ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth

A recent surge in ValleyRAT activity that combines RC4-encrypted payloads, Donut-generated shellcode, and in-memory execution via suspended rundll32 processes to evade detection. First named by Proofpoint in 2023, ValleyRAT continues to evolve: LevelBlue’s telemetry shows a marked increase in successful detections beginning May 2025 and accelerating into 2026. The threat now presents through two primary […]

The post ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Read the original article: