216.73.217.50

ValleyRAT Insights: Tactics, Techniques, and Detection Methods

· Published 25/10/2024 09:19 · Modified 25/10/2024 15:52

Export JSON

Essential information

Published
25/10/2024 09:19
Modified
25/10/2024 15:52
Tags
2024-10-25 chinese-speaking targets evasion persistence phishing remote access trojan uac bypass valleyrat
Related entities
3 observables, 9 techniques (mitre), 1 malware, 1 others

Description

is a targeting Chinese-speaking users through campaigns. It employs multi-stage, multi-component tactics to evade detection and maintain . The malware uses various techniques including process injection, registry manipulation, and . It attempts to disable antivirus software and evade sandboxes. creates scheduled tasks and modifies registry keys for . The analysis reveals its use of MITRE ATT&CK techniques such as startup folder manipulation, process injection, and command and control communication. The blog provides insights into 's tactics and offers detection methods to defend against this evolving threat.

External references