ValleyRAT Exploiting BYOVD to Kill Endpoint Security
During threat-intelligence activities, we identified a new ValleyRAT campaign distributing fake application installers (e.g., WinRAR, Telegram, and others). The installer drops multiple binaries; one stood out: a file named NVIDIA.exe (SHA-256: b4ac2e473c5d6c5e1b8430a87ef4f33b53b9ba0f585d3173365e437de4c816b2), which, during analysis, revealed the presence of an unknown driver used to support its operations. NVIDIA.exe’s main logic is deliberately simple. It defines […]