A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

1(520) 261-1728

A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

FortiGuard Labs recently encountered an ongoing malware campaign specifically targeting Chinese speakers. The attack utilizes a multi-stage malware named ValleyRAT, which employs diverse techniques to monitor and control victims while deploying arbitrary plugins. A notable characteristic is its heavy usage of shellcode to execute components directly in memory, reducing its file footprint. The campaign involves masquerading legitimate applications, sandbox evasion, privilege escalation, and downloading additional components from the Command and Control server. The malware ultimately aims to monitor user activities and deliver malicious plugins. Author: AlienVault

Related Tags:
windows registry

T1038

sandbox evasion

T1568

shellcode

T1137

T1548

T1572

T1012

Associated Indicators:
22BFDC52A65905088B8B897A630C66C16EC5C2EBA992C1C0722E5C8DA9AFA181

12AE203FA199291754649A4E592FB0880339C88B07F1D69798114AFCA06B8061

8790506401A3BAC69F6669A3DD832650E4752FF68DD6F0CEF35B43E6AD59D7DF

AD9BD41E73EFF193CAAB25960B6A990641EA8D412B5BA456B64AD165B7216C48

14BF52DE60E60A526141FFE61EF5AFC2A3BC7D60D4086E644EC80E67513D2684

D63792EE67C6F1702188695387C64991029DABD702D48EAC3EA3F0EEF280D4A1

1235419877CCC1F1820CC75E773FE79F9AD0296DD8EEA9AA44F511A7B6348CFD

AAE7F34BDC0AA362BB42EB5E4CFF69B60D67F7F155A3E2B9B905C90A1CC2AAC4

8B7D3DE2C77C59663EC5D8969B688530A3C9228B72807BC17A9822D558C42EE8

Threat Intel Solutions

A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us