General
-
Target
delete_fortnie_cheat__spoofer_1.rar
-
Size
156KB
-
Sample
220204-3va2jafghm
-
MD5
102bd07e7adcf58e2298d103062e1092
-
SHA1
1d69e070f3fc4e6971642840f67dd6c575ef858f
-
SHA256
20afc142a26c094db25ede02fc13e99acc4a4431db32ecd2d3be05b9e3f852bc
-
SHA512
95d12cb0523aa466a268762f7787dfd4c13474b7d27d51a1f511add3be9b2823ca2476a75c5e95aff3719d4f88111286d18b18fc6168b575d69f32bbf669f769
Static task
static1
Behavioral task
behavioral1
Sample
delete fortnie cheat + spoofer/deletefortnitecheat.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
delete fortnie cheat + spoofer/deletefortnitecheat.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
delete fortnie cheat + spoofer/deletespoofer.exe
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
delete fortnie cheat + spoofer/deletespoofer.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
delete fortnie cheat + spoofer/deletefortnitecheat.exe
-
Size
271KB
-
MD5
9bbf2e88e6ba430797350cbaaaccc532
-
SHA1
0d32ac3a2cba07cdda18c18844bfd77babc586bc
-
SHA256
c82d2bb57555ea8f65b5a37841044b2d5f569ea16955358ed55b03ea0a0eed14
-
SHA512
f2b5ff57a8ce0bf5d23892a96492ef081db6db88553075cb05e5c6f3c08b5a7e17bb25e2536afae601de21f9ea493e0fd7f4fbf22e4b62fd7061aeb667ade25d
Score8/10-
Sets service image path in registry
-
-
-
Target
delete fortnie cheat + spoofer/deletespoofer.exe
-
Size
42KB
-
MD5
5b46c0aa6bafddf316af2a0771ecc731
-
SHA1
c26c7a978aa1c4bb75db3facce673f9ef5dcc1ba
-
SHA256
ac6079fc9056ab5062e71edde29e7d204ce27ab5dd19e51c2f66c0441c28e0d3
-
SHA512
beb27b70f9d3666847f4d1042da9b68d787a43ab858254f063c900871a74e837e3e4b28379122af06802bc50dabbee66b54fc7a3d041e0f19a822cc23c1a68ac
Score10/10-
Detected Mercurial Grabber
-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-