Overview
overview
10Static
static
Fortnite H...PC.dll
windows7-x64
1Fortnite H...PC.dll
windows10-2004-x64
1Fortnite H...ip.dll
windows7-x64
1Fortnite H...ip.dll
windows10-2004-x64
1Fortnite H...ft.dll
windows7-x64
1Fortnite H...ft.dll
windows10-2004-x64
1Fortnite H...er.exe
windows7-x64
3Fortnite H...er.exe
windows10-2004-x64
3Fortnite H...te.exe
windows7-x64
10Fortnite H...te.exe
windows10-2004-x64
8Fortnite H...er.dll
windows7-x64
1Fortnite H...er.dll
windows10-2004-x64
1Fortnite H...64.dll
windows7-x64
3Fortnite H...64.dll
windows10-2004-x64
3Fortnite H...PC.dll
windows7-x64
1Fortnite H...PC.dll
windows10-2004-x64
1Fortnite H...ip.dll
windows7-x64
1Fortnite H...ip.dll
windows10-2004-x64
1Fortnite H...or.exe
windows7-x64
3Fortnite H...or.exe
windows10-2004-x64
3Fortnite H...on.dll
windows7-x64
1Fortnite H...on.dll
windows10-2004-x64
1Fortnite H...rp.dll
windows7-x64
1Fortnite H...rp.dll
windows10-2004-x64
1Fortnite H...or.exe
windows7-x64
10Fortnite H...or.exe
windows10-2004-x64
8Fortnite H...ys.dll
windows7-x64
1Fortnite H...ys.dll
windows10-2004-x64
1Fortnite H...64.dll
windows7-x64
3Fortnite H...64.dll
windows10-2004-x64
5General
-
Target
Fortnite Hack v1.17.zip
-
Size
61.0MB
-
Sample
220730-t321jsdcdn
-
MD5
8fd6186e309d24bbc058e727d2b353f0
-
SHA1
efd84e8c0ef2e0b52f01b77938cbc4345c1d6704
-
SHA256
4c08a8f3c94eb025877f8cb8ae3018578183d5b5e829280fee70fb700f04e428
-
SHA512
d8218a58af3b388c927b37d79b904cd55db11dae349ccb2865128c10a880c082f9da7999da410a5e650ffcb80040c0af809604e907d26c1c2a02d7a38f6d59f7
Static task
static1
Behavioral task
behavioral1
Sample
Fortnite Hack v1.17/AutoUpdate v2/DiscordRPC.dll
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Fortnite Hack v1.17/AutoUpdate v2/DiscordRPC.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral3
Sample
Fortnite Hack v1.17/AutoUpdate v2/DotNetZip.dll
Resource
win7-20220715-en
Behavioral task
behavioral4
Sample
Fortnite Hack v1.17/AutoUpdate v2/DotNetZip.dll
Resource
win10v2004-20220722-en
Behavioral task
behavioral5
Sample
Fortnite Hack v1.17/AutoUpdate v2/Newtonsoft.dll
Resource
win7-20220718-en
Behavioral task
behavioral6
Sample
Fortnite Hack v1.17/AutoUpdate v2/Newtonsoft.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral7
Sample
Fortnite Hack v1.17/AutoUpdate v2/for updater.exe
Resource
win7-20220715-en
Behavioral task
behavioral8
Sample
Fortnite Hack v1.17/AutoUpdate v2/for updater.exe
Resource
win10v2004-20220721-en
Behavioral task
behavioral9
Sample
Fortnite Hack v1.17/AutoUpdate v2/update.exe
Resource
win7-20220718-en
Behavioral task
behavioral10
Sample
Fortnite Hack v1.17/AutoUpdate v2/update.exe
Resource
win10v2004-20220722-en
Behavioral task
behavioral11
Sample
Fortnite Hack v1.17/AutoUpdate v2/updater.dll
Resource
win7-20220715-en
Behavioral task
behavioral12
Sample
Fortnite Hack v1.17/AutoUpdate v2/updater.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral13
Sample
Fortnite Hack v1.17/AutoUpdate v2/win64.dll
Resource
win7-20220718-en
Behavioral task
behavioral14
Sample
Fortnite Hack v1.17/AutoUpdate v2/win64.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral15
Sample
Fortnite Hack v1.17/DiscordRPC.dll
Resource
win7-20220718-en
Behavioral task
behavioral16
Sample
Fortnite Hack v1.17/DiscordRPC.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral17
Sample
Fortnite Hack v1.17/DotNetZip.dll
Resource
win7-20220715-en
Behavioral task
behavioral18
Sample
Fortnite Hack v1.17/DotNetZip.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral19
Sample
Fortnite Hack v1.17/For injector.exe
Resource
win7-20220718-en
Behavioral task
behavioral20
Sample
Fortnite Hack v1.17/For injector.exe
Resource
win10v2004-20220721-en
Behavioral task
behavioral21
Sample
Fortnite Hack v1.17/Newtonsoft.Json.dll
Resource
win7-20220715-en
Behavioral task
behavioral22
Sample
Fortnite Hack v1.17/Newtonsoft.Json.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral23
Sample
Fortnite Hack v1.17/RestSharp.dll
Resource
win7-20220718-en
Behavioral task
behavioral24
Sample
Fortnite Hack v1.17/RestSharp.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral25
Sample
Fortnite Hack v1.17/injector.exe
Resource
win7-20220718-en
Behavioral task
behavioral26
Sample
Fortnite Hack v1.17/injector.exe
Resource
win10v2004-20220721-en
Behavioral task
behavioral27
Sample
Fortnite Hack v1.17/laways.dll
Resource
win7-20220715-en
Behavioral task
behavioral28
Sample
Fortnite Hack v1.17/laways.dll
Resource
win10v2004-20220722-en
Behavioral task
behavioral29
Sample
Fortnite Hack v1.17/oo2core_8_win64.dll
Resource
win7-20220715-en
Behavioral task
behavioral30
Sample
Fortnite Hack v1.17/oo2core_8_win64.dll
Resource
win10v2004-20220721-en
Malware Config
Extracted
redline
@fast1q
101.99.93.104:80
-
auth_value
1508fee58f3b525a1013607ab0323781
Targets
-
-
Target
Fortnite Hack v1.17/AutoUpdate v2/DiscordRPC.dll
-
Size
80KB
-
MD5
9ed0cc60faa1ca995f75dc8b4bf407c4
-
SHA1
87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960
-
SHA256
acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557
-
SHA512
9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771
Score1/10 -
-
-
Target
Fortnite Hack v1.17/AutoUpdate v2/DotNetZip.dll
-
Size
247KB
-
MD5
319226c18dbc02d2ac4c0dd9dc116d53
-
SHA1
4ef827ec4c51cf2845e3a50fc23700177a4930f8
-
SHA256
eb9b84a3df6ae51759544ba04224a4f91454b8a81d54b37c846a4216bc72c15e
-
SHA512
dcb2b6e9e1f820472e96cd3e649cc696948d02545c141c483234aab98706c0d19051fcafafc14a928b6b2937125c61db3c49cdc45181e809d73df73f7db3cfbc
Score1/10 -
-
-
Target
Fortnite Hack v1.17/AutoUpdate v2/Newtonsoft.dll
-
Size
679KB
-
MD5
916d32b899f1bc23b209648d007b99fd
-
SHA1
e3673d05d46f29e68241d4536bddf18cdd0a913d
-
SHA256
72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
-
SHA512
60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
Score1/10 -
-
-
Target
Fortnite Hack v1.17/AutoUpdate v2/for updater.dll
-
Size
1.3MB
-
MD5
a31422ef39673af212a59246119a44c5
-
SHA1
5b1f4747f07fac059a8c81edddf1589e99d2ac35
-
SHA256
d8c8215f4975a29c43e4d016b2ecd5c8c072ed4da6571736ebabd38509ca33ba
-
SHA512
6630631643c0cbae96e7ed2098eaf82e6645a974a89211051a2137254e24b1b4b51137b9b0388799870fd9733e3e0f7214b98ca2e64f76feb27b2ec5ac8718bb
Score3/10 -
-
-
Target
Fortnite Hack v1.17/AutoUpdate v2/update.exe
-
Size
504KB
-
MD5
b989834fe117f763a5b08223d839f4e9
-
SHA1
06798c3a87b1ca1ca62f5571c36e44433eb92f5c
-
SHA256
4e98f37fb1499cc9ccd6c84c9e920bbad3784fac3acd084a7113d788e87d5d69
-
SHA512
73a38d45d6c872be00e02cf1360eaa151acfe569a9d31ba3075cb34e63b907b63a652c9d7979bbebbbc46c6177d9083b7775f2105871b37db98ceda1e1920129
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Fortnite Hack v1.17/AutoUpdate v2/updater.dll
-
Size
186KB
-
MD5
74f7189e0d8462b4766ceda305b5e6a8
-
SHA1
27bc0b6410917ddd63b3a61230e61ee56b85886f
-
SHA256
44d7ef808bdf27da453059afe5dd132f061e302bb34b1bff3c79b74249c52640
-
SHA512
