valleyrat_s2 | f29e35c4c6bb6b273822a2754e8eb6755cd4a3dee014ecccbbc97ca2a500dcbc | Triage

Sharing

General

Target

2025-04-03_ab12f41e2e7b4faf5936da3ebcf4243a_amadey_karagany_rhadamanthys_smoke-loader
Size

108KB
Sample

250403-wj35ls1wbs
MD5

ab12f41e2e7b4faf5936da3ebcf4243a
SHA1

274f20e845d5ea3dc53621f9b674dc62e271efb8
SHA256

f29e35c4c6bb6b273822a2754e8eb6755cd4a3dee014ecccbbc97ca2a500dcbc
SHA512

a33c0e9f2d701dda65b179f28d4806886fe12bfc8c1e9220a9f6c20e1c127b4c3a7a24feb83f10a905607df9756e52f6cefd1314167d5a1ba65c35ab065f7ab1
SSDEEP

3072:w0i9D8pM9W91fAXev5jhW9h68XEPSCK5:w0iapM6fAXePZ1ax

Score

10^/10

valleyrat_s2 discovery

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

C2

154.219.97.191:6666

Attributes

campaign_date
2025. 3.14

Targets

- Target
  
  2025-04-03_ab12f41e2e7b4faf5936da3ebcf4243a_amadey_karagany_rhadamanthys_smoke-loader
- Size
  
  108KB
- MD5
  
  ab12f41e2e7b4faf5936da3ebcf4243a
- SHA1
  
  274f20e845d5ea3dc53621f9b674dc62e271efb8
- SHA256
  
  f29e35c4c6bb6b273822a2754e8eb6755cd4a3dee014ecccbbc97ca2a500dcbc
- SHA512
  
  a33c0e9f2d701dda65b179f28d4806886fe12bfc8c1e9220a9f6c20e1c127b4c3a7a24feb83f10a905607df9756e52f6cefd1314167d5a1ba65c35ab065f7ab1
- SSDEEP
  
  3072:w0i9D8pM9W91fAXev5jhW9h68XEPSCK5:w0iapM6fAXePZ1ax
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1