A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

NetmanageIT OpenCTI - opencti.netmanageit.com

A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers



SUMMARY :

FortiGuard Labs recently encountered an ongoing malware campaign specifically targeting Chinese speakers. The attack utilizes a multi-stage malware named ValleyRAT, which employs diverse techniques to monitor and control victims while deploying arbitrary plugins. A notable characteristic is its heavy usage of shellcode to execute components directly in memory, reducing its file footprint. The campaign involves masquerading legitimate applications, sandbox evasion, privilege escalation, and downloading additional components from the Command and Control server. The malware ultimately aims to monitor user activities and deliver malicious plugins.

OPENCTI LABELS :

sandbox evasion,windows registry,shellcode,valleyrat,cmstplua com class


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers