valleyrat_s2 | 2974e4eb86ceb963caf3b6dbca86995bd31955df16b00e5735178a4a98b85e00 | Triage

Submit
Reports

Overview

overview

Static

static

1

Google AI ....3.msi

windows10-ltsc_2021-x64

Google AI ....3.msi

windows11-21h2-x64

Sharing

General

Target

Google AI Browser v1.3.3.msi
Size

68.9MB
Sample

250403-v71hystlv2
MD5

fab734d9abaa41a7c47795c828419bbc
SHA1

f6c4d2800b8658f4d21c6c6438109829fbb722c0
SHA256

2974e4eb86ceb963caf3b6dbca86995bd31955df16b00e5735178a4a98b85e00
SHA512

0ea366f757e84253a7583b77bdffa16ce74e92a20cd4dde4e0a3fcede0a6a258e9ff3cfb5def49a7fde3d1ee1309fe54683b41986e3ac4ec136757d666714678
SSDEEP

1572864:n0uJbTTPj3Rbu7Fh0Cv7OuQ5kVxc6sj/kcAXpUmUewr5/Rf3C/mAmhen3Z/:FvT9u7Ak7OuQ16sEZUm6r5JV

Score

10^/10

valleyrat_s2 backdoor discovery

Static task

static1

Behavioral task

behavioral1

Sample

Google AI Browser v1.3.3.msi

Resource

win10ltsc2021-20250314-en

valleyrat_s2 backdoor discovery

windows10-ltsc_2021-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Google AI Browser v1.3.3.msi

Resource

win11-20250313-en

valleyrat_s2 backdoor discovery

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

C2

23.133.4.6:6666

23.133.4.6:7777

127.0.0.1:80

Attributes

campaign_date
2025. 3. 2

Targets

- Target
  
  Google AI Browser v1.3.3.msi
- Size
  
  68.9MB
- MD5
  
  fab734d9abaa41a7c47795c828419bbc
- SHA1
  
  f6c4d2800b8658f4d21c6c6438109829fbb722c0
- SHA256
  
  2974e4eb86ceb963caf3b6dbca86995bd31955df16b00e5735178a4a98b85e00
- SHA512
  
  0ea366f757e84253a7583b77bdffa16ce74e92a20cd4dde4e0a3fcede0a6a258e9ff3cfb5def49a7fde3d1ee1309fe54683b41986e3ac4ec136757d666714678
- SSDEEP
  
  1572864:n0uJbTTPj3Rbu7Fh0Cv7OuQ5kVxc6sj/kcAXpUmUewr5/Rf3C/mAmhen3Z/:FvT9u7Ak7OuQ16sEZUm6r5JV
Score

10^/10

valleyrat_s2 backdoor discovery
- ValleyRat
  ValleyRat stage2 is a backdoor written in C++.
  backdoor valleyrat_s2
- Valleyrat_s2 family
  valleyrat_s2
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

valleyrat_s2backdoordiscovery

behavioral2

valleyrat_s2backdoordiscovery

© 2018-2025

Terms | Privacy