General
-
Target
valorant permanent hwid spoofer.rar
-
Size
10.3MB
-
Sample
241027-w112ks1fpn
-
MD5
b16cf86b71c4224fa273dd1dce63df33
-
SHA1
38c69e5bb5f1fc8d86468e258409e6d5575881a7
-
SHA256
fc2e303e3b9a7074c6fc62d3044f0d9bd8e5af290d1f847f762427d5bbd72bbb
-
SHA512
cef93c52a478d11a75a129d6507c27d6029c7904585966c93457e9a3b98a08b092474295c71dae5640553237c4d2ccc2c93084c487ccc0665afc0893c4eab3df
-
SSDEEP
196608:wTnLdxMZiOCI57V6hdaZ48yLByiWTcM+vbSgBFAYfkMmVbwTUtvAtN:4LdmZvNeYbyLBIgVbSgBFedV0TMmN
Static task
static1
Behavioral task
behavioral1
Sample
valorant permanent hwid spoofer/val spoofer.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
valorant permanent hwid spoofer/val spoofer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
valorant permanent hwid spoofer/zwzmuadgrl2.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
valorant permanent hwid spoofer/zwzmuadgrl2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
valorant permanent hwid spoofer/𝐔𝐧𝐤𝐧𝐨𝐰𝐧 𝐂𝐡𝐞𝐚𝐭𝐞𝐫𝐬.html
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
valorant permanent hwid spoofer/𝐔𝐧𝐤𝐧𝐨𝐰𝐧 𝐂𝐡𝐞𝐚𝐭𝐞𝐫𝐬.html
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
valorant permanent hwid spoofer/val spoofer.exe
-
Size
5.2MB
-
MD5
3fbaacad6086a941d2985073f6031a9d
-
SHA1
ecb5ede4ffd6c020816a70d207b8935ab2230a34
-
SHA256
07e82e8f03358b5eaae89e4a6e6dc5a7915883230dbc090b163e09d646065d0e
-
SHA512
28830605f5863ce68776962297fc1e57ad4c2797e546faec161bf15dd45484c14c7999f80f24877ddefe186ff3045c813af90111268b1a01449cd14b8179ae31
-
SSDEEP
98304:sr2Hrh1MxTHRLoO5B9vgebQwLtNZxf9c5Nrn:GIr7CHV75HvgGtLtNZR9i
-
Creates new service(s)
-
Drops file in Drivers directory
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
valorant permanent hwid spoofer/zwzmuadgrl2.exe
-
Size
6.0MB
-
MD5
ad0d975718a4894f1fc8c6c3b1a28811
-
SHA1
afbed02702389618c2476250ed3385a246255f2d
-
SHA256
22eb2704aae036c1f1f0fb8de46eed0ec1672680dca9a18f9f709b1f247a38d4
-
SHA512
cd9fbbacf5582ac867063e998fd042e973bb02628628660bcc2b42cd0c118263781825be310cd46ad301c80414bdc520da1fb8d44f142f144b40bce64613e4ef
-
SSDEEP
98304:NSMdUaKmv/19FJ/8k0Jv+/TBv8Ge0CO7TVLntZ35xXr93pP8LfyFNCaYe40Q+:jbUk0dyVvPe0CO1LntXxXrEA4
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
valorant permanent hwid spoofer/𝐔𝐧𝐤𝐧𝐨𝐰𝐧 𝐂𝐡𝐞𝐚𝐭𝐞𝐫𝐬.html
-
Size
321B
-
MD5
c1fd716e86cc8fa37eb40aa5b64f79ea
-
SHA1
82d76001f78ccd163ce2d94f20414e376d175705
-
SHA256
398b259ae96a0a384251709d6d32a6309cf38ecf2f4ef0c982fa380f90a5b8c6
-
SHA512
a1a81868f14c0d245f310700d2f7c0fc43b3abe45e968ce82045a3af426891d15e9481a3dea6a9d1d5ee20dce7b97006fb35d99c3390cb7dc40e8c6f8632de80
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1