valleyrat_s2 | 9e78f89ffa70b6426595e1007db89bc2bd9fd39600d659a347f4689c5a1e67ad | Triage

Sharing

General

Target

9e78f89ffa70b6426595e1007db89bc2bd9fd39600d659a347f4689c5a1e67ad.exe
Size

4.4MB
Sample

250401-vky2lsvnz6
MD5

065029491d64e41610d29b401a173afe
SHA1

938c3da5cad02617f8924874abda72e0121ea357
SHA256

9e78f89ffa70b6426595e1007db89bc2bd9fd39600d659a347f4689c5a1e67ad
SHA512

9716a64662d5235c71aa3b2e21460bc105f6656fb5a5544c722f01de4321970b19f29548aae48506e75f15a0edd1f02021023cbfaaeac4074ca52421ccf79ca6
SSDEEP

98304:WGhi/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/X:8qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqO

Score

10^/10

valleyrat_s2 backdoor discovery

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

C2

47.236.171.20:10000

47.236.171.20:20000

127.0.0.1:80

Attributes

campaign_date
2024.12.25

Targets

- Target
  
  9e78f89ffa70b6426595e1007db89bc2bd9fd39600d659a347f4689c5a1e67ad.exe
- Size
  
  4.4MB
- MD5
  
  065029491d64e41610d29b401a173afe
- SHA1
  
  938c3da5cad02617f8924874abda72e0121ea357
- SHA256
  
  9e78f89ffa70b6426595e1007db89bc2bd9fd39600d659a347f4689c5a1e67ad
- SHA512
  
  9716a64662d5235c71aa3b2e21460bc105f6656fb5a5544c722f01de4321970b19f29548aae48506e75f15a0edd1f02021023cbfaaeac4074ca52421ccf79ca6
- SSDEEP
  
  98304:WGhi/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i/X:8qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqO
Score

10^/10

valleyrat_s2 backdoor discovery
- ValleyRat
  ValleyRat stage2 is a backdoor written in C++.
  backdoor valleyrat_s2
- Valleyrat_s2 family
  valleyrat_s2
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

valleyrat_s2backdoordiscovery