Overview

overview

10

Static

static

Fortnite H...PC.dll

windows7-x64

1

Fortnite H...PC.dll

windows10-2004-x64

1

Fortnite H...ip.dll

windows7-x64

1

Fortnite H...ip.dll

windows10-2004-x64

1

Fortnite H...ft.dll

windows7-x64

1

Fortnite H...ft.dll

windows10-2004-x64

1

Fortnite H...er.exe

windows7-x64

3

Fortnite H...er.exe

windows10-2004-x64

3

Fortnite H...te.exe

windows7-x64

10

Fortnite H...te.exe

windows10-2004-x64

8

Fortnite H...er.dll

windows7-x64

1

Fortnite H...er.dll

windows10-2004-x64

1

Fortnite H...64.dll

windows7-x64

3

Fortnite H...64.dll

windows10-2004-x64

3

Fortnite H...PC.dll

windows7-x64

1

Fortnite H...PC.dll

windows10-2004-x64

1

Fortnite H...ip.dll

windows7-x64

1

Fortnite H...ip.dll

windows10-2004-x64

1

Fortnite H...or.exe

windows7-x64

3

Fortnite H...or.exe

windows10-2004-x64

3

Fortnite H...on.dll

windows7-x64

1

Fortnite H...on.dll

windows10-2004-x64

1

Fortnite H...rp.dll

windows7-x64

1

Fortnite H...rp.dll

windows10-2004-x64

1

Fortnite H...or.exe

windows7-x64

10

Fortnite H...or.exe

windows10-2004-x64

8

Fortnite H...ys.dll

windows7-x64

1

Fortnite H...ys.dll

windows10-2004-x64

1

Fortnite H...64.dll

windows7-x64

3

Fortnite H...64.dll

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fortnite Hack v1.17.zip

  • Size

    61.0MB

  • Sample

    220730-t321jsdcdn

  • MD5

    8fd6186e309d24bbc058e727d2b353f0

  • SHA1

    efd84e8c0ef2e0b52f01b77938cbc4345c1d6704

  • SHA256

    4c08a8f3c94eb025877f8cb8ae3018578183d5b5e829280fee70fb700f04e428

  • SHA512

    d8218a58af3b388c927b37d79b904cd55db11dae349ccb2865128c10a880c082f9da7999da410a5e650ffcb80040c0af809604e907d26c1c2a02d7a38f6d59f7

Score
10/10
redline@fast1qdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@fast1q

C2

101.99.93.104:80

Attributes
  • auth_value

    1508fee58f3b525a1013607ab0323781

Targets

    • Target

      Fortnite Hack v1.17/AutoUpdate v2/DiscordRPC.dll

    • Size

      80KB

    • MD5

      9ed0cc60faa1ca995f75dc8b4bf407c4

    • SHA1

      87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960

    • SHA256

      acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557

    • SHA512

      9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771

    Score
    1/10
    behavioral1behavioral2

    • Target

      Fortnite Hack v1.17/AutoUpdate v2/DotNetZip.dll

    • Size

      247KB

    • MD5

      319226c18dbc02d2ac4c0dd9dc116d53

    • SHA1

      4ef827ec4c51cf2845e3a50fc23700177a4930f8

    • SHA256

      eb9b84a3df6ae51759544ba04224a4f91454b8a81d54b37c846a4216bc72c15e

    • SHA512

      dcb2b6e9e1f820472e96cd3e649cc696948d02545c141c483234aab98706c0d19051fcafafc14a928b6b2937125c61db3c49cdc45181e809d73df73f7db3cfbc

