216.73.217.86

Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques

· Published 05/02/2025 16:22 · Modified 05/02/2025 21:54

Export JSON

Essential information

Published
05/02/2025 16:22
Modified
05/02/2025 21:54
Tags
2025-02-05 anti-vm c2 communication dll side-loading ghostrat keylogger persistence phishing silver fox apt valleyrat
Related entities
12 observables, 1 intrusion sets (apt), 12 techniques (mitre), 2 malware, 1 others

Description

, a sophisticated multi-stage malware attributed to , has updated its tactics, techniques, and procedures. The malware targets key roles in finance, accounting, and sales departments using emails, malicious websites, and instant messaging platforms. The infection chain begins with a fake Chrome browser download, followed by the execution of a Setup.exe file that downloads additional components. The malware employs , process injection, and techniques to evade detection. It includes features such as keylogging, screen monitoring, and mechanisms. communicates with command and control servers and can execute various commands, including dropping and executing files, setting startup configurations, and manipulating processes.

External references