Overview
A new threat begins to circulate in networks a ransomware
titled valorant it uses riot’s anti cheat to rename and encrypt files.
They promise to bypass the anti-cheat but is a ransomware
General
MIME: application/x-dosexecFile info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5
8173C0A277C1206965FB72E23EA67C32
Static information
.exe
| UPX compressed Win32 Executable (39.3%)
.exe
| Win32 EXE Yoda’s Crypter (38.6%)
.dll
| Win32 Dynamic Link Library (generic) (9.5%)
.exe
| Win32 Executable (generic) (6.5%)
.exe
| Generic Win/DOS Executable (2.9%)
Behavior graph
Screenshots
Processes
Total processes
64
Monitored processes
18
Malicious processes
1
Suspicious processes
0
Registry activity
Total events
4923
Read events
1272
Write events
2463
Delete events
1188
Recommendations
Ensure anti-virus software and associated files are up to date.
Search for existing signs of the indicated IoCs in your environment.
Consider blocking and or setting up detection for all URL and IP based IoCs.
Keep applications and operating systems running at the current released patch level.
Exercise caution with attachments and links in emails.
Reference:https://otx.alienvault.com/pulse/5eb8620c3ef8da2a40f905c6
