MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96e5117b89a7f3b20cea680ebd4fe453715f4022a2cdca394b5a2c23aabe2361. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ValleyRAT


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments

SHA256 hash: 96e5117b89a7f3b20cea680ebd4fe453715f4022a2cdca394b5a2c23aabe2361
SHA3-384 hash: 95172639a194eb403e70840c049b43e9ab45793371172d0b6cda35320c02ecd8faff6b72f7051e144660d2b382c8189d
SHA1 hash: 0ea50e2b1161e55bbed355b12283f268da1021ff
MD5 hash: b06380cb28347af4fc2c5e294fc779c3
humanhash: lamp-sierra-spaghetti-fix
File name:StallStepe0.7.1.exe
Download: download sample
Signature ValleyRAT
File size:7'355'392 bytes
First seen:2026-06-22 08:01:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 372a8bd3ba4968b455522de45accd556 (2 x ValleyRAT)
ssdeep 98304:Lw8gCHziv/32yH31nDd0FikzXoT+GI6zxN8C8nTZ0BidK69c8lVJjZRDVDARH1LL:Lwx2yX1nDyFiohgNl8U4K6G8L5xoVLO0
Threatray 1 similar samples on MalwareBazaar
TLSH T16E769A24E6A15E7E1F176BEDE04E98EF6A8FCDE306C9002527F197D2C960394840ED6D
TrID 33.1% (.EXE) Win64 Executable (generic) (6522/11/2)
25.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.4% (.ICL) Windows Icons Library (generic) (2059/9)
10.3% (.EXE) OS/2 Executable (generic) (2029/13)
10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
dhash icon cca2b3704f2dc429 (1 x ValleyRAT)
Reporter Ling
Tags:exe SilverFox ValleyRAT


Avatar
CNGaoLing
SilverFox
IOC (IP 192.229.116.49:30003)

Intelligence


File Origin
# of uploads :
1
# of downloads :
155
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
StallStepe0.7.1.exe
Verdict:
Malicious activity
Analysis date:
2026-06-22 06:26:06 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-vm installer-heuristic overlay packed packed reconnaissance
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-06-22T04:16:00Z UTC
Last seen:
2026-06-23T23:27:00Z UTC
Hits:
~100
Detections:
Trojan.Win64.Obfuscated.v
Gathering data
Threat name:
Win64.Trojan.Yogi
Status:
Malicious
First seen:
2026-06-22 06:26:11 UTC
File Type:
PE+ (Exe)
Extracted files:
8
AV detection:
21 of 38 (55.26%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
admintool_bulletpassview
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Unpacked files
SH256 hash:
96e5117b89a7f3b20cea680ebd4fe453715f4022a2cdca394b5a2c23aabe2361
MD5 hash:
b06380cb28347af4fc2c5e294fc779c3
SHA1 hash:
0ea50e2b1161e55bbed355b12283f268da1021ff
Malware family:
ValleyRAT
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ValleyRAT

Executable exe 96e5117b89a7f3b20cea680ebd4fe453715f4022a2cdca394b5a2c23aabe2361

(this sample)

  
Delivery method
Distributed via web download

Comments