valleyrat_s2 | 78b8cd9ed9cdfe32f62396f1546c0739b66cf15c8ef5a71d5858358295fc8b15 | Triage

Sharing

General

Target

78b8cd9ed9cdfe32f62396f1546c0739b66cf15c8ef5a71d5858358295fc8b15.dll
Size

2.2MB
Sample

250328-jsas7sttf1
MD5

cc66527f0069ca11c2f1f51411135199
SHA1

4e3d3f90abc13e451822f20a943a158d5ed1d207
SHA256

78b8cd9ed9cdfe32f62396f1546c0739b66cf15c8ef5a71d5858358295fc8b15
SHA512

71e028b43aca70c2c06fa16226d71602121b3bb78806c098386ebd6d4e255875f498c0861f908ee723139ea8b448f73cc6de1afb3b0c8dff7e3ac77273029133
SSDEEP

49152:L2cV7CFHgGbWJsUqtmNaOhVYcSUuamW5zo76e7+7WVuSwiPSCmDS+5uSlZLun40:NxOAGbWuUmmNaMVrSU735zoWe7+7WGu

Score

10^/10

valleyrat_s2 backdoor discovery execution

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

C2

154.44.8.39:443

154.44.8.39:80

154.44.8.39:8011

Attributes

campaign_date
2025. 3. 7

Targets

- Target
  
  78b8cd9ed9cdfe32f62396f1546c0739b66cf15c8ef5a71d5858358295fc8b15.dll
- Size
  
  2.2MB
- MD5
  
  cc66527f0069ca11c2f1f51411135199
- SHA1
  
  4e3d3f90abc13e451822f20a943a158d5ed1d207
- SHA256
  
  78b8cd9ed9cdfe32f62396f1546c0739b66cf15c8ef5a71d5858358295fc8b15
- SHA512
  
  71e028b43aca70c2c06fa16226d71602121b3bb78806c098386ebd6d4e255875f498c0861f908ee723139ea8b448f73cc6de1afb3b0c8dff7e3ac77273029133
- SSDEEP
  
  49152:L2cV7CFHgGbWJsUqtmNaOhVYcSUuamW5zo76e7+7WVuSwiPSCmDS+5uSlZLun40:NxOAGbWuUmmNaMVrSU735zoWe7+7WGu
Score

10^/10

valleyrat_s2 backdoor discovery execution
- ValleyRat
  ValleyRat stage2 is a backdoor written in C++.
  backdoor valleyrat_s2
- Valleyrat_s2 family
  valleyrat_s2
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

valleyrat_s2backdoordiscoveryexecution

behavioral2

valleyrat_s2backdoordiscoveryexecution