MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ValleyRAT

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc
SHA3-384 hash:	1cf806e319e2d8b3d124392d1c4d4dd58a869730b86cfe6fb550684ba324594c2ac887ed7cca6405ddbaa26e6f3b57de
SHA1 hash:	e45cd29f904ab54e0d7f831982c7a78b4a370e9d
MD5 hash:	5e24c58eb15249f7d4d087f66dd1ce02
humanhash:	cardinal-arizona-maryland-dakota
File name:	Shui Wu Chou Cha She Shui Qi Ye Ming Dan .pdf
Download:	download sample
Signature	ValleyRAT Create hunting rule
File size:	158'441 bytes
First seen:	2026-03-13 08:51:28 UTC
Last seen:	Never
File type:	pdf
MIME type:	application/pdf
ssdeep	3072:Io+6OZPu1eVRWDSax8s6k7hQ3pkpb4ji/kcPn/mdEjqTFikwWuI:Io+5PhReSGPSpkB/hPeBQmuI
TLSH	T101F3E0689904D8DDF9DAC2A35B757C02454CB39BA7C880F13C6D0DB2DB80E46DFB2659
Magika	pdf
Reporter	plebourhis
Tags:	9010-360sdgg-com pdf SilverFox ValleyRAT

plebourhis

This a campaign dating back to early 2025.
The PDF drops an executable查看10.exe and a fake python311.dll, the dll communicates with the following C2: `9010.360sdgg[.]com`

Intelligence

File Origin

# of uploads :

# of downloads :

177

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.PDF.MalwareX-gen.37181629.UNOFFICIAL

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69b3d0405a439615ccbff16f

Tags:

n/a

Result

Verdict:

Malicious

File Type:

PDF File

Link:

https://app.docguard.net/e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc/results/dashboard

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

action phishing phishing unsafe

Link:

https://www.filescan.io/uploads/69b3d03d4678eefbc7ab0f7e/reports/d627aab9-f3f2-4eb0-a85c-3d80d8a3d5c0/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc

Label:

Benign

Suspicious Score:

5/10

Score Malicious:

Score Benign:

94%

Link:

https://www.malware.ai/gui/files/?id=2eedcce9-899c-4c22-ae24-0012867f33e5

Verdict:

Unknown

File Type:

pdf

First seen:

2025-08-22T14:30:00Z UTC

Last seen:

2026-02-13T04:11:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc/results?tab=lookup

Score:

26%

Verdict:

Benign

File Type:

PDF

Link:

https://malprob.io/report/e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc/

Threat name:

Document-PDF.Trojan.Pidief

Status:

Malicious

First seen:

2025-01-07 11:42:18 UTC

File Type:

Document

Extracted files:

AV detection:

14 of 36 (38.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4k3vxlvx5uq7xdzhtbhzieugo4grypalmd6orv72lmlhxuslu3oa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.40

Link:

https://yomi.yoroi.company/submissions/e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ValleyRAT

pdf e2b75baeb7ed21fb8f27984f941286770d1c3c0b60fce8d7fa5b167bd24ba6dc

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample