Check Point Research has conducted an in-depth analysis of ValleyRAT, a sophisticated Remote Access Trojan (RAT). Their investigation revealed intricate details about its builder component and the utilization of kernel rootkits for advanced persistence and evasion.

ValleyRAT’s Advanced Capabilities

ValleyRAT stands out due to its advanced functionalities, including a robust builder that allows attackers to customize the malware for specific targets. A key discovery in the research is ValleyRAT’s deployment of kernel rootkits. These rootkits enable the RAT to embed itself deep within the operating system, making it exceptionally difficult to detect and remove, thus ensuring long-term persistence on compromised systems.

From Builder to System Control

The analysis by Check Point details how ValleyRAT’s builder is instrumental in preparing the malware for deployment. Once active, its kernel-level access grants attackers extensive control over a compromised system. This level of sophistication underscores ValleyRAT’s capability to maintain stealth and execute various malicious operations undetected, posing a significant threat to targeted environments.

Source: https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/