National Cyber Warfare Foundation (NCWF)

ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth


0 user ratings
2026-07-02 09:30:17
milo
Red Team (CNA)

A recent surge in ValleyRAT activity that combines RC4-encrypted payloads, Donut-generated shellcode, and in-memory execution via suspended rundll32 processes to evade detection. First named by Proofpoint in 2023, ValleyRAT continues to evolve: LevelBlue’s telemetry shows a marked increase in successful detections beginning May 2025 and accelerating into 2026. The threat now presents through two primary […]


The post ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.



Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/valleyrat-uses-rc4-encryption/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.