Overview

overview

10

Static

static

1

Update.dll

windows7-x64

10

Update.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Update.dll

  • Size

    2.1MB

  • Sample

    250328-jswexattgt

  • MD5

    07ac1439cee26e090be31ecc0eedc02b

  • SHA1

    d225d63ee5bd082525192320296063cfa3576263

  • SHA256

    d036bf5f6400177e078f4b8bab5f817430eb4dbdf79461c6f273bd73f7c312c7

  • SHA512

    0ebb6aad4df9352c913f44fe57b909c27fe7e8a404c1a8af883e3edcb566b11f74929515b615879599f3c1685a2c263129aa69869d7d7a2717932aae0233ab2e

  • SSDEEP

    49152:nHJnQ8XCyid1PGtLm171zY5C0dZTI0OOoELGNp4G1XLxxDlupZ5:npQ8SyiddGtLixzY5dd9I07LLGNpN1X+

Score
10/10
valleyrat_s2backdoordiscoveryexecution

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

C2

154.44.8.39:443

154.44.8.39:80

154.44.8.39:8011
Attributes
  • campaign_date

    2025. 3. 7

Targets

    • Target

      Update.dll

    • Size

      2.1MB

    • MD5

      07ac1439cee26e090be31ecc0eedc02b

    • SHA1

      d225d63ee5bd082525192320296063cfa3576263

    • SHA256

      d036bf5f6400177e078f4b8bab5f817430eb4dbdf79461c6f273bd73f7c312c7

    • SHA512

      0ebb6aad4df9352c913f44fe57b909c27fe7e8a404c1a8af883e3edcb566b11f74929515b615879599f3c1685a2c263129aa69869d7d7a2717932aae0233ab2e

    • SSDEEP

      49152:nHJnQ8XCyid1PGtLm171zY5C0dZTI0OOoELGNp4G1XLxxDlupZ5:npQ8SyiddGtLixzY5dd9I07LLGNpN1X+

    Score
    10/10
    valleyrat_s2backdoordiscoveryexecution

    • ValleyRat

      ValleyRat stage2 is a backdoor written in C++.

      backdoorvalleyrat_s2

    • Valleyrat_s2 family

      valleyrat_s2

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks