General
-
Target
Valorant-Spoofer-main.zip
-
Size
5.2MB
-
Sample
240712-tnvmxstanc
-
MD5
ec0dab7fed03907adca447869cfe8252
-
SHA1
546f3308503af8d92cd841210fe7fb71a17c661c
-
SHA256
87e343bc7a031476674f7c325bbdd6a702b135ba52cafd375a49eb228f84716e
-
SHA512
1ff97f6ce1172d5deb7b0c8d3fd88fd0196c34c9b28923dd0aca3820f357a8e3071b54e5b2310338938f4ea1893d076a236f76432a22444e22f20b0bf086caaa
-
SSDEEP
98304:HMpqmC+Ca/QRDGdaWsz9n0/VCcZhg5hl4xLmpTH5hY9ktSG1QRX:H43eagDn9nAhg5/kuTZhRDyX
Malware Config
Targets
-
-
Target
Valorant-Spoofer-main/AMIDEWINx64.exe
-
Size
452KB
-
MD5
c4d09d3b3516550ad2ded3b09e28c10c
-
SHA1
7a5e77bb9ba74cf57cb1d119325b0b7f64199824
-
SHA256
66433a06884f28fdabb85a73c682d1587767e1dfa116907559ec00ed8d0919d3
-
SHA512
2e7800aae592d38c4a6c854b11d0883de70f938b29d78e257ab47a8a2bbf09121145d0a9aea9b56c16e18cde31b693d31d7ebfcd0473b7c15df5d7ae6708bbd2
-
SSDEEP
6144:5VHFnEXbw2Y3h3NWqU/xdwpN8T4LUEDW9VXnHFudT7coWspLa:l8w2UNiX0gEOpnHFutV5
Score1/10 -
-
-
Target
Valorant-Spoofer-main/FN.bat
-
Size
30KB
-
MD5
8606f9785d32bf6a4700b1e544c8b170
-
SHA1
7f6c679831520aa248505ee9a19f8019dde21e3c
-
SHA256
1f008e7e3df9d5017d8cb893395fd08ef15bd45ea857f988c3aded86112d6f26
-
SHA512
b93f8efc55a393facb32d39fc9eb6d9811b80a358b36a9789a3cffe6526bc4ab957fe13144a98fda1140f4fdefdcabf87101382ff5cecfc3a9bf2bd673d44bcf
-
SSDEEP
384:29/Vo6d/s16JjVAJ9OSU5RCn3I3ktLioPpnRz+rV5pK/F23aKVed+NUSepyw98Wh:2DKS4LioPdRz+pnfxh94
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Valorant-Spoofer-main/Fortnite.bat
-
Size
30KB
-
MD5
8c6fb606eea8df99f458eaf8d7015f08
-
SHA1
7c4238441b4678ce3e316654995503f827caecce
-
SHA256
fa714d3279efc5deea540bf9d96aebd6c0e813695e24de97f22f7953ba92eb8d
-
SHA512
f649e65a2953a88b4e0d0c3b89f5fb61eb17fea2aa6a35f3674ba18dbb4aed148e5a4be8df6a06226140f99c63b12cc91d83531754a33838b05c6d04afe229a2
-
SSDEEP
384:2i/Vo6d/s16JjVAJ9OSU5RCn3I3ktLioPpnRz+rV5pK/F23aKVed+NUSepyw98Wh:2KKS4LioPdRz+pnfxh94
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Valorant-Spoofer-main/Fortnite2.bat
-
Size
27KB
-
MD5
043181491a15d57155b2244191e31e83
-
SHA1
589ec28298452bc4ef7faa6ad9c95af558f64d7b
-
SHA256
8da68723a28253986f7f3a65bc7ee73e64e5103579b07a82835712884e0bb0bd
-
SHA512
afa1069f491792125d34653aa4159c90c4ae236bd0874268e20a180468ae171fe1f183ad1cc053b3050f9d427eb74082564f3303ab6c5a11c9439bb156d21765
-
SSDEEP
384:lvqZQNa8/1mkT2lHwBQtC78ctj2GxJfm03kknAkDGmkBUz8BhaD1l6xBCyaqipHp:depy4hHucS0N7wbVlp
Score1/10 -
-
-
Target
Valorant-Spoofer-main/Fortnite3.bat
-
Size
89KB
-
MD5
8961137a983fa231912f4bc4223eb98a
-
SHA1
c8255dc314c1ba17be62ecee84eb563cd1f7ba6f
-
SHA256
478d367d6dbd25ea41066981b91dd3610fc8f5279fe9f1a921565dbfe95d85f2
-
SHA512
f1566d474c8092fece0f8262e6931a8da443c429778e4e8fe2b60a67b167c021565ab4b29b6c9c1fe4b8958767745bf222ee3e8e65a66acf3073583bdf06d7eb
-
SSDEEP
768:1h9N5NS/kzRepbUNHgXCyLX874zp0mH3cK:F/NHg1874zp0ocK
Score8/10-
Modifies Windows Firewall
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
-
-
Target
Valorant-Spoofer-main/Fortnite4.exe
-
Size
559KB
-
MD5
4c37879689505f683c1e07b86b8aa7f2
-
SHA1
58484777d59af5378002ee6cd686525f26449098
-
SHA256
7bcbc81dbfbc85b4c7c40f44931788a814ded426317e6ea9456cc65c37341c92
-
SHA512
0b6615a38a67e922527edc694838afa2e96db58ab4f09c03fdf3e71a49bbab6e74addd54efbdd56a25c2bc8fc74e60d8a58409e2c471421438d3193df88acc74
-
SSDEEP
6144:5fqHpILYw0mlefjZJnu3GHYKDcOuhHovXIslLMJsd/4TelpDtrRA6Ts5v3FNR3:xq2L7UjX0G/xvwsrSeLlTst3t3
Score10/10-
ElysiumStealer
ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
-
ElysiumStealer Support DLL
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
Valorant-Spoofer-main/MapperSpoofy.exe
-
Size
4.9MB
-
MD5
8d68bf555643d03cc0a254199581d2a0
-
SHA1
045a40e16fb21596527020012bd5dc14408a85d3
-
SHA256
9b2aa35e6eef2f49691bbd69ddaf23d88005f3f6e3f4cffdf9bfc0dccefdce25
-
SHA512
8650e65635749b34ab5becff54eb4f054c7f9886063dd4c9906b89e99725a2f591ea73c83ad403587ef54accf554f48a7736fb602c11c60da52a725c99017ffe
-
SSDEEP
98304:Om+BR8fD4d0A2xXxy/lGobJwbLlqxhwvnUDo2KQu4v1zAzNlb:OpoDtXx6Jwb5COnU0Q/vGz
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Valorant-Spoofer-main/Registry.bat
-
Size
162KB
-
MD5
627b45f0474246e8ce432011bb5892eb
-
SHA1
8ff5143bae168960c9cc6a86db22a4acb1aec0c1
-
SHA256
3663d1361f88c764543e3657deb0ca5c5b88e89182fe10ab625d4ea0844d5c90
-
SHA512
dce42aeca61619efd3cdad80b2f58f8610c8b467089ec0cb48d915bde735b9db7584508bb7f5eb20b4f80db63bd083304d6060ca4a25f5aa7c8ce0098091d47d
-
SSDEEP
768:R3Slbz5U3/D35lU14IYIXZBMjmgPBpszWQP54Iq5Knz5U3/D35lU14IYIXZBMjmB:ozhzp
Score1/10 -
-
-
Target
Valorant-Spoofer-main/Spoofy.sys
-
Size
6KB
-
MD5
a8a0baf6804f5b4e902319665e580a20
-
SHA1
34cd0be5714c68da630a5e766c8962af4a8dd48e
-
SHA256
ea455bc82de25f42e4e2daf24f341ff5eedffb1a1b62dccd36bb43004ac707ee
-
SHA512
8b25e3d18b18a16e1a9c05e57707a4fd09898edb77c7b55188e25c2f56de940d4279e109dd530a50205e0b2e345bbe70c904efb94d438bd59171e0e84989d413
-
SSDEEP
96:eA/w8VE6wC4NrkauyhWZ2JMQ4LI5aUZ1ZM2a3:v/f/skaCZAMTOA2a3
Score1/10 -
-
-
Target
Valorant-Spoofer-main/Volumeid.exe
-
Size
228KB
-
MD5
4d867033b27c8a603de4885b449c4923
-
SHA1
f1ace1a241bab6efb3c7059a68b6e9bbe258da83
-
SHA256
22a2484d7fa799e6e71e310141614884f3bc8dad8ac749b6f1c475b5398a72f3
-
SHA512
b5d6d4a58d8780a43e69964f80525905224fa020c0032e637cd25557097e331f63d156cceaaacfe1a692ca8cea8d8bd1b219468b6b8e4827c90febe1535a5702
-
SSDEEP
3072:OgfbRmDIHA98kK2WndTslNac+dA6YdqhsXCNZpp4GIoHZUFozD3zgJwDmr9u76v9:OSCgkKdcg9vCoaoMpcto
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Valorant-Spoofer-main/amide.sys
-
Size
18KB
-
MD5
785045f8b25cd2e937ddc6b09debe01a
-
SHA1
029c678674f482ababe8bbfdb93152392457109d
-
SHA256
37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
-
SHA512
40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9
-
SSDEEP
384:Cf8OVN6UDYm+b10HMHd6xhxuGZBBfSZsHLPK6jz/cf:CffV8KApCMMxDuIPKgwf
Score1/10 -
-
-
Target
Valorant-Spoofer-main/amifldrv64.sys
-
Size
18KB
-
MD5
785045f8b25cd2e937ddc6b09debe01a
-
SHA1
029c678674f482ababe8bbfdb93152392457109d
-
SHA256
37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
-
SHA512
40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9
-
SSDEEP
384:Cf8OVN6UDYm+b10HMHd6xhxuGZBBfSZsHLPK6jz/cf:CffV8KApCMMxDuIPKgwf
Score1/10 -
-
-
Target
Valorant-Spoofer-main/cleaner.bat
-
Size
66KB
-
MD5
4aca184cc1e5b9e8cb055ed2ea681bc5
-
SHA1
084860a5d88e11b99470629a8b1f5d2014386327
-
SHA256
91235345c54119fb6b4b36eb2cec8bb26103de3e8c5dfc0280e403b4a017d1f4
-
SHA512
e9e613173811457fb6417dc72288d7ec6b789c7f7445ce1d4b57e7c794a0537471f62802f48a14f87ebf918195d801e88aaa0a0aa6a45ce97ad41fbf06ac9477
-
SSDEEP
768:JSNLKYxq7zQz+TS4LKYx7az+J7qS4LioPdaz+e77JS4LioPAaz+iNf7P:FyvHeFxIabf7P
Score1/10 -
-
-
Target
Valorant-Spoofer-main/load.bat
-
Size
86B
-
MD5
02d9abb4e099c4e2fe1cd016376c3311
-
SHA1
0080adedf2274339ad90c4c54e91f8e0b8f84e65
-
SHA256
11b4f7da04037e2ed5e32ba78c2f4d81397e33704668f47b9f62fd591686a00d
-
SHA512
e9580ab6b6c930312a0a288903fa704bfbf3dc10fb0444b752a080ec685af39c09501a760751d1f7a0a6fdb948a01bd3579d6ebe11baf0af3bd929523f892d7c
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
10Impair Defenses
1Disable or Modify System Firewall
1Hide Artifacts
1Hidden Files and Directories
1Subvert Trust Controls
2SIP and Trust Provider Hijacking
1Install Root Certificate
1