MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af01f0ae6654c8094fa97c558794e132c70c21ae8bc720ff7dd4ddcc2e0d3429. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XenoRAT


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af01f0ae6654c8094fa97c558794e132c70c21ae8bc720ff7dd4ddcc2e0d3429
SHA3-384 hash: 96b66202321f661b74dc3800061ea1be61df61c02b23caca612b02b261a87b502e7e8e458989e9647791f4ea371a25d6
SHA1 hash: 93244351ead25a31445d99e8fa594b49a2594b95
MD5 hash: ba952bfc5cf3b9fed3bed4ef4de2de0d
humanhash: alaska-avocado-sweet-massachusetts
File name:2222.bat
Download: download sample
Signature XenoRAT
Create hunting rule
File size:147'338 bytes
First seen:2026-04-01 15:46:25 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 3072:6wXkcxieXZLaouC3l0TQ01WQvuju/KFH7um964CxVaziO0JA:6wTx3U1QQNuju0QDHazis
TLSH T1EFE3E032DE108CC009F0F252FC4B28CA735DD9D78BA9C9DF656588B25EAD27BC604D69
Magika batch
Reporter BastianHein
Tags:bat XenoRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
CL CL
Vendor Threat Intelligence
Gathering data
Malware family:
n/a
ID:
1
File name:
2222.bat
Verdict:
Malicious activity
Analysis date:
2026-04-01 15:44:46 UTC
Tags:
susp-powershell xenorat rat amsi-bypass
Link:
https://app.any.run/tasks/92d2ccc8-6bad-4696-8b80-47a6c1244608

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69cd3d6e6363ca5d27f0a4bc
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the process to interact with network services
Launching a process
Creating a file
DNS request
Enabling the 'hidden' option for analyzed file
Сreating synchronization primitives
Connection attempt
Forced shutdown of a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
aes base64 base64 crypto encrypted net obfuscated powershell
Link:
https://www.filescan.io/uploads/69cd3e062346b9da57b73b67/reports/2a49adeb-a2c7-4f02-9bae-befe7cd19261/overview
Verdict:
Suspicious
Link:
https://www.hybrid-analysis.com/sample/af01f0ae6654c8094fa97c558794e132c70c21ae8bc720ff7dd4ddcc2e0d3429
Result
Gathering data
Verdict:
Malicious
File Type:
cmd
Detections:
Trojan.MSIL.Xeno.sb Trojan.BAT.Agent.sb HEUR:Trojan.BAT.Setter.gen
Link:
https://opentip.kaspersky.com/af01f0ae6654c8094fa97c558794e132c70c21ae8bc720ff7dd4ddcc2e0d3429/results?tab=lookup
Score:
95%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/af01f0ae6654c8094fa97c558794e132c70c21ae8bc720ff7dd4ddcc2e0d3429
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af01f0ae6654c8094fa97c558794e132c70c21ae8bc720ff7dd4ddcc2e0d3429/
Verdict:
Malicious
Threat:
Family.XENORAT
Link:
https://tip.neiki.dev/file/af01f0ae6654c8094fa97c558794e132c70c21ae8bc720ff7dd4ddcc2e0d3429
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v4a7bltgkteast5jprkypfhbgldqyinorpdsb7352to4ylqngquq._file
Verdict:
malicious
Label(s):
xenorat
Create hunting rule
Similar samples:
error
XenoRAT
Result
Malware family:
xenorat
Create hunting rule
Score:
  10/10
Tags:
family:xenorat defense_evasion rat trojan
Link:
https://tria.ge/reports/260401-s76nvsdy8j/
Behaviour
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Obfuscated Files or Information: Command Obfuscation
Detect XenoRat Payload
XenoRat
Xenorat family
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/60099/

Comments