Overview

overview

10

Static

static

Fortnite H...PC.dll

windows7-x64

1

Fortnite H...PC.dll

windows10-2004-x64

1

Fortnite H...ip.dll

windows7-x64

1

Fortnite H...ip.dll

windows10-2004-x64

1

Fortnite H...ft.dll

windows7-x64

1

Fortnite H...ft.dll

windows10-2004-x64

1

Fortnite H...er.exe

windows7-x64

3

Fortnite H...er.exe

windows10-2004-x64

3

Fortnite H...te.exe

windows7-x64

10

Fortnite H...te.exe

windows10-2004-x64

8

Fortnite H...er.dll

windows7-x64

1

Fortnite H...er.dll

windows10-2004-x64

1

Fortnite H...64.dll

windows7-x64

3

Fortnite H...64.dll

windows10-2004-x64

3

Fortnite H...PC.dll

windows7-x64

1

Fortnite H...PC.dll

windows10-2004-x64

1

Fortnite H...ip.dll

windows7-x64

1

Fortnite H...ip.dll

windows10-2004-x64

1

Fortnite H...or.exe

windows7-x64

3

Fortnite H...or.exe

windows10-2004-x64

3

Fortnite H...on.dll

windows7-x64

1

Fortnite H...on.dll

windows10-2004-x64

1

Fortnite H...rp.dll

windows7-x64

1

Fortnite H...rp.dll

windows10-2004-x64

1

Fortnite H...or.exe

windows7-x64

10

Fortnite H...or.exe

windows10-2004-x64

8

Fortnite H...ys.dll

windows7-x64

1

Fortnite H...ys.dll

windows10-2004-x64

1

Fortnite H...64.dll

windows7-x64

3

Fortnite H...64.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    56s
  • max time network
    66s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    30-07-2022 16:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fortnite Hack v1.17/injector.exe

  • Size

    504KB

  • MD5

    b989834fe117f763a5b08223d839f4e9

  • SHA1

    06798c3a87b1ca1ca62f5571c36e44433eb92f5c

  • SHA256

    4e98f37fb1499cc9ccd6c84c9e920bbad3784fac3acd084a7113d788e87d5d69

  • SHA512

    73a38d45d6c872be00e02cf1360eaa151acfe569a9d31ba3075cb34e63b907b63a652c9d7979bbebbbc46c6177d9083b7775f2105871b37db98ceda1e1920129

Score
10/10
redline@fast1qdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@fast1q

C2

101.99.93.104:80

Attributes
  • auth_value

    1508fee58f3b525a1013607ab0323781

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fortnite Hack v1.17\injector.exe
    "C:\Users\Admin\AppData\Local\Temp\Fortnite Hack v1.17\injector.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1148

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1148-54-0x0000000000310000-0x0000000000322000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1148-55-0x0000000000440000-0x0000000000460000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1148-56-0x00000000750B1000-0x00000000750B3000-memory.dmp

    Filesize

    8KB

    Download