ValleyRAT, a sophisticated multi-stage malware attributed to Silver Fox APT, has updated its tactics, techniques, and procedures. The malware targets key roles in finance, accounting, and sales departments using phishing emails, malicious websites, and instant messaging platforms. The infection chain begins with a fake Chrome browser download, followed by the execution of a Setup.exe file that downloads additional components. The malware employs DLL side-loading, process injection, and anti-VM techniques to evade detection. It includes features such as keylogging, screen monitoring, and persistence mechanisms. ValleyRAT communicates with command and control servers and can execute various commands, including dropping and executing files, setting startup configurations, and manipulating processes. Author: AlienVault
Related Tags:
c2 communication
GhostRAT
anti-vm
T1056.001
T1547.001
T1574.002
persistence
DLL Side-Loading
T1057
Associated Indicators:
53A6735CE1ECA68908C0367152A1F8F3CA62B801788CD104F53D037811284D71
anizom.com
karlost.club
64.12.10.32
43.250.172.42
118.107.44.219
202.146.222.208
154.82.85.79
149.115.250.19