valleyrat_s2 | 2404-12-0x0000000010000000-0x0000000010024000-memory[.]dmp | Triage

Sharing

General

Target

2404-12-0x0000000010000000-0x0000000010024000-memory.dmp
Size

144KB
MD5

425c28a967741b4b7ae2e18742c3aeb8
SHA1

8e259129091e747ef4ed63fb313cbe86078ac65f
SHA256

9797ded6fe85a2079a8d143fbc24efce8a3ac23e1e3fb4da108abbac650a0a42
SHA512

fa42f41ac79a1367becff2bf90a92fb42bc6fb91bf337ffc93cfa78fcfdf654a37f62875b6be8af9a74a9558de680667fa54eecc8e8e67a703df7bbed398c561
SSDEEP

3072:oQWMJcsY7lE1g9DyLaoFtfiggN/bTneX5zYSB:oQWlq1g1yLLfiggN/bmsSB

Score

10^/10

valleyrat_s2

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

C2

154.44.8.39:443

154.44.8.39:80

154.44.8.39:8011

Attributes

campaign_date
2025. 3. 7

Signatures

Valleyrat_s2 family
valleyrat_s2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2404-12-0x0000000010000000-0x0000000010024000-memory.dmp

Files

2404-12-0x0000000010000000-0x0000000010024000-memory.dmp
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