New Updates to ValleyRAT
June 10, 2024, 4 p.m.
Description
Zscaler ThreatLabz recently uncovered a new campaign used to deliver the latest iteration of ValleyRAT, a remote access trojan attributed to a China-based threat actor. The campaign involves multiple stages, with the initial stage downloader utilizing an HTTP File Server (HFS) to fetch subsequent components. The malware employs various evasive techniques such as anti-virus checks, DLL sideloading, and process injection. ValleyRAT's latest version introduces new capabilities like capturing screenshots, process filtering, forced shutdowns, and clearing Windows event logs. Additionally, it enhances device fingerprinting and bot ID generation mechanisms.
Tags
Date
- Created: June 10, 2024, 3:41 p.m.
- Published: June 10, 2024, 3:41 p.m.
- Modified: June 10, 2024, 4 p.m.
Indicators
- f5ebe440931d1d003a51133ad1f727daf2410ba50d9f51818938c269bb7fe806
- e4163490b168b5529fc9b3d60ad6f18bfae0a9eaaf462388fe7f9f53becf5aa9
- 8b6694896f82a64ce6fd01d6f724c7ec64596577afd84e690377eb4c5bbe3ca3
- 6b31ef2e4c43ee9fcdf3eeff0be269fa4c31aba5640e58c68c8865b3e625db0e
- 646e7831bb18374b9abac184f1c6b9ab5e1ae3d919b8a7b311ac824fa869ceef
- 41d7e67176eb1c406fb8c545e4d14fa694a63bf38aa7423d61d8cd48999e40ce
- 61d7aacc11ca248ae8c54bd56f3603a592435baa7fb36b5822e7b62e5c8fcd61
- 36c9500e41f43ef142c73d781669e976e44c472e55a67e27badb5e7f226d188b
- 35cf0e36dd5c8ca090b51704dfdad6d939067b61f468f2e181dd0c2b5444bb9d
- 2ad2dea7acc4cee8554a072d445bbee5c0ddfcf6b5bd1a2da8eb78c3bea96cba
- 24daf0b69dcc17c24bbc858d166cc85270bf82ab57bc159e88f193c7dc0b1501
- 1cf712b65cb67a06b0376921ffe2a697fc34284140eb6c79738daee3367dfec8
- 2393fe7adb5f51d741323d06a5acf477a88e29b6a365b646565750ddb43088e9
- 43.132.235.4
- 43.132.212.111
- 43.129.233.99
- 124.156.134.223
- 43.129.233.146
- 101.33.117.200
- 119.28.41.143
- 119.28.32.143
- wenjian2024.com
- fpwenj.zhangyaodong5.com
- tzsxr.com
- kfurl.cn
- scpgjhs.com