Sainbox Rat

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Sainbox RAT is a type of malware, or malicious software, that poses a significant threat to computer systems and devices. This harmful program is designed to infiltrate your system, often through suspicious downloads, emails, or websites, without your knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. Sainbox RAT has been particularly active between December 2022 and May 2023, despite not being new or advanced. Alongside this, another malware called ValleyRAT has been emerging within Chinese-themed cybercrime activities. The delivery method for both Sainbox RAT and ValleyRAT primarily involves the use of Excel and PDF attachments in emails, which contain URLs linking to compressed executables. These emails typically originate from Outlook or other free email addresses. If the recipient clicks on the URL, it leads to a zipped executable file that installs the Sainbox RAT. This remote access trojan is then associated with a command-and-control (C2) structure with variations of "fakaka" in the domain. Chinese-language speakers have become an increasing target of multiple email phishing campaigns aiming to distribute various malware families such as Sainbox RAT, Purple Fox, and the newly observed ValleyRAT. The cybersecurity firm Proofpoint has noted that these campaigns share similar tactics, techniques, and procedures (TTPs). Despite its age and relatively simple design, Sainbox RAT continues to pose a threat in 2023, alongside the emerging ValleyRAT.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sainbox
1
Sainbox, also known as FatalRAT, is a variant of the Gh0st RAT trojan malware that has been increasingly deployed in cybercrime activities, particularly those associated with suspected Chinese cybercrime operations. Proofpoint researchers have observed over 30 separate campaigns leveraging this malw
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Cybercrime
Chinese
Proofpoint
Outlook
Phishing
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ValleyratUnspecified
1
ValleyRAT, a new malware first identified by Proofpoint in March 2024 and initially reported by Chinese cybersecurity firm Qi An Xin in February 2023, has emerged on the cybercrime scene. The malicious software is written in C++ and carries functionalities typical of remote access trojans, such as f
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sainbox Rat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT
CERT-EU
10 months ago
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape | Proofpoint US
CERT-EU
10 months ago
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT – GIXtools
CERT-EU
10 months ago
A Wave of Chinese Cyberthreat Campaigns Use Old and New Malware
CERT-EU
10 months ago
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT | #cybercrime | #infosec | National Cyber Security Consulting
CERT-EU
10 months ago
Cyber Security Week in Review: September 22, 2023