General

  • Target

    FortniteChecker.v.2.0.0.rar

  • Size

    3.8MB

  • Sample

    220804-jswqnsdfeq

  • MD5

    094efc8dc9810ff3a32222c5f38a4c2f

  • SHA1

    ef93a672dfa035eb35a7b89ea22d20b62d1743b7

  • SHA256

    4ffa12830e946bd9a968f9e3d79e7dac613d22465e72cc4492aff6d86991f73f

  • SHA512

    9c1b05dded9f811d7e01076f294d05a8963897cf8f36d5b1313fb66d92e243aee270d512d685ffd7dbf522a30131438a8c47c4d4f37abc0e4f47a08d8fa60e39

Malware Config

Targets

    • Target

      FortniteChecker.v.2.0.0/ForniteChecker.v2.0.0.exe

    • Size

      1.8MB

    • MD5

      6f217b137ff59fd3b821a340c0a35a4e

    • SHA1

      1e8dc83be90e3b1c369e393032cbece7d65083b3

    • SHA256

      9e6ebe40697a1fa68ca9208dcbe4f8349f52d288b4ced8bd2b07eec6367e025d

    • SHA512

      bd5bde451038ba283cc8b0f459f0ef2a89ba0fcee3d6fc1cd246080a84932f1008e681cb608ee40ddc3fb35d37685c3dabf67f8a6686e8650adfba81e431e1dc

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    • ElysiumStealer Support DLL

    • ElysiumStealer payload

    • UAC bypass

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks