MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ValleyRAT

Vendor detections: 15

Intelligence 15 IOCs 1 YARA 12 File information Comments

SHA256 hash:	9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f
SHA3-384 hash:	2f5d986e433811db6e6de52914c0f3a9523d7113ec1fd513d1ef1e1003ae5e4c791e2705eb2ef67e214239bd4a411ee1
SHA1 hash:	1d082539aa7fbc58060a9159d9e04c7813590535
MD5 hash:	b682d9691cacc8d95c4560650c94c657
humanhash:	ink-earth-kilo-jersey
File name:	KL-2025.EXE
Download:	download sample
Signature	ValleyRAT Create hunting rule
File size:	16'816'632 bytes
First seen:	2025-11-20 11:27:24 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	039d1617d5f0788dacbd04b35a141ebe (12 x ValleyRAT)
ssdeep	393216:9G9i8JbDyjqeTorpUkXfeYgtZ5Q0ieI6g87lkfYryZXyr:9Kiu1XxkrQNrqlkyyZy
Threatray	689 similar samples on MalwareBazaar
TLSH	T15C07335136A44F65FE8C87B90C9F29627ECB9CC406F5DCA2D281D8F1B2C46BE54C19B8
TrID	37.3% (.EXE) Win64 Executable (generic) (10522/11/4) 17.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 15.9% (.EXE) Win32 Executable (generic) (4504/4/1) 7.3% (.ICL) Windows Icons Library (generic) (2059/9) 7.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	SquiblydooBlog
Tags:	exe signed ValleyRAT

Code Signing Certificate

Organisation:	湖南蒂角企业管理服务有限公司
Issuer:	Certum Code Signing 2021 CA
Algorithm:	sha256WithRSAEncryption
Valid from:	2025-11-04T11:25:55Z
Valid to:	2026-11-04T11:25:54Z
Serial number:	05e39c93d531d6e0dddcc6774c003f3c
Intelligence:	7 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:	This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Cert Central Blocklist:	This certificate is on the Cert Central blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	358d674ff6d18239b9064562490298f1ec7440d6ac4c46aefff0e8a758c58b9f
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
20.2.92.110:443	https://threatfox.abuse.ch/ioc/1647256/

Intelligence

File Origin

# of uploads :

# of downloads :

105

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

KL-2025.EXE

Verdict:

Malicious activity

Analysis date:

2025-11-20 11:31:13 UTC

Tags:

auto-reg payload silverfox backdoor valley winos rat valleyrat

Link:

https://app.any.run/tasks/9bb4511b-8135-49e6-a2a7-83282889fea2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/38838/

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=691efb358cf6736ec0afab2c

Tags:

emotet micro shell sage

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a file

Creating a process from a recently created file

Moving a recently created file

Searching for synchronization primitives

Launching a process

Creating a window

Сreating synchronization primitives

DNS request

Launching the default Windows debugger (dwwin.exe)

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

adaptive-context anti-debug barys blackhole installer installer installer-heuristic microsoft_visual_cc nsis overlay signed

Link:

https://www.filescan.io/uploads/691efb5626e9808413196239/reports/b82b0523-8216-4e54-b587-3550f0043973/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-11-18T22:47:00Z UTC

Last seen:

2025-11-21T06:38:00Z UTC

Hits:

~100

Detections:

Trojan.Win32.Agent.sb Backdoor.Win32.Xkcp.a PDM:Trojan.Win32.Generic Backdoor.Xkcp.TCP.ServerRequest Backdoor.Agent.TCP.C&C Trojan-Spy.Win32.Stealer.sb Trojan.Win32.Agent.xcaxrz Trojan.Win32.Agent.xcaxrx

Link:

https://opentip.kaspersky.com/9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/35fd8ebb-bb78-4ed5-a0e9-54f94232044b

Score:

76%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f/

Verdict:

Malicious

Threat:

Backdoor.Win32.TCP

Link:

https://tip.neiki.dev/file/9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f

Threat name:

Win32.Trojan.GiantBarys

Status:

Malicious

First seen:

2025-11-19 03:33:30 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

8 of 24 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tyir3cbkkchiwlyrg42weirjmijdrhyvw4vhepumzjm4nkykt2hq._file

