ValleyRAT Insights: Tactics, Techniques, and Detection Methods

Oct. 25, 2024, 3:52 p.m.

Description

ValleyRAT is a remote access Trojan targeting Chinese-speaking users through phishing campaigns. It employs multi-stage, multi-component tactics to evade detection and maintain persistence. The malware uses various techniques including process injection, registry manipulation, and UAC bypass. It attempts to disable antivirus software and evade sandboxes. ValleyRAT creates scheduled tasks and modifies registry keys for persistence. The analysis reveals its use of MITRE ATT&CK techniques such as startup folder manipulation, process injection, and command and control communication. The blog provides insights into ValleyRAT's tactics and offers detection methods to defend against this evolving threat.

Date

Published: Oct. 25, 2024, 9:19 a.m.

Created: Oct. 25, 2024, 9:19 a.m.

Modified: Oct. 25, 2024, 3:52 p.m.

Indicators

a67e68ae707f413ef9e64fa53d661c3f60c7bf466af1b547da818d9ac01e10a0

d208b80a6608c72c3c590f86d93b074533c0c4ef8a46b6d36ed52cc2b4c179d5

14bf52de60e60a526141ffe61ef5afc2a3bc7d60d4086e644ec80e67513d2684

Attack Patterns

ValleyRAT

T1016.001

T1548.002

T1547.001

T1012

T1497

T1562.001

T1071

T1055

T1053

Additional Informations

China