d0548a146ec1b9ed8b19235d65470e5580059c2ee99508ada3593
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.28 Zip Archive
Link:
https://app.malva.re/file/f7dae4bd05bcf7bc8dc041abdfbbe5b8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/29295f7e090d0548a146ec1b9ed8b19235d65470e5580059c2ee99508ada3593/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=feuv67qjbucurikg5qnz5wfrsi25mvdq4vmaawoc52mvbcw2gwjq._file
Result
Malware family:
xenorat
Create hunting rule
Score:
  10/10
Tags:
family:xenorat discovery rat trojan
Link:
https://tria.ge/reports/260204-hfwpgafw5f/
Behaviour
System Location Discovery: System Language Discovery
Detect XenoRat Payload
XenorRat
Xenorat family
Malware Config
C2 Extraction:
vlxx.cn.com:4782
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/29295f7e090d0548a146ec1b9ed8b19235d65470e5580059c2ee99508ada3593

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments


Avatar
commented on 2026-02-04 07:48:38 UTC

vlxx.cn.com