Verdict:

malicious

Label(s):

valleyrat

ValleyRAT

4fce44f0c9eb6df41e0d3c4852f83843ba72a81ed12b442610e3472871994bcb

ValleyRAT

605a60cbb8c3afebca792fe61b1791869ef25155c6493aca5f75038b2475baec

ValleyRAT

6c0edcc6278bfe22ceda9e478810f6854073b0ef13ef809d5e734ab1829275ac

ValleyRAT

error

ValleyRAT

fce7f7ad1d7b17e7106639ca23cc49d2cf642bcea024d8ba838f3f559c99e34c

ValleyRAT

+ 679 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

defense_evasion discovery execution installer persistence privilege_escalation spyware trojan

Link:

https://tria.ge/reports/251120-nk6ywser7t/

Behaviour

Checks SCSI registry key(s)

Gathers network information

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

System Location Discovery: System Language Discovery

Drops file in Program Files directory

Drops file in Windows directory

Drops file in System32 directory

Adds Run key to start application

Checks installed software on the system

Network Service Discovery

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Drops file in Drivers directory

Modifies Windows Firewall

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/3b386e29-fcf9-4a55-b0d5-5c672ba9a969

Unpacked files

SH256 hash:

9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f

MD5 hash:

b682d9691cacc8d95c4560650c94c657

SHA1 hash:

1d082539aa7fbc58060a9159d9e04c7813590535

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

592a991b7bbc1658a9400d064bced6c8aee48e4cba250349d7a93a00b994b5c3

MD5 hash:

a6b0ba835e597bcb0ca06d350cadf669

SHA1 hash:

6971e0f998072d6866cdb6d62cb51db55421fefe

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

4e74773e39699b952780747a48a308c1d77d4f32f1701fd9da9a1b9bf78687ce

MD5 hash:

75628f89530360baa941c52edb1647cb

SHA1 hash:

d019881cb80b818dac20fc10083bb5c6c2f03ae3

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

MD5 hash:

192639861e3dc2dc5c08bb8f8c7260d5

SHA1 hash:

58d30e460609e22fa0098bc27d928b689ef9af78

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912

MD5 hash:

b7d61f3f56abf7b7ff0d4e7da3ad783d

SHA1 hash:

15ab5219c0e77fd9652bc62ff390b8e6846c8e3e

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

dfb3bb98cfe620841fbf2a15aa67c1614d4746a2ea0e5925211de1fee7138b38

MD5 hash:

bf2bbecd323865428aa9c919c81def68

SHA1 hash:

b74c6ef70d5ec4f28eaa706e55aaf852059b6077

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

b2cbd13f3237c5b7aefec35d8aa15942a2f11fcee19a8d62756e2c387c5eedb5

MD5 hash:

02fdb8350f1785f359792d80477e12cb

SHA1 hash:

f60036c9662768302e0a6045fe238401012f1e2b

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

1d9e9cc991766ece552061aa1d1c79c99a87a014efe6de6202cd6567e9267fa9

MD5 hash:

4728394dbf9bf77cc545397ec837ffd3

SHA1 hash:

c7950fe03ecd615397d1c722b053f0be129e4130

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

752f7ac3d0c1dbd8f9a39cd1a3594da6d286990aa2ecd4744f45963a1110406e

MD5 hash:

339f392a1f3db6a28e89e91155020c7b

SHA1 hash:

5955fd0d6e99f5f16c57703a4f4efc51b39ccc09

Detections:

SUSP_NET_Large_Static_Array_In_Small_File_Jan24

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

Parent samples :

b16be5d71f0bfd28ed7356bd84c3b61d1c7b2590bd2c485530060f8900182789
34a87671d9a7225ad9aafdca0bdff858b9ae1c8fcdf834c505268507052a7a80
4eacffcd6994f9d6700edc6d1082268e52fbd92fda820e49ef209c23794d564c
8fc47c0972e855f0866d9cf9cba29d56210fc709f13214e6ae6687ca40ca51b8
fce7f7ad1d7b17e7106639ca23cc49d2cf642bcea024d8ba838f3f559c99e34c
0259075adca93861dd02c548ece119844d3a790548e892be43d5a526690725cd
93ed94372d167e22ddd847916b3a26bad5293cc54433244927877a3ecf95d0cf
9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f
1c88f34e755b2e9cc5766f2787b49ce2223d2a26487738869a8ba05d0e909d38
899cb424a250e13191b2d85de9a380c9a2e1ce316c4f46ad0db88d46a01aa8ab

SH256 hash:

1ce872ed466a8a3466c808a7babf3b597ec12e1cb84870e7a0cf00b2f5ef6df4

MD5 hash:

c848a2f5fa5feaa71409795e8e8c69d0

SHA1 hash:

9074f5b0ca107ab915164f790533bd672048c7b4

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

63d50dbe094bbce5d7bf8af08c0d919cfa5e057ca05ae7b27704a8477c8b348f

MD5 hash:

2ace85429eee9e8320c82d878e5562b4

SHA1 hash:

77ed8b89210930d1de2495ba363519b696d0b6e2

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

4a2438ecfcad3e6e7bb942acf2c40fbe2c0d72e4982df303ab5828af26ca753e

MD5 hash:

810105219d96749674c5bf31c82a3b09

SHA1 hash:

0de6e8b9834b4bb742e8ca90bdb02019a355a422

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

e597d9dd3e6bcf2e591a99b290d79005b01d3898185af4f07250c95b88c1dd6f

MD5 hash:

d3112f62cfa346a6b2559be6ef3ac864

SHA1 hash:

b747c3a66e1f31e00a517c4fda35aeaa3ddbcb2e

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

f81ba0dd987d46a67b1879ef4ee11c14f32940ff211eace347a68e42bf272554

MD5 hash:

2e77f841dbf271fd1ffc460bfd87a1d5

SHA1 hash:

18125861f0519cdf643560c0a988bf70c87d47b3

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

15cdb172fb98d5e50211a19c2fb6b4bc5616ef8acfc77d9e41f7e3dbcd083449

MD5 hash:

415b54fc81daf4379f32d80d37b9f377

SHA1 hash:

01b7a79cedfa5dbfe3b8e490f47213a9f1afe884

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

5fe7615921d443130e35b94953d61afbf04d7008eb48c3a16bac6b28800f44e0

MD5 hash:

d6c8dfb5d44069e7905659e792b314af

SHA1 hash:

fcded50181052a7ad3484f072b234d976f684575

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

d2172a2e13553e320dccfed139b1f224f8c86917c2a3d5efc7f21f9bb04ed58b

MD5 hash:

810841c1debe146b909d0ddbffa1e5eb

SHA1 hash:

aa33f785d8e79f32af748f37ce871c222eae6c45

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

e448675e24d9b7bafede8416af1a132008d83dc3b88ff648f1e998562c743fc4

MD5 hash:

f541a94cb9913b8ab96a4371aec3fe36

SHA1 hash:

c165075f01ebd1bbfd55f530c5f1b71f8bc8cda3

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

53c95fa5740730294805c5a54639aa67d481c57c14c025bbf60c21a1ea007a0f

MD5 hash:

c6a7383826df4f315997f1ae4f0fca70

SHA1 hash:

c05a9f93c84304fd564640b61f050641850e6736

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

b4787d3ba3f052aab344dc8ef499df93778c15bd21bcae917f4bbc27be8ed3ce

MD5 hash:

f3a0b30420e762ca7d029a36c66f67da

SHA1 hash:

61488100d168cac12eba9141b0b507bc542b63fa

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

f3b14defbd05493b8573016b08b86e5b5d53b486b0457fd75f67bf8bff04be38

MD5 hash:

6a3b9e46c41e42e7b8e1479468d892af

SHA1 hash:

e31c05ae685e51d07808b1dd24ceced9d299ed81

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

9b7079ccdf1e7b446f2300e513cda80334628d6c1258405e06a434727a819f7e

MD5 hash:

cf01542440e76d919236fb46321f17e4

SHA1 hash:

d770888ef8a59d885731f6e4ee2f0414c469ef71

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

45134be6f92f49e30625349c8dbaa2e307f07f03961eb0cac4bd4c97383f650f

MD5 hash:

d5377aa8b9b27902ff86132c9a7cb5c9

SHA1 hash:

b4075457e6dd45683e20f1774892e152b86c9952

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

7648b3c6fe244420b02ad9f578c4b9302964ab6999f2aaca7b5f69586da6d612

MD5 hash:

