MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eedad4cf24e967c22432ce4670bde75c8ee41b77fbd208bff7d54204ec0992e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SalatStealer

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	eedad4cf24e967c22432ce4670bde75c8ee41b77fbd208bff7d54204ec0992e6
SHA3-384 hash:	b3c3a58b75d73ebf48853ba15410285fff05e423e624aec42b613bed5ddc29b0761302354c04c6c5bdf296a215549377
SHA1 hash:	1bf9d2adfe5a5d0a264ab850a8787264dffbfd7b
MD5 hash:	1a81dfeba522545b90954cc75c626880
humanhash:	five-uranus-neptune-william
File name:	Xeno-v1.3.25.rar
Download:	download sample
Signature	SalatStealer Create hunting rule
File size:	9'590'458 bytes
First seen:	2026-02-13 15:28:11 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	196608:ECKIhXh95Y4OcY2TC3371QBCq4F7ELH/QlLidtE01ekFNd:6aQH2+3K4diYl8tEiekHd
TLSH	T1E2A633867C590939E34711B6EF1F435E05DA8F2CCDEDF5CBDA93114E8AD00E4A89A9E0
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	burger
Tags:	rar SalatStealer

Intelligence

File Origin

# of uploads :

1

# of downloads :

50

Origin country :

NL

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/8789b2ff-097f-4438-93a9-cc7ca6d6c775/

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=698f431576589225f666699d

Tags:

injection obfusc crypt

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/eedad4cf24e967c22432ce4670bde75c8ee41b77fbd208bff7d54204ec0992e6

Verdict:

Clean

File Type:

rar

Link:

https://opentip.kaspersky.com/eedad4cf24e967c22432ce4670bde75c8ee41b77fbd208bff7d54204ec0992e6/results?tab=lookup

Verdict:

inconclusive

YARA:

1 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout Rar Archive SOS: 0.20 SOS: 0.23 SOS: 0.25 SOS: 0.33 SOS: 0.34 SVG

Link:

https://app.malva.re/file/1a81dfeba522545b90954cc75c626880

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/eedad4cf24e967c22432ce4670bde75c8ee41b77fbd208bff7d54204ec0992e6/

Threat name:

Win32.Trojan.Egairtigado

Status:

Malicious

First seen:

2026-02-13 15:29:17 UTC

File Type:

Binary (Archive)

Extracted files:

292

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=53nnjtze5ft4ejbszzdhbpphlshoig3x7pjarp7x2vbaj3ajslta._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/eedad4cf24e967c22432ce4670bde75c8ee41b77fbd208bff7d54204ec0992e6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

rar eedad4cf24e967c22432ce4670bde75c8ee41b77fbd208bff7d54204ec0992e6

(this sample)

exe 9b458c288eae9ee7c1691295fab47b23cab86fb9d6d75986f1f0ffd05beccdea

Dropping

SHA256 9b458c288eae9ee7c1691295fab47b23cab86fb9d6d75986f1f0ffd05beccdea

Dropping

MD5 9678dda359a8217062234a5d3a1cb399

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample