valleyrat_s2 | 4f13d4a71a5c335c0f3cf15b31dcbdd42cf9298ceb63be0bf1846233150ecea7 | Triage

Sharing

General

Target

4f13d4a71a5c335c0f3cf15b31dcbdd42cf9298ceb63be0bf1846233150ecea7.msi
Size

5.2MB
Sample

250401-vh3l1sswc1
MD5

cdec46b72a3d0ee11807fd836fb1a6a1
SHA1

d917ae9aa96183fabc5741c24ee092a1996e3b07
SHA256

4f13d4a71a5c335c0f3cf15b31dcbdd42cf9298ceb63be0bf1846233150ecea7
SHA512

3ce9d1c2f37ebd029988b7970584bb73aac45680720953a7f4030b87d0e704fa7e42af5261eaabf0e975b464ff150282805b5106d54f4131d044719298503271
SSDEEP

98304:7yXtlFC2Yj0r1V9kWbezWqsfuCYQwev/mpRt9HOeZ9MDRrPa17o:7ydlQ280r9kYAPsffYQoOm9qRrCx

Score

10^/10

valleyrat_s2 backdoor discovery persistence privilege_escalation

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

C2

47.236.171.20:10000

47.236.171.20:20000

127.0.0.1:80

Attributes

campaign_date
2024.12.25

Targets

- Target
  
  4f13d4a71a5c335c0f3cf15b31dcbdd42cf9298ceb63be0bf1846233150ecea7.msi
- Size
  
  5.2MB
- MD5
  
  cdec46b72a3d0ee11807fd836fb1a6a1
- SHA1
  
  d917ae9aa96183fabc5741c24ee092a1996e3b07
- SHA256
  
  4f13d4a71a5c335c0f3cf15b31dcbdd42cf9298ceb63be0bf1846233150ecea7
- SHA512
  
  3ce9d1c2f37ebd029988b7970584bb73aac45680720953a7f4030b87d0e704fa7e42af5261eaabf0e975b464ff150282805b5106d54f4131d044719298503271
- SSDEEP
  
  98304:7yXtlFC2Yj0r1V9kWbezWqsfuCYQwev/mpRt9HOeZ9MDRrPa17o:7ydlQ280r9kYAPsffYQoOm9qRrCx
Score

10^/10

valleyrat_s2 backdoor discovery persistence privilege_escalation
- ValleyRat
  ValleyRat stage2 is a backdoor written in C++.
  backdoor valleyrat_s2
- Valleyrat_s2 family
  valleyrat_s2
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

valleyrat_s2backdoordiscoverypersistenceprivilege_escalation