596f9f22e3749d4b6b70848eea06ca8506c62480ecae1900408d696f0f8e4c72

Sharing

Copy URL

Twitter E-mail

General

Target

RiftBetaLauncher.zip
Size

55.3MB
Sample

230120-3mbm4aab37
MD5

0464c0afb83845def73af6f3967a696b
SHA1

b9209b0487bced9f60d42950b188dadb1e9c0c62
SHA256

596f9f22e3749d4b6b70848eea06ca8506c62480ecae1900408d696f0f8e4c72
SHA512

722996cd256e0c397b4edb1b0f4d94aa8d723396c68ce80498204900f9e91f4071bc94c14b8dfa8fe04069ec4c2b8e6e9d947297cee9883d29d474771cc0fb89
SSDEEP

1572864:quU1tAn5HqSeCnUya3j56PJH+Yv3J/bqQ0FK/NwlyCEYr:TUHAn5K1ia3N2pbFWKwyCEYr

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  FortniteLauncher.exe
- Size
  
  58.9MB
- MD5
  
  fb6b781b897c65227a1a2908493073a2
- SHA1
  
  955cb79e8acc3944b1b3b49ce9429dc96e261f0e
- SHA256
  
  b7dd1dfe4c77b7dda61d53945e4069a128b07a64916261ca04e776a7d2646c1d
- SHA512
  
  156158a05dc80df327414ab9e0fff50f573d3bdb9bf5a28b1e29825dedfaba0d53c262db026e91e2c4fbd23da95f88c17656d59e41174e3c0ea7f9a551e9ca95
- SSDEEP
  
  786432:AIXau2b1lTH8gtisALRwejAw/LSqacUOF8YhytBSN80xzbv5o/C6vSUdZA:VXvUtHfssgmepLSqaaSYhyKze/CUpