ValleyFall Spyware – Tales of malware discovery and hunting in the wild
The “ValleyFall” malware is a new cyber threat we have identified in the wild in late April 2023. The process of uncovering new malware, hunting for related samples, and constructing their network, can prove to be a challenge due to the constantly evolving and stealthy nature of cyber threats. This proactive effort is essential to comprehend the latest tactics and techniques and provide effective defense. This talk covers malware discovery procedures, and we delve into an in-depth analysis of ValleyFall, highlighting the crucial role of hunting in malware research. A brief introduction of this malware family is going to be presented first, followed by the infection chain, the tactics and techniques that we had identified while analyzing its code structure, and pinpoint the malicious functionalities. Subsequently we present the importance of hunting procedures and how to define a hunting methodology. We conclude the presentation with our findings regarding the malware server hive and the impact in the wild based on our telemetry.
Mr. Marian Gusatu
Marian Gusatu works as a Specialist Threat Researcher at Gen Digital Inc. His expertise lies in reverse engineering, malware analysis and hunting, as well as vulnerability research from both offensive and defensive perspectives.