General

  • Target

    valorant permanent hwid spoofer.rar

  • Size

    10.3MB

  • Sample

    241027-w112ks1fpn

  • MD5

    b16cf86b71c4224fa273dd1dce63df33

  • SHA1

    38c69e5bb5f1fc8d86468e258409e6d5575881a7

  • SHA256

    fc2e303e3b9a7074c6fc62d3044f0d9bd8e5af290d1f847f762427d5bbd72bbb

  • SHA512

    cef93c52a478d11a75a129d6507c27d6029c7904585966c93457e9a3b98a08b092474295c71dae5640553237c4d2ccc2c93084c487ccc0665afc0893c4eab3df

  • SSDEEP

    196608:wTnLdxMZiOCI57V6hdaZ48yLByiWTcM+vbSgBFAYfkMmVbwTUtvAtN:4LdmZvNeYbyLBIgVbSgBFedV0TMmN

Malware Config

Targets

    • Target

      valorant permanent hwid spoofer/val spoofer.exe

    • Size

      5.2MB

    • MD5

      3fbaacad6086a941d2985073f6031a9d

    • SHA1

      ecb5ede4ffd6c020816a70d207b8935ab2230a34

    • SHA256

      07e82e8f03358b5eaae89e4a6e6dc5a7915883230dbc090b163e09d646065d0e

    • SHA512

      28830605f5863ce68776962297fc1e57ad4c2797e546faec161bf15dd45484c14c7999f80f24877ddefe186ff3045c813af90111268b1a01449cd14b8179ae31

    • SSDEEP

      98304:sr2Hrh1MxTHRLoO5B9vgebQwLtNZxf9c5Nrn:GIr7CHV75HvgGtLtNZR9i

    • Creates new service(s)

    • Drops file in Drivers directory

    • Stops running service(s)

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      valorant permanent hwid spoofer/zwzmuadgrl2.exe

    • Size

      6.0MB

    • MD5

      ad0d975718a4894f1fc8c6c3b1a28811

    • SHA1

      afbed02702389618c2476250ed3385a246255f2d

    • SHA256

      22eb2704aae036c1f1f0fb8de46eed0ec1672680dca9a18f9f709b1f247a38d4

    • SHA512

      cd9fbbacf5582ac867063e998fd042e973bb02628628660bcc2b42cd0c118263781825be310cd46ad301c80414bdc520da1fb8d44f142f144b40bce64613e4ef

    • SSDEEP

      98304:NSMdUaKmv/19FJ/8k0Jv+/TBv8Ge0CO7TVLntZ35xXr93pP8LfyFNCaYe40Q+:jbUk0dyVvPe0CO1LntXxXrEA4

    Score
    5/10
    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      valorant permanent hwid spoofer/𝐔𝐧𝐤𝐧𝐨𝐰𝐧 𝐂𝐡𝐞𝐚𝐭𝐞𝐫𝐬.html

    • Size

      321B

    • MD5

      c1fd716e86cc8fa37eb40aa5b64f79ea

    • SHA1

      82d76001f78ccd163ce2d94f20414e376d175705

    • SHA256

      398b259ae96a0a384251709d6d32a6309cf38ecf2f4ef0c982fa380f90a5b8c6

    • SHA512

      a1a81868f14c0d245f310700d2f7c0fc43b3abe45e968ce82045a3af426891d15e9481a3dea6a9d1d5ee20dce7b97006fb35d99c3390cb7dc40e8c6f8632de80

    Score
    6/10
    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks