Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques
Essential information
- Published
- 05/02/2025 16:22
- Modified
- 05/02/2025 21:54
- Tags
- 2025-02-05 anti-vm c2 communication dll side-loading ghostrat keylogger persistence phishing silver fox apt valleyrat
- Related entities
- 12 observables, 1 intrusion sets (apt), 12 techniques (mitre), 2 malware, 1 others
Description
ValleyRAT, a sophisticated multi-stage malware attributed to Silver Fox APT, has updated its tactics, techniques, and procedures. The malware targets key roles in finance, accounting, and sales departments using phishing emails, malicious websites, and instant messaging platforms. The infection chain begins with a fake Chrome browser download, followed by the execution of a Setup.exe file that downloads additional components. The malware employs DLL side-loading, process injection, and anti-VM techniques to evade detection. It includes features such as keylogging, screen monitoring, and persistence mechanisms. ValleyRAT communicates with command and control servers and can execute various commands, including dropping and executing files, setting startup configurations, and manipulating processes.