    Score
    1/10
    behavioral3behavioral4

    • Target

      Fortnite Hack v1.17/AutoUpdate v2/Newtonsoft.dll

    • Size

      679KB

    • MD5

      916d32b899f1bc23b209648d007b99fd

    • SHA1

      e3673d05d46f29e68241d4536bddf18cdd0a913d

    • SHA256

      72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661

    • SHA512

      60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6

    Score
    1/10
    behavioral5behavioral6

    • Target

      Fortnite Hack v1.17/AutoUpdate v2/for updater.dll

    • Size

      1.3MB

    • MD5

      a31422ef39673af212a59246119a44c5

    • SHA1

      5b1f4747f07fac059a8c81edddf1589e99d2ac35

    • SHA256

      d8c8215f4975a29c43e4d016b2ecd5c8c072ed4da6571736ebabd38509ca33ba

    • SHA512

      6630631643c0cbae96e7ed2098eaf82e6645a974a89211051a2137254e24b1b4b51137b9b0388799870fd9733e3e0f7214b98ca2e64f76feb27b2ec5ac8718bb

    Score
    3/10
    behavioral7behavioral8

    • Target

      Fortnite Hack v1.17/AutoUpdate v2/update.exe

    • Size

      504KB

    • MD5

      b989834fe117f763a5b08223d839f4e9

    • SHA1

      06798c3a87b1ca1ca62f5571c36e44433eb92f5c

    • SHA256

      4e98f37fb1499cc9ccd6c84c9e920bbad3784fac3acd084a7113d788e87d5d69

    • SHA512

      73a38d45d6c872be00e02cf1360eaa151acfe569a9d31ba3075cb34e63b907b63a652c9d7979bbebbbc46c6177d9083b7775f2105871b37db98ceda1e1920129

    Score
    10/10
    redline@fast1qdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral9behavioral10

    • Target

      Fortnite Hack v1.17/AutoUpdate v2/updater.dll

    • Size

      186KB

    • MD5

      74f7189e0d8462b4766ceda305b5e6a8

    • SHA1

      27bc0b6410917ddd63b3a61230e61ee56b85886f

    • SHA256

      44d7ef808bdf27da453059afe5dd132f061e302bb34b1bff3c79b74249c52640

    • SHA512

      22f50aae579060474ef35103aab4d1010ba53790219631c15136306977422d9324e01a50ef160b6c9ae82311ecf1d8187c971fefdcb7c3639591682f36dcdae6

    Score
    1/10
    behavioral11behavioral12

    • Target

      Fortnite Hack v1.17/AutoUpdate v2/win64.dll

    • Size

      938KB

    • MD5

      3169b48a9a2086e53c4493c03579902c

    • SHA1

      5f3b2405818c29689875810164e7cd4da3f024c9

    • SHA256

      e63ede4ebd7e64493ead8e91f475238ff7dec17eb403798e4ba27d592a9757a8

    • SHA512

      a592ba68e008108f66c683f5d2edb29cf4ba15661151d54150089cd8ccf4d5ef265c62278a62a70a488db38a03ea4feacc9fa59173ee8220d864142ccf7dded0

    Score
    3/10
    behavioral13behavioral14

    • Target

      Fortnite Hack v1.17/DiscordRPC.dll

    • Size

      80KB

    • MD5

      9ed0cc60faa1ca995f75dc8b4bf407c4

    • SHA1

      87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960

    • SHA256

      acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557

    • SHA512

      9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771

    Score
    1/10
    behavioral15behavioral16

    • Target

      Fortnite Hack v1.17/DotNetZip.dll

    • Size

      247KB

    • MD5

      319226c18dbc02d2ac4c0dd9dc116d53

    • SHA1

      4ef827ec4c51cf2845e3a50fc23700177a4930f8

    • SHA256

      eb9b84a3df6ae51759544ba04224a4f91454b8a81d54b37c846a4216bc72c15e

    • SHA512

      dcb2b6e9e1f820472e96cd3e649cc696948d02545c141c483234aab98706c0d19051fcafafc14a928b6b2937125c61db3c49cdc45181e809d73df73f7db3cfbc

