Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

New Updates to ValleyRAT

June 10, 2024, 4 p.m.

Description

Zscaler ThreatLabz recently uncovered a new campaign used to deliver the latest iteration of ValleyRAT, a remote access trojan attributed to a China-based threat actor. The campaign involves multiple stages, with the initial stage downloader utilizing an HTTP File Server (HFS) to fetch subsequent components. The malware employs various evasive techniques such as anti-virus checks, DLL sideloading, and process injection. ValleyRAT's latest version introduces new capabilities like capturing screenshots, process filtering, forced shutdowns, and clearing Windows event logs. Additionally, it enhances device fingerprinting and bot ID generation mechanisms.

Date

Published: June 10, 2024, 3:41 p.m.

Created: June 10, 2024, 3:41 p.m.

Modified: June 10, 2024, 4 p.m.

Indicators

f5ebe440931d1d003a51133ad1f727daf2410ba50d9f51818938c269bb7fe806

e4163490b168b5529fc9b3d60ad6f18bfae0a9eaaf462388fe7f9f53becf5aa9

8b6694896f82a64ce6fd01d6f724c7ec64596577afd84e690377eb4c5bbe3ca3

6b31ef2e4c43ee9fcdf3eeff0be269fa4c31aba5640e58c68c8865b3e625db0e

646e7831bb18374b9abac184f1c6b9ab5e1ae3d919b8a7b311ac824fa869ceef

41d7e67176eb1c406fb8c545e4d14fa694a63bf38aa7423d61d8cd48999e40ce

61d7aacc11ca248ae8c54bd56f3603a592435baa7fb36b5822e7b62e5c8fcd61

36c9500e41f43ef142c73d781669e976e44c472e55a67e27badb5e7f226d188b

35cf0e36dd5c8ca090b51704dfdad6d939067b61f468f2e181dd0c2b5444bb9d

2ad2dea7acc4cee8554a072d445bbee5c0ddfcf6b5bd1a2da8eb78c3bea96cba

24daf0b69dcc17c24bbc858d166cc85270bf82ab57bc159e88f193c7dc0b1501

1cf712b65cb67a06b0376921ffe2a697fc34284140eb6c79738daee3367dfec8

2393fe7adb5f51d741323d06a5acf477a88e29b6a365b646565750ddb43088e9

43.132.235.4

43.132.212.111

43.129.233.99

124.156.134.223

43.129.233.146

101.33.117.200

119.28.41.143

119.28.32.143

wenjian2024.com

fpwenj.zhangyaodong5.com

tzsxr.com

kfurl.cn

scpgjhs.com

Attack Patterns

ValleyRAT

T1120

T1010

T1574.002

T1113

T1518.001

T1529

T1082

T1057

T1083

T1071

T1055

T1036

T1140