ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth
A recent surge in ValleyRAT activity that combines RC4-encrypted payloads, Donut-generated shellcode, and in-memory execution via suspended rundll32 processes to evade detection.
First named…
Delivered by PolitePaul service