General

  • Target

    Fortnite CFFHOOK by Spyro.exe

  • Size

    1.8MB

  • Sample

    220415-hn73gaddf6

  • MD5

    bc9b1b368097805254280adc0ebab47e

  • SHA1

    d74790b312152fbc6d74f004bef26227c2f1e6aa

  • SHA256

    3c301ea2f7c6113f5a27f95f694e84c2506aa18ff533ce1583263abace106266

  • SHA512

    42182971c99e02a081daaece870984bdd9bc3b902cbb4c99c393fc1240bfffa99a61964dc371c227e13705b1cb52be087fced0f157c8960d8e871f8f9f11dfaf

Malware Config

Extracted

Family

redline

Botnet

crpt

C2

65.108.20.114:3074

Attributes
  • auth_value

    85833779d67675e04a9bce1ac53a9870

Targets

    • Target

      Fortnite CFFHOOK by Spyro.exe

    • Size

      1.8MB

    • MD5

      bc9b1b368097805254280adc0ebab47e

    • SHA1

      d74790b312152fbc6d74f004bef26227c2f1e6aa

    • SHA256

      3c301ea2f7c6113f5a27f95f694e84c2506aa18ff533ce1583263abace106266

    • SHA512

      42182971c99e02a081daaece870984bdd9bc3b902cbb4c99c393fc1240bfffa99a61964dc371c227e13705b1cb52be087fced0f157c8960d8e871f8f9f11dfaf

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks