MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ValleyRAT


Vendor detections: 10


Intelligence 10 IOCs 1 YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e
SHA3-384 hash: 3305e51f71e541b1a90fd736aa384fafe6af65eca4db125320b5e92d64000ed348a7744cbfeccac1b3e88a458b4361b1
SHA1 hash: 51a0832fc378d08566427bf0510e1d7f922a8ae3
MD5 hash: 65c2906d5afc04e4685eb41a84cb5205
humanhash: oven-idaho-fix-sixteen
File name:231_20260311.zip
Download: download sample
Signature ValleyRAT
Create hunting rule
File size:2'700'798 bytes
First seen:2026-03-11 08:39:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:Wd0CQrI3LGNw5ZrxoAKAlnnJOlzaAzq68QnMonqBm6JNppxTTl:8JGOpKoOl46rMVBjFh
TLSH T1F9C5338F8134ABAECE7CAFF242916FE392A25D07C154E3E6375D35920E05B421B182D7
Magika zip
Reporter juroots
Tags:ValleyRAT zip

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
47.76.86.151:23156 https://threatfox.abuse.ch/ioc/1739987/

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
CH CH
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:231_20260311.exe
File size:3'863'352 bytes
SHA256 hash: cdcb7126e18b31023afb3c3d42e48bd9bb108cad4f87490be317a3e40e70b736
MD5 hash: ec8784a178367bbabde0a95673b089e3
MIME type:application/x-dosexec
Signature ValleyRAT
File name:sqlite3.dll
File size:852'480 bytes
SHA256 hash: 55b99f0d438800cad8288d81d2808728ce1bec8c22c5346a38a513dc6728b4ba
MD5 hash: 4f481a449ad050fea9ca3900118e5676
MIME type:application/x-dosexec
Signature ValleyRAT
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/6d2ff7c5-fb54-473d-b29d-04f566f2f00e/
Detection(s):
SecuriteInfo.com.FileRepMalware.41813957.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b0e07de5dc8e2b2c325449
Tags:
virus
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anel anti-debug explorer lolbin microsoft_visual_cc packed packed packed
Link:
https://www.filescan.io/uploads/69b12a8697feb4afd67dad3d/reports/ed4abcf5-11fe-4a23-8967-980bafd507c7/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
zip
Link:
https://opentip.kaspersky.com/53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e/
Threat name:
Win64.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2026-03-11 08:40:41 UTC
File Type:
Binary (Archive)
Extracted files:
883
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ko6rvxingzhpk6mt5kwqvbfn56wjxncnkbd6c4ayi2fanfbase7a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery upx
Link:
https://tria.ge/reports/260311-kn1z9shw91/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
UPX packed file
Looks up external IP address via web service
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ValleyRAT

zip 53bd1add0d364ef57993eaad0a84adefac9bb44d5047e17018468a069420913e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3794109/
  
Delivery method
Distributed via web download

Comments