22f50aae579060474ef35103aab4d1010ba53790219631c15136306977422d9324e01a50ef160b6c9ae82311ecf1d8187c971fefdcb7c3639591682f36dcdae6
Score1/10 -
-
-
Target
Fortnite Hack v1.17/AutoUpdate v2/win64.dll
-
Size
938KB
-
MD5
3169b48a9a2086e53c4493c03579902c
-
SHA1
5f3b2405818c29689875810164e7cd4da3f024c9
-
SHA256
e63ede4ebd7e64493ead8e91f475238ff7dec17eb403798e4ba27d592a9757a8
-
SHA512
a592ba68e008108f66c683f5d2edb29cf4ba15661151d54150089cd8ccf4d5ef265c62278a62a70a488db38a03ea4feacc9fa59173ee8220d864142ccf7dded0
Score3/10 -
-
-
Target
Fortnite Hack v1.17/DiscordRPC.dll
-
Size
80KB
-
MD5
9ed0cc60faa1ca995f75dc8b4bf407c4
-
SHA1
87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960
-
SHA256
acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557
-
SHA512
9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771
Score1/10 -
-
-
Target
Fortnite Hack v1.17/DotNetZip.dll
-
Size
247KB
-
MD5
319226c18dbc02d2ac4c0dd9dc116d53
-
SHA1
4ef827ec4c51cf2845e3a50fc23700177a4930f8
-
SHA256
eb9b84a3df6ae51759544ba04224a4f91454b8a81d54b37c846a4216bc72c15e
-
SHA512
dcb2b6e9e1f820472e96cd3e649cc696948d02545c141c483234aab98706c0d19051fcafafc14a928b6b2937125c61db3c49cdc45181e809d73df73f7db3cfbc
Score1/10 -
-
-
Target
Fortnite Hack v1.17/For injector.dll
-
Size
1.3MB
-
MD5
a31422ef39673af212a59246119a44c5
-
SHA1
5b1f4747f07fac059a8c81edddf1589e99d2ac35
-
SHA256
d8c8215f4975a29c43e4d016b2ecd5c8c072ed4da6571736ebabd38509ca33ba
-
SHA512
6630631643c0cbae96e7ed2098eaf82e6645a974a89211051a2137254e24b1b4b51137b9b0388799870fd9733e3e0f7214b98ca2e64f76feb27b2ec5ac8718bb
Score3/10 -
-
-
Target
Fortnite Hack v1.17/Newtonsoft.Json.dll
-
Size
679KB
-
MD5
916d32b899f1bc23b209648d007b99fd
-
SHA1
e3673d05d46f29e68241d4536bddf18cdd0a913d
-
SHA256
72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
-
SHA512
60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
Score1/10 -
-
-
Target
Fortnite Hack v1.17/RestSharp.dll
-
Size
186KB
-
MD5
74f7189e0d8462b4766ceda305b5e6a8
-
SHA1
27bc0b6410917ddd63b3a61230e61ee56b85886f
-
SHA256
44d7ef808bdf27da453059afe5dd132f061e302bb34b1bff3c79b74249c52640
-
SHA512
22f50aae579060474ef35103aab4d1010ba53790219631c15136306977422d9324e01a50ef160b6c9ae82311ecf1d8187c971fefdcb7c3639591682f36dcdae6
Score1/10 -
-
-
Target
Fortnite Hack v1.17/injector.exe
-
Size
504KB
-
MD5
b989834fe117f763a5b08223d839f4e9
-
SHA1
06798c3a87b1ca1ca62f5571c36e44433eb92f5c
-
SHA256
4e98f37fb1499cc9ccd6c84c9e920bbad3784fac3acd084a7113d788e87d5d69
-
SHA512
73a38d45d6c872be00e02cf1360eaa151acfe569a9d31ba3075cb34e63b907b63a652c9d7979bbebbbc46c6177d9083b7775f2105871b37db98ceda1e1920129
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Fortnite Hack v1.17/laways.dll
-
Size
214.4MB
-
MD5
14aa83d52cc699b597005f9cae059966
-
SHA1
6442115f722c1e59e01f5d2251907b61ce8e1370
-
SHA256
4d49708f9037cd2ea47222954884d50784126ad0a7f0fed1547a4a59aa58e896
-
SHA512
7a801a73517340c8242ba2373dedafad45a486809c24b6b32662b378a1b88213cc8482a992c2ec0e86a24ac5152029824b72eef157024716d4ac2276260bd804
Score1/10 -
-
-
Target
Fortnite Hack v1.17/oo2core_8_win64.dll
-
Size
938KB
-
MD5
3169b48a9a2086e53c4493c03579902c
-
SHA1
5f3b2405818c29689875810164e7cd4da3f024c9
-
SHA256
e63ede4ebd7e64493ead8e91f475238ff7dec17eb403798e4ba27d592a9757a8
-
SHA512
a592ba68e008108f66c683f5d2edb29cf4ba15661151d54150089cd8ccf4d5ef265c62278a62a70a488db38a03ea4feacc9fa59173ee8220d864142ccf7dded0
Score5/10-
Drops file in System32 directory
-