    Score
    1/10
    behavioral17behavioral18

    • Target

      Fortnite Hack v1.17/For injector.dll

    • Size

      1.3MB

    • MD5

      a31422ef39673af212a59246119a44c5

    • SHA1

      5b1f4747f07fac059a8c81edddf1589e99d2ac35

    • SHA256

      d8c8215f4975a29c43e4d016b2ecd5c8c072ed4da6571736ebabd38509ca33ba

    • SHA512

      6630631643c0cbae96e7ed2098eaf82e6645a974a89211051a2137254e24b1b4b51137b9b0388799870fd9733e3e0f7214b98ca2e64f76feb27b2ec5ac8718bb

    Score
    3/10
    behavioral19behavioral20

    • Target

      Fortnite Hack v1.17/Newtonsoft.Json.dll

    • Size

      679KB

    • MD5

      916d32b899f1bc23b209648d007b99fd

    • SHA1

      e3673d05d46f29e68241d4536bddf18cdd0a913d

    • SHA256

      72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661

    • SHA512

      60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6

    Score
    1/10
    behavioral21behavioral22

    • Target

      Fortnite Hack v1.17/RestSharp.dll

    • Size

      186KB

    • MD5

      74f7189e0d8462b4766ceda305b5e6a8

    • SHA1

      27bc0b6410917ddd63b3a61230e61ee56b85886f

    • SHA256

      44d7ef808bdf27da453059afe5dd132f061e302bb34b1bff3c79b74249c52640

    • SHA512

      22f50aae579060474ef35103aab4d1010ba53790219631c15136306977422d9324e01a50ef160b6c9ae82311ecf1d8187c971fefdcb7c3639591682f36dcdae6

    Score
    1/10
    behavioral23behavioral24

    • Target

      Fortnite Hack v1.17/injector.exe

    • Size

      504KB

    • MD5

      b989834fe117f763a5b08223d839f4e9

    • SHA1

      06798c3a87b1ca1ca62f5571c36e44433eb92f5c

    • SHA256

      4e98f37fb1499cc9ccd6c84c9e920bbad3784fac3acd084a7113d788e87d5d69

    • SHA512

      73a38d45d6c872be00e02cf1360eaa151acfe569a9d31ba3075cb34e63b907b63a652c9d7979bbebbbc46c6177d9083b7775f2105871b37db98ceda1e1920129

    Score
    10/10
    redline@fast1qdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral25behavioral26

    • Target

      Fortnite Hack v1.17/laways.dll

    • Size

      214.4MB

    • MD5

      14aa83d52cc699b597005f9cae059966

    • SHA1

      6442115f722c1e59e01f5d2251907b61ce8e1370

    • SHA256

      4d49708f9037cd2ea47222954884d50784126ad0a7f0fed1547a4a59aa58e896

    • SHA512

      7a801a73517340c8242ba2373dedafad45a486809c24b6b32662b378a1b88213cc8482a992c2ec0e86a24ac5152029824b72eef157024716d4ac2276260bd804

    Score
    1/10
    behavioral27behavioral28

    • Target

      Fortnite Hack v1.17/oo2core_8_win64.dll

    • Size

      938KB

    • MD5

      3169b48a9a2086e53c4493c03579902c

    • SHA1

      5f3b2405818c29689875810164e7cd4da3f024c9

    • SHA256

      e63ede4ebd7e64493ead8e91f475238ff7dec17eb403798e4ba27d592a9757a8

    • SHA512

      a592ba68e008108f66c683f5d2edb29cf4ba15661151d54150089cd8ccf4d5ef265c62278a62a70a488db38a03ea4feacc9fa59173ee8220d864142ccf7dded0

    Score
    5/10

    • Drops file in System32 directory

    behavioral29behavioral30

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

redline@fast1qdiscoveryinfostealerspywarestealer
Score
10/10

behavioral10

discoveryspywarestealer
Score
8/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

redline@fast1qdiscoveryinfostealerspywarestealer
Score
10/10

behavioral26

discoveryspywarestealer
Score
8/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
3/10

behavioral30

Score
5/10