Valleyrat

Malware updated 23 days ago (2024-08-15T17:17:39.660Z)

Download STIX

Preview STIX

ValleyRAT is a multi-stage malware written in C++, first documented by Chinese cybersecurity firm Qi An Xin in February 2023. It harbors functionalities traditionally seen in remote access trojans, such as fetching and executing additional payloads (DLLs and binaries) sent from a remote server and enumerating running processes, among others. Upon execution of an embedded shellcode, the ValleyRAT DLL is reflectively loaded and executed in the system. A component then sends a request for the ValleyRAT payload downloader, highlighting the malware's primary purpose - to download the ValleyRAT payload. FortiGuard Labs recently encountered an ongoing ValleyRAT campaign specifically targeting Chinese systems. This configuration closely mirrors previously reported ValleyRat campaigns, containing the latest C2 servers and other settings for the RAT. The malware utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage. A unique feature of this campaign involves the malware sending 登录模块.dll_bin (translated as Login module.dll_bin) to request the ValleyRAT malware. While Gh0st RAT has been widely used in various cyber campaigns linked to China over the years, the emergence of ValleyRAT suggests it could be widely deployed in the future. The perpetrators behind these attacks are expected to continue using a mix of both older malware and the new ValleyRAT malware. The discovery of ValleyRAT underscores the evolving nature of cyber threats and the need for constant vigilance and robust cybersecurity measures.

Description last updated: 2024-08-15T17:15:44.962Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Chinese

Payload

Trojan

Phishing

Shellcode

Fortiguard

Downloader

Cybercrime

Apt

Rat

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Sainbox	Unspecified	2	Sainbox, also known as FatalRAT, is a variant of the Gh0st RAT trojan malware that has been increasingly deployed in cybercrime activities, particularly those associated with suspected Chinese cybercrime operations. Proofpoint researchers have observed over 30 separate campaigns leveraging this malw

Source Document References

Information about the Valleyrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	21 days ago	Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	22 days ago	ValleyRAT malware is targeting Chinese-speaking users
InfoSecurity-magazine	23 days ago	Advanced ValleyRAT Campaign Hits Windows Users in China
Fortinet	23 days ago	A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers \| FortiGuard Labs
CERT-EU	a year ago	Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT
CERT-EU	a year ago	Cyber Security Week in Review: September 22, 2023
CERT-EU	a year ago	Malware-spreading phishing attacks target Chinese users
BankInfoSecurity	a year ago	Financially Motivated Hacks by Chinese-Speaking Actors Surge
CERT-EU	a year ago	Report: Increase in Chinese-Language Malware Could 'Challenge' Russian Dominance of Cybercrime
CERT-EU	a year ago	New Spike in Malware from Chinese Cybercriminals Floods the Threat Landscape – Proofpoint Research – Global Security Mag Online
CERT-EU	a year ago	A Wave of Chinese Cyberthreat Campaigns Use Old and New Malware
CERT-EU	a year ago	Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT – GIXtools
CERT-EU	a year ago	Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT \| #cybercrime \| #infosec \| National Cyber Security Consulting
CERT-EU	a year ago	Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape \| Proofpoint US