Overview
overview
9Static
static
7Bunifu_UI_v1.5.3.dll
windows7-x64
1Bunifu_UI_v1.5.3.dll
windows10-2004-x64
1Guna.UI.dll
windows7-x64
1Guna.UI.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1TrinitySeal.dll
windows7-x64
1TrinitySeal.dll
windows10-2004-x64
1Valorant C...Or.exe
windows7-x64
9Valorant C...Or.exe
windows10-2004-x64
9core.exe
windows7-x64
7core.exe
windows10-2004-x64
7libcef.exe
windows7-x64
1libcef.exe
windows10-2004-x64
1libexec.exe
windows7-x64
9libexec.exe
windows10-2004-x64
9skins.list
windows7-x64
3skins.list
windows10-2004-x64
3xNet.dll
windows7-x64
1xNet.dll
windows10-2004-x64
1General
-
Target
ValoKeker-Cracked-By-SpArtOr-Cox.zip
-
Size
6.5MB
-
Sample
230405-ac8kvsag77
-
MD5
9ec7f031dbc63767588d95ecaf4b2774
-
SHA1
64cc780657cce71dcb075ce5eb53135b49df2fdd
-
SHA256
7d5c55a30071acc646a6c894e2fb31ba150e79775ac80dbdc4f47826df96b442
-
SHA512
9020ef0fe8f912b61d4f7d8e694fff9e796d890ac24a3c031bf9f4f990babcd167f28d6835aa75d1bed60021859daea4123b1de786685880e62141fd8600c215
-
SSDEEP
98304:FwxN1u1uNxyvyWMVNwJ3vkwFbhmujjTTfnCB2zuYXQYEN3XxdKGdz:FwxN01nvggJ37Fb4ujXfnXz5XM7z
Behavioral task
behavioral1
Sample
Bunifu_UI_v1.5.3.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Bunifu_UI_v1.5.3.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Guna.UI.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Guna.UI.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Newtonsoft.Json.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
TrinitySeal.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
TrinitySeal.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral9
Sample
Valorant Checker Cracked By Cox & SpArtOr.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Valorant Checker Cracked By Cox & SpArtOr.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
core.exe
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
core.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
libcef.exe
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
libcef.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
libexec.exe
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
libexec.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
skins.list
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
skins.list
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
xNet.dll
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
xNet.dll
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Bunifu_UI_v1.5.3.dll
-
Size
323KB
-
MD5
e0ef2817ee5a7c8cd1eb837195768bd2
-
SHA1
426ea1e201c7d3dc3fadce976536edce4cd51bce
-
SHA256
76e1d3ec95fdef74abaf90392dd6f4aa5e344922abf11e572707287d467f2930
-
SHA512
5ad95dd7f0e712d543acfe7fd4539695f7e894988c0a2c44231c43e5ee29e743cb1ffe6bdf1fbdbdcfd3aa374f036113bcc6a1befd0114954093520bac47234c
-
SSDEEP
3072:cF7t/92eSp+nuthzYeSRwwdrmMaXyXL5NQKCZIWD144HcH0CbBxyKfoYA05bC61h:eOthMswV7aXyXLSO4HcHByY35b9DYr
Score1/10 -
-
-
Target
Guna.UI.dll
-
Size
1.1MB
-
MD5
8673eae95d67e5eb19f0eca3111408e8
-
SHA1
ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb
-
SHA256
576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d
-
SHA512
65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239
-
SSDEEP
24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q
Score1/10 -
-
-
Target
Newtonsoft.Json.dll
-
Size
495KB
-
MD5
283544d7f0173e6b5bfbfbc23d1c2fb0
-
SHA1
3e33b2ef50dac60b7411a84779d61bdb0ed9d673
-
SHA256
9165e595b3a0de91ac91a38e742597e12ebb2a5a8fa53058d964a06ceaef7735
-
SHA512
150b45cd43dc5cf191c85524c15dea09fbb48766ad802851270eaacfd73f3d097fef8dcf0ea042184220e7bc71413677d88a206d8bbe60374986e4789054040b
-
SSDEEP
12288:7MzH+hB/pzxJi3X3+b6umJBDARbeqTJge:HLpXk+b6umJBDAJeqtge
Score1/10 -
-
-
Target
TrinitySeal.dll
-
Size
304KB
-
MD5
0788cb32d5eb03916c701e0d18e25a74
-
SHA1
760162267263322208b979b587fa5d65dd997fec
-
SHA256
ea8e5043fce2ea44dfa01bff4336babc27e12dd0cb8509bbd1f3d1d2f98713b0
-
SHA512
875e369ce7a97dc061745e8c3b30099c3771f44b88359e56999fe09649e4d6458d1389d29defad62e4f398d95293a1e698d728390e4419f7409fd01c5e14b4dd
-
SSDEEP
6144:+Af3+mh/e+Z9f6Vg7yfFi55nyfep86fK5t9iVSHpVgMhX/tXm0jg7aO:BPZ9f6VFfFkykK5yV8pqMhvtXm0OaO
Score1/10 -
-
-
Target
Valorant Checker Cracked By Cox & SpArtOr.exe
-
Size
796KB
-
MD5
2310a0eb5dab4238a3a7735dead8876b
-
SHA1
0a5118d6a07481a5ccf2e2862876e4ce6065a1c8
-
SHA256
1c140db987c4b49a68a07a90aa24641219e7d6e3dc8179e7dc81c289738095eb
-
SHA512
aeac11350b8de578a38246fbb71c53d7e941ce3c7632b92174d495eacf1e9d9b4e6fe2afb30fb20495b3d6687fbc7c9f49b8fe240eeb69670160f0fb3194fbdb
-
SSDEEP
12288:iwAwpyjN3Xz1/uOg+6Io7FXr9KEvob1vbfPsGOG7P+KN5Lu4zAHvPi3F:iwAwkN3Xz1/uOg+6IRb1vb3sGO2Q3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
core.cfg
-
Size
1.0MB
-
MD5
b80c43bb6498b06af9810e786ffe6b36
-
SHA1
8a02118c517d72809db439baa7c2ed697428ad01
-
SHA256
e844b3cc77afb93588eee1f6e06932b7dd62cb863f5bf9e4195a09e443d526a8
-
SHA512
580f5f9095c77f40918227409772727ca1965eacf97b83dd11b9b3607d9052d1ed6681948fdd0d4fb8e17e9e374f63281141875b1b4b62c3455b9bd61803f074
-
SSDEEP
12288:IGSthdqeEufN+TorNM4aW0i+nrFPi8SyZPimPirPi/G0RAdtGPi:hudqeEiNAorNzIdDSyV/SCAdtm
Score7/10 -
-
-
Target
libcef.lib
-
Size
291KB
-
MD5
797f15c89fc3dc9d052061202c9d65cf
-
SHA1
d67178eedd91ab53c79ded28c0fd87d0149ac8ca
-
SHA256
6a2df4801d1b40e34b9b1be91b0aaa6e49da66fd5ed09254d83af2ec86c8d81c
-
SHA512
1193098cb4bbbe247dfa9f984959a6b1237d98793a232a3ce3ca6de9976310b8e7c0b63c27ac599afcb48c14576047090b53432b8fda3c7e5d093e31ecacd422
-
SSDEEP
6144:JKx4ytgiRFFTrouqPIJMWWnOYFqLBLMuHJ4BcpfLAOi7y:tyR1TrouqPIJMWWOYluHJqe0
Score1/10 -
-
-
Target
libexec.lib
-
Size
2.0MB
-
MD5
c0ac0367a40430af221b8c03417c2a73
-
SHA1
7d883b5094f8dd9c4b5cb96910d21aa5eba49bc5
-
SHA256
4c01ded1e8e7171e860ebe7b2bb949a2bcdd9b7aad7e5905a8f2a393670f20ec
-
SHA512
0bc0a45b6f05042dc954c507350e14f811f973aab3b170141e9349a25a71b4699f2dd41db8175107d4e5938158b5712c9971654e6d3d174853b65b92e7c95955
-
SSDEEP
49152:1gQsyP4JX/sdwSQHjnpMRGbaMfJTTVVXIMSW5lnnRoe:1WJX/cwfDpUGbzdTVVYzORoe
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
skins.list
-
Size
128KB
-
MD5
39169c9e54cc14285692937f205e5987
-
SHA1
b73d8f2ae37ca6c63b13a76db30449583572f713
-
SHA256
91b990b6375423883de0ddb25b76b38a079e753124594684324d3b979680c476
-
SHA512
03f1aa00c00d5c424c408020df83100812a91488c1a3fd790a9ec1f685e174b458ec6d23bc3c6b290b25795c42b8c212a77d040b63e3247bc7b11b8b4e52f2c0
-
SSDEEP
3072:rhPbD7h3ZZ/2LYhuFpMa7fQ6d/jkTj6mZnU:pjXhuHxI69jkTjpZU
Score3/10 -
-
-
Target
xNet.dll
-
Size
112KB
-
MD5
ee9562fa37c96db8e0f73970c91a3c85
-
SHA1
7196b61919bc7c304bdea78a6c2912668033b30b
-
SHA256
5ac962a9121ef7ab0f479e647961f3e2ca086e3cb306a47b8e3dc3f72e669842
-
SHA512
b25953ac960beb122e83b592a1ce96865283bd64de16c5e525dcafa7212e5b6426d7f4d27888aa26dd95dcc1b4bd6d72bdfd7e62350e5eecaced1b25a3f5ec1b
-
SSDEEP
3072:0jrGwxJJQeg49YnlMY3wiWo0YNyYTqnV+xnEdd:CrGwgplgYTqnV+xnEd
Score1/10 -