4f939bd788d87880419a6918b2f7b68a

SHA1 hash:

a7f35e6b3ce8af1775168b7123ada4f1b078e697

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

88e79c4218ae7c0914aa1db372926f3c0951071839e4b364251797509203e661

MD5 hash:

4d0c6b104b83ee00d34d244ed3259d5f

SHA1 hash:

4ab118d0e77c5ca31571c8e87a2f1e9802be0a2e

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

df93465a7b3a3fb26e4ce3208b6d65b9d1798891c6fc20bd9e318865cc170277

MD5 hash:

722e4db5045afe393a672fe1bc0e63bb

SHA1 hash:

68c14af3ab488bdd84ea37a96e73ea43c04d16ac

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

cdee95384abd85f682ab93a6033bbb10787b96dc53cc22a3bf4e4901f77b713a

MD5 hash:

f5c83bb2ef3b4568869459dbfdd50855

SHA1 hash:

bd32c4670f80aa99c6e53bbc5456585dc0589912

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

69fe41559951345d056ff432785bc234d02cad6e0fcd007ed9be7953b32c560c

MD5 hash:

56692d6a0c6b583d2cc3006a6c6c431f

SHA1 hash:

69340eac05b5bf58ef5a0b0e9b8127a5e933437c

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

9319068691713550060034c4f4f7442e41a4a1f36e67e6d1014370d6980f0369

MD5 hash:

37e4f602718d6da9245d6858c85e2a8d

SHA1 hash:

998e648df87dc4cab1f20336785c3be3e78e767b

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

90cfc73befd43fc3fd876e23dcc3f5ce6e9d21d396bbb346513302e2215db8c9

MD5 hash:

dc80f588f513d998a5df1ca415edb700

SHA1 hash:

e2f0032798129e461f0d2494ae14ea7a4f106467

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

d67ebd49241041e6b6191703a90d89e68d4465adce02c595218b867df34581a3

MD5 hash:

6cd3ed3db95d4671b866411db4950853

SHA1 hash:

528b69c35a5e36cc8d747965c9e5ea0dc40323b8

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

a08c040912df2a3c823ade85d62239d56abaa8f788a2684fb9d33961922687c7

MD5 hash:

c8f36848ce8f13084b355c934fc91746

SHA1 hash:

8f60c2fd1f6f5b5f365500b2749dca8c845f827a

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

7744c9c84c28033bc3606f4dfce2adcd6f632e2be7827893c3e2257100f1cf9e

MD5 hash:

7546acebc5a5213dee2a5ed18d7ebc6c

SHA1 hash:

b964d242c0778485322ccb3a3b7c25569c0718b7

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

032d38bb6487768f96fe578f353aa98c3dfbc27e484f1c7500e6ddf7e9c062db

MD5 hash:

9cef6428a76dc2652c5a09794507539f

SHA1 hash:

8a8899b13f02fb24f4f993a5ef0474de3b243db9

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

c4d5f27d397b627a66b385a571f63b327f086b0c10eadd90ada70474097443c7

MD5 hash:

c29d753ab575ba590dee09d9951fe391

SHA1 hash:

06514982da9ebd5a13d13808abbc475260b0b566

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

96dd4ca59c9b24f381d585defda8759a33760dacb1d8ae8db887ea727bf049c7

MD5 hash:

67176b46f5ad635a32b842abfa9f91a9

SHA1 hash:

0903955291448850074f9230dfb087fedfe74f59

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

f145a9091435a7499fb3b15ee202c192b27484ffb2d61932bae01a849aa042c4

MD5 hash:

1a0d59997741a4206bbb729e770cf1c1

SHA1 hash:

bdf6c86b3cfbea0818913bea416b2fd67d764574

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

5f8a73955c99ad3b370bec13fc037a80260e4b25dadf2607e642c20b0fbd0057

MD5 hash:

f04d280294d19178131f4f77a6af7afb

SHA1 hash:

6a5bb874d8b7f28821a11822db8f3c8dfda9eb97

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

8b8393db3da5d00535dd259ba2adfd1e76cd2fc2cbfaa170207cbad514b3895b

MD5 hash:

