General

  • Target

    Valorant_Cleaner.exe

  • Size

    3.1MB

  • Sample

    240411-vt1a2abd6z

  • MD5

    5c04631fafe2dbe3449a83310dcdf9b1

  • SHA1

    bccdbaf8352dec9f0e4a25cf74021e23b2ff6a7d

  • SHA256

    e085adcc6a2c0ed6115ccb2b9ddaf5b8204b0e9c7a2f62c4fe922b0551d96f53

  • SHA512

    2eb26a7690d29b785a6c8d05bc317e8c720dbeb4173b46afbd293cca7f1b95f6ab76c01f9731021a35e5733f07cd46cb4f691484f3275b8717cb0f67fa59b174

  • SSDEEP

    98304:PM/QLILHnQ9Ku35LGALBqzroXWC8nkYlx:U/QU7QfpVFqnoXWCelx

Malware Config

Targets

    • Target

      Valorant_Cleaner.exe

    • Size

      3.1MB

    • MD5

      5c04631fafe2dbe3449a83310dcdf9b1

    • SHA1

      bccdbaf8352dec9f0e4a25cf74021e23b2ff6a7d

    • SHA256

      e085adcc6a2c0ed6115ccb2b9ddaf5b8204b0e9c7a2f62c4fe922b0551d96f53

    • SHA512

      2eb26a7690d29b785a6c8d05bc317e8c720dbeb4173b46afbd293cca7f1b95f6ab76c01f9731021a35e5733f07cd46cb4f691484f3275b8717cb0f67fa59b174

    • SSDEEP

      98304:PM/QLILHnQ9Ku35LGALBqzroXWC8nkYlx:U/QU7QfpVFqnoXWCelx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks