elysiumstealer

Sharing

Copy URL

Twitter E-mail

General

Target

Valorant-Spoofer-main.zip
Size

5.2MB
Sample

240712-tnvmxstanc
MD5

ec0dab7fed03907adca447869cfe8252
SHA1

546f3308503af8d92cd841210fe7fb71a17c661c
SHA256

87e343bc7a031476674f7c325bbdd6a702b135ba52cafd375a49eb228f84716e
SHA512

1ff97f6ce1172d5deb7b0c8d3fd88fd0196c34c9b28923dd0aca3820f357a8e3071b54e5b2310338938f4ea1893d076a236f76432a22444e22f20b0bf086caaa
SSDEEP

98304:HMpqmC+Ca/QRDGdaWsz9n0/VCcZhg5hl4xLmpTH5hY9ktSG1QRX:H43eagDn9nAhg5/kuTZhRDyX

Score

10^/10

Malware Config

Targets

- Target
  
  Valorant-Spoofer-main/AMIDEWINx64.exe
- Size
  
  452KB
- MD5
  
  c4d09d3b3516550ad2ded3b09e28c10c
- SHA1
  
  7a5e77bb9ba74cf57cb1d119325b0b7f64199824
- SHA256
  
  66433a06884f28fdabb85a73c682d1587767e1dfa116907559ec00ed8d0919d3
- SHA512
  
  2e7800aae592d38c4a6c854b11d0883de70f938b29d78e257ab47a8a2bbf09121145d0a9aea9b56c16e18cde31b693d31d7ebfcd0473b7c15df5d7ae6708bbd2
- SSDEEP
  
  6144:5VHFnEXbw2Y3h3NWqU/xdwpN8T4LUEDW9VXnHFudT7coWspLa:l8w2UNiX0gEOpnHFutV5
Score

1^/10
behavioral1
- Target
  
  Valorant-Spoofer-main/FN.bat
- Size
  
  30KB
- MD5
  
  8606f9785d32bf6a4700b1e544c8b170
- SHA1
  
  7f6c679831520aa248505ee9a19f8019dde21e3c
- SHA256
  
  1f008e7e3df9d5017d8cb893395fd08ef15bd45ea857f988c3aded86112d6f26
- SHA512
  
  b93f8efc55a393facb32d39fc9eb6d9811b80a358b36a9789a3cffe6526bc4ab957fe13144a98fda1140f4fdefdcabf87101382ff5cecfc3a9bf2bd673d44bcf
- SSDEEP
  
  384:29/Vo6d/s16JjVAJ9OSU5RCn3I3ktLioPpnRz+rV5pK/F23aKVed+NUSepyw98Wh:2DKS4LioPdRz+pnfxh94
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral2
- Target
  
  Valorant-Spoofer-main/Fortnite.bat
- Size
  
  30KB
- MD5
  
  8c6fb606eea8df99f458eaf8d7015f08
- SHA1
  
  7c4238441b4678ce3e316654995503f827caecce
- SHA256
  
  fa714d3279efc5deea540bf9d96aebd6c0e813695e24de97f22f7953ba92eb8d
- SHA512
  
  f649e65a2953a88b4e0d0c3b89f5fb61eb17fea2aa6a35f3674ba18dbb4aed148e5a4be8df6a06226140f99c63b12cc91d83531754a33838b05c6d04afe229a2
- SSDEEP
  
  384:2i/Vo6d/s16JjVAJ9OSU5RCn3I3ktLioPpnRz+rV5pK/F23aKVed+NUSepyw98Wh:2KKS4LioPdRz+pnfxh94
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3
- Target
  
  Valorant-Spoofer-main/Fortnite2.bat
- Size
  
  27KB
- MD5
  
  043181491a15d57155b2244191e31e83
- SHA1
  
  589ec28298452bc4ef7faa6ad9c95af558f64d7b
- SHA256
  
  8da68723a28253986f7f3a65bc7ee73e64e5103579b07a82835712884e0bb0bd
- SHA512
  
  afa1069f491792125d34653aa4159c90c4ae236bd0874268e20a180468ae171fe1f183ad1cc053b3050f9d427eb74082564f3303ab6c5a11c9439bb156d21765
- SSDEEP
  
  384:lvqZQNa8/1mkT2lHwBQtC78ctj2GxJfm03kknAkDGmkBUz8BhaD1l6xBCyaqipHp:depy4hHucS0N7wbVlp
Score

1^/10
behavioral4
- Target
  
  Valorant-Spoofer-main/Fortnite3.bat
- Size
  
  89KB
- MD5
  
  8961137a983fa231912f4bc4223eb98a
- SHA1
  
  c8255dc314c1ba17be62ecee84eb563cd1f7ba6f
- SHA256
  
  478d367d6dbd25ea41066981b91dd3610fc8f5279fe9f1a921565dbfe95d85f2
- SHA512
  
  f1566d474c8092fece0f8262e6931a8da443c429778e4e8fe2b60a67b167c021565ab4b29b6c9c1fe4b8958767745bf222ee3e8e65a66acf3073583bdf06d7eb
- SSDEEP
  
  768:1h9N5NS/kzRepbUNHgXCyLX874zp0mH3cK:F/NHg1874zp0ocK
Score

8^/10

evasion persistence privilege_escalation spyware stealer
- Modifies Windows Firewall
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5
- Target
  
  Valorant-Spoofer-main/Fortnite4.exe
- Size
  
  559KB
- MD5
  
  4c37879689505f683c1e07b86b8aa7f2
- SHA1
  
  58484777d59af5378002ee6cd686525f26449098
- SHA256
  
  7bcbc81dbfbc85b4c7c40f44931788a814ded426317e6ea9456cc65c37341c92
- SHA512
  
  0b6615a38a67e922527edc694838afa2e96db58ab4f09c03fdf3e71a49bbab6e74addd54efbdd56a25c2bc8fc74e60d8a58409e2c471421438d3193df88acc74
- SSDEEP
  
  6144:5fqHpILYw0mlefjZJnu3GHYKDcOuhHovXIslLMJsd/4TelpDtrRA6Ts5v3FNR3:xq2L7UjX0G/xvwsrSeLlTst3t3
Score

10^/10

elysiumstealer stealer
- ElysiumStealer
  ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
  stealer elysiumstealer
- ElysiumStealer Support DLL
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral6
- Target
  
  Valorant-Spoofer-main/MapperSpoofy.exe
- Size
  
  4.9MB
- MD5
  
  8d68bf555643d03cc0a254199581d2a0
- SHA1
  
  045a40e16fb21596527020012bd5dc14408a85d3
- SHA256
  
  9b2aa35e6eef2f49691bbd69ddaf23d88005f3f6e3f4cffdf9bfc0dccefdce25
- SHA512
  
  8650e65635749b34ab5becff54eb4f054c7f9886063dd4c9906b89e99725a2f591ea73c83ad403587ef54accf554f48a7736fb602c11c60da52a725c99017ffe
- SSDEEP
  
  98304:Om+BR8fD4d0A2xXxy/lGobJwbLlqxhwvnUDo2KQu4v1zAzNlb:OpoDtXx6Jwb5COnU0Q/vGz
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7
- Target
  
  Valorant-Spoofer-main/Registry.bat
- Size
  
  162KB
- MD5
  
  627b45f0474246e8ce432011bb5892eb
- SHA1
  
  8ff5143bae168960c9cc6a86db22a4acb1aec0c1
- SHA256
  
  3663d1361f88c764543e3657deb0ca5c5b88e89182fe10ab625d4ea0844d5c90
- SHA512
  
  dce42aeca61619efd3cdad80b2f58f8610c8b467089ec0cb48d915bde735b9db7584508bb7f5eb20b4f80db63bd083304d6060ca4a25f5aa7c8ce0098091d47d
- SSDEEP
  
  768:R3Slbz5U3/D35lU14IYIXZBMjmgPBpszWQP54Iq5Knz5U3/D35lU14IYIXZBMjmB:ozhzp
Score

1^/10
behavioral8
- Target
  
  Valorant-Spoofer-main/Spoofy.sys
- Size
  
  6KB
- MD5
  
  a8a0baf6804f5b4e902319665e580a20
- SHA1
  
  34cd0be5714c68da630a5e766c8962af4a8dd48e
- SHA256
  
  ea455bc82de25f42e4e2daf24f341ff5eedffb1a1b62dccd36bb43004ac707ee
- SHA512
  
  8b25e3d18b18a16e1a9c05e57707a4fd09898edb77c7b55188e25c2f56de940d4279e109dd530a50205e0b2e345bbe70c904efb94d438bd59171e0e84989d413
- SSDEEP
  
  96:eA/w8VE6wC4NrkauyhWZ2JMQ4LI5aUZ1ZM2a3:v/f/skaCZAMTOA2a3
Score

1^/10
behavioral9
- Target
  
  Valorant-Spoofer-main/Volumeid.exe
- Size
  
  228KB
- MD5
  
  4d867033b27c8a603de4885b449c4923
- SHA1
  
  f1ace1a241bab6efb3c7059a68b6e9bbe258da83
- SHA256
  
  22a2484d7fa799e6e71e310141614884f3bc8dad8ac749b6f1c475b5398a72f3
- SHA512
  
  b5d6d4a58d8780a43e69964f80525905224fa020c0032e637cd25557097e331f63d156cceaaacfe1a692ca8cea8d8bd1b219468b6b8e4827c90febe1535a5702
- SSDEEP
  
  3072:OgfbRmDIHA98kK2WndTslNac+dA6YdqhsXCNZpp4GIoHZUFozD3zgJwDmr9u76v9:OSCgkKdcg9vCoaoMpcto
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral10
- Target
  
  Valorant-Spoofer-main/amide.sys
- Size
  
  18KB
- MD5
  
  785045f8b25cd2e937ddc6b09debe01a
- SHA1
  
  029c678674f482ababe8bbfdb93152392457109d
- SHA256
  
  37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
- SHA512
  
  40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9
- SSDEEP
  
  384:Cf8OVN6UDYm+b10HMHd6xhxuGZBBfSZsHLPK6jz/cf:CffV8KApCMMxDuIPKgwf
Score

1^/10
behavioral11
- Target
  
  Valorant-Spoofer-main/amifldrv64.sys
- Size
  
  18KB
- MD5
  
  785045f8b25cd2e937ddc6b09debe01a
- SHA1
  
  029c678674f482ababe8bbfdb93152392457109d
- SHA256
  
  37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
- SHA512
  
  40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9
- SSDEEP
  
  384:Cf8OVN6UDYm+b10HMHd6xhxuGZBBfSZsHLPK6jz/cf:CffV8KApCMMxDuIPKgwf
Score

1^/10
behavioral12
- Target
  
  Valorant-Spoofer-main/cleaner.bat
- Size
  
  66KB
- MD5
  
  4aca184cc1e5b9e8cb055ed2ea681bc5
- SHA1
  
  084860a5d88e11b99470629a8b1f5d2014386327
- SHA256
  
  91235345c54119fb6b4b36eb2cec8bb26103de3e8c5dfc0280e403b4a017d1f4
- SHA512
  
  e9e613173811457fb6417dc72288d7ec6b789c7f7445ce1d4b57e7c794a0537471f62802f48a14f87ebf918195d801e88aaa0a0aa6a45ce97ad41fbf06ac9477
- SSDEEP
  
  768:JSNLKYxq7zQz+TS4LKYx7az+J7qS4LioPdaz+e77JS4LioPAaz+iNf7P:FyvHeFxIabf7P
Score

1^/10
behavioral13
- Target
  
  Valorant-Spoofer-main/load.bat
- Size
  
  86B
- MD5
  
  02d9abb4e099c4e2fe1cd016376c3311
- SHA1
  
  0080adedf2274339ad90c4c54e91f8e0b8f84e65
- SHA256
  
  11b4f7da04037e2ed5e32ba78c2f4d81397e33704668f47b9f62fd591686a00d
- SHA512
  
  e9580ab6b6c930312a0a288903fa704bfbf3dc10fb0444b752a080ec685af39c09501a760751d1f7a0a6fdb948a01bd3579d6ebe11baf0af3bd929523f892d7c
Score

8^/10

persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral14