valleyrat_s2 | b929b4efc4af3e5e34b74e4ed2fda0e46c159742b2f0a9117b54516a25c75a4d | Triage

Sharing

General

Target

01042025_0121_31032025_AI自动化办公表格制作生成工具安装包.rar
Size

162KB
Sample

250401-bqtvas1vct
MD5

970fdeb82957fdb44608e5d0bb4e4be2
SHA1

12cdf7a9bdb3af8a303f4241dc9894650f4d94e7
SHA256

b929b4efc4af3e5e34b74e4ed2fda0e46c159742b2f0a9117b54516a25c75a4d
SHA512

d49af8ae706cf5193d32fd7d6d9301d9849e0164f12ec8950cbde093e5223c50aa70efee5f2a22252d70ff9e30e054cbec9bd22f4f218ddd0f9f770d6bf9d29e
SSDEEP

3072:myrFigWYUlYn8zi0OZaiX74fOwmWPbnA5cygT2a9jHj88lslLJW9l:Nrx0CaiXUfOM7A55+28o8OlLJW9l

Score

10^/10

valleyrat_s2 backdoor

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

C2

43.225.58.178:6666

43.225.58.178:8888

43.225.58.178:7777

Attributes

campaign_date
2025. 3.30

Targets

- Target
  
  AI自动化办公表格制作生成工具安装包/steam_api64.dll
- Size
  
  107KB
- MD5
  
  3198b729513bf5a65e39be989298079b
- SHA1
  
  a79a312a5c8884ec4b51aa4d776ba5793de09ffc
- SHA256
  
  d6387be78d258a820e4cb35ec53c65d52a813b63147488629b56269f6648adc1
- SHA512
  
  05c6431a07aad1f276431d99beb4f4dd8e247bde96084cbe5ae0bce01ca262827e96a9187aec4d3dd41c08afde594d1bb98217dfe09718bb4eb3907e0f2bde2e
- SSDEEP
  
  3072:bw0WMZYV7iTQbXAukRJtps7Fo/3e6Uege/EYpVPVZ:bw0xGVQGXAu2iQV9
Score

10^/10

valleyrat_s2 backdoor
- ValleyRat
  ValleyRat stage2 is a backdoor written in C++.
  backdoor valleyrat_s2
- Valleyrat_s2 family
  valleyrat_s2
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  AI自动化办公表格制作生成工具安装包/双击安装.exe
- Size
  
  253KB
- MD5
  
  c20383afabfbd60298b6b2385237a008
- SHA1
  
  902438f6bcc919f98b195f4de2560a311ff5dcd0
- SHA256
  
  a8a42814c253ca5e93e81be5bd69149ff71b9ac3024420614fba37fb0834b3c0
- SHA512
  
  e844938501c7fe3da490e5d5b0172077829715d137ee1f9b770bbaf1ae1700ed0cb532da819beeba04ce7df926b9c81bc194bf7d5c3eb8c57625dc4aa8dc2bd2
- SSDEEP
  
  3072:oehT3vurb+DJte4ytrYwFK8zk9J7TL6WxBEC7AVUAQ/J5foY46pjQ02WO9Fc43Lx:Xz4qDJte4yZjQ8zknFnkX+zohQs9BZ2u
Score

10^/10

valleyrat_s2 backdoor
- ValleyRat
  ValleyRat stage2 is a backdoor written in C++.
  backdoor valleyrat_s2
- Valleyrat_s2 family
  valleyrat_s2
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

valleyrat_s2backdoor

behavioral2

valleyrat_s2backdoor