998fed74ff2d4f7600c68f7da997fc16

SHA1 hash:

739f44c91f26b35e3f5cb27eb092bbc8d523c3b9

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

a123485502527a230c9363cdd419c4056f350c9f3867fb309898a725bec801ad

MD5 hash:

fdb2d1ff9b91ffe62047856cf6ac98c7

SHA1 hash:

7c8a94febffb90fb73a0e906d377f508ddb77841

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

3d2ed8e186f124f988ebdb45d0354185b424357be2433bba0033ab9ec31bd25b

MD5 hash:

26cbe846decab0836717301f0bc6ec0e

SHA1 hash:

a3902cfce95dd0756bcd22c51dbf9e69b1205be8

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

1ac26220d62c98a62129aa9d92d9011edf930d5ed49bcd3d209df4d204a4b2bf

MD5 hash:

40d6cb7ca91ed54b50b2b455972ab1f8

SHA1 hash:

29fbfec4aba1c6857d903b4e98a0aba0161896d1

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

97a9f37f5701b19bb89503bf708b5b93a2426c176292d84778a63c3005afb460

MD5 hash:

20a73d16e6cb948646890711b8613266

SHA1 hash:

3c4ab0ce56ffba52680c3c1735227eec0a02a214

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

14c162a7c0dd68a9913ab0dcc87678d207c87888a2b657710e4db4bf83e0559d

MD5 hash:

2623108f7f74d2d4f71f41a8c64e2b84

SHA1 hash:

1dbac50e3ff49981d20bdf4757d6b515dba0f1d2

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

b3da9268ac606fb39e7094e2203a5a30af2b681d98824ccecaee80462ca0f03a

MD5 hash:

ed26bd2e7a69fc2b65d60f9265b2eda1

SHA1 hash:

93eed8d96d1548bd4bdc0e722e6318a1db41048c

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

21d9b05a5c703f6754b8fbd6e3d0d58fc6dd31215d1118af64d4305f7d92d585

MD5 hash:

c549482f392b4a426d293121bd26ebe2

SHA1 hash:

cd30ba0c9b94b2d8453e94614bac8f9943f6e01c

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

2692ee66aa8389d35048bd29dd1662be1fb388c11ea1bebbe47c01ee6f530c11

MD5 hash:

b7bcd53d8993ba55c3a754baaf04b843

SHA1 hash:

857c16bdd99021f3d826ff3aa758be0aea1279a3

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

9863a8ca0fd55fdf1de8d64cb89d034fc009a58220d45c5f4f83c6cdd0c5cbfd

MD5 hash:

bbea7769de6a008c3156141c52fdc18e

SHA1 hash:

7d9f90e8da62f9834f532e9a0aba54969c14ec28

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

d838c40848daf87743e96d42f8db18bb66a0b27cff5a48926a85a61c2d3e05b9

MD5 hash:

0bfef61b203054f6fbf08419ffe3f018

SHA1 hash:

ed9d0418507630996eb2c473ec5daf11d185c2c6

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

9f1533b23bfc95aaabcd9bc9c09673c7457e7cfc0cc38589e0e198829cd274d0

MD5 hash:

31bb7d830aa8a5074ceab4f1fc386254

SHA1 hash:

cd4a135e89ad9a472996c933616f5307bee02066

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

77a5d1619f9f07262e8ce98bb235ff961fafcecd3335922372de65cdd8877c4d

MD5 hash:

2e71c6394a6ab152139e2977c48440ff

SHA1 hash:

d4557ed90d8ac11606e0f36aea100bffcb5b3540

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

7c5e02a9c97196203defa3a4225cb35ac9b55df6567cb828d5302627733bd107

MD5 hash:

20bc40896204571d594cb72baca59a6e

SHA1 hash:

1c44e396b5236b9965b1b1c392ad9a4ae1b67a18

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

654b227b465946cd29d28877f915fbe6018634ef24e1436ebc163fce078d7563

MD5 hash:

5a016aedd7b9964f5fad2e0576acc218

SHA1 hash:

179bd6d735ace0391c301101bf5a6eafd39c7697

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

9030de8fd918cf5aebdb6634537db1df111bea3808ab7fd77dc71630747be4f0

MD5 hash:

b2d5332209a01fa064e3fcc01be0da85

SHA1 hash:

949a59c106faf0bcdfd22aae93f57f15a034c4c8

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

8e3b0b1ca9338ede77abfd7ceddbe9427fef69cc70e3698a52b87b3e70270dce

MD5 hash:

dd92138cbcccc7008e8fffc806c8cc9c

SHA1 hash:

056af811010e290980bf991aecda27705160a4fb

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

46ef947b9f5c2bb4dbac39bfab117a257b81928d14636ae037d18ff7987170bd

MD5 hash:

26d7c945b76f91f94d31cb8da41dbb72

SHA1 hash:

d7ee94a83b8a82cc61e5e49bb93d9246afedb604

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

8d32110904072d68920362d707aa748192a3aa6133e7ae44f369365512cc6c8e

MD5 hash:

fc65207cedd77e0eb4a1bed6f9a775f8

SHA1 hash:

7834979598f6d13ed48b48d14fe9c271b6ef93fb

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

e152a2e05114ee7f1d4d6933723722588551b817fc3baccd76451c0a487528ed

MD5 hash:

e5895856a6964160ba40c1a6a34e00ae

SHA1 hash:

6448042bc294ad5a40238c60876d9647c0687a73

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

cb6b6f352042d12c2117cacee053d99655beca8421a2d612ee1946de74682841

MD5 hash:

0380523c3793abb53359e212e9984c4e

SHA1 hash:

57a6b98e14f8a078cb1c63e2be71e4ec6d42351b

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

f437bc5f0aa9f3ebc8403fa4d5bbe22c6e5e346e00e3390b65772ee19e0d09f1

MD5 hash:

143826fedf607a924290ef997542f6d1

SHA1 hash:

d5f6044f8c1d48f98d5e99d1c67a143e7ee1caba

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

7735ad9b8eeec4d4f18fc44f0120ea0bf5f5296a99caeaed65478cd1fac33183

MD5 hash:

251792b503c1376eda3f97c5d0a8b432

SHA1 hash:

edaa083e936cc20f6cbc5b3dca330ac40e706c87

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

c7a4f70bbf090463023d2481d2a3b6e40c313beda22bbdea86dab287f5d0b0e6

MD5 hash:

c83400a9b03dfe052c72797336d80b87

SHA1 hash:

6bc0b39565f51fb92a1bd2ce44a02fda27edcdee

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

e55f88c76993d2f961443b22dbdc2f759e3127790d9b380c35e150b172b9bb64

MD5 hash:

347cd679a0255ef872a0a781342de127

SHA1 hash:

7847343d9a880d601d807039c4c4e2c579f1674f

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

4a14fa56abb39e63e25d380a17c32714f1a064b7c90ec3fb2f5fe7e0a07d0f05

MD5 hash:

70afd43f46a101e1666732dcf7cac48b

SHA1 hash:

dbfb1190ec2b799a5f1ae54bbaac28ec0a4a3419

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

SH256 hash:

ef6b3ab6c53f0b1bacae6311f79b3a486467e443ef3aced83f61c2f472f03a8d

MD5 hash:

66869a7dd08444ce42349b0bebca8ab3

SHA1 hash:

414be4741a3bffa92f142ccb7b87198e61e517b5

Link:

https://www.unpac.me/results/6f69e0f4-cd49-4bb9-b13a-2e949a4c9bf1/

Malware family:

ValleyRAT

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/9e111d882a50/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9e111d882a508e8b2f1137356222296212389f15b72a723e8cca59c6ab0a9e8f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	GenericGh0st Create hunting rule
Author:	Still

Rule name:	Gh0stKCP Create hunting rule
Author:	Netresec
Description:	Detects HP-Socket ARQ and KCP implementations, which are used in Gh0stKCP. Forked from @stvemillertime's KCP catchall rule.
Reference:	https://netresec.com/?b=259a5af

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	malware_shellcode_hash Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect shellcode api hash value

Rule name:	meth_peb_parsing Create hunting rule
Author:	Willi Ballenthin

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

Rule name:	win_valley_rat_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.valley_rat.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/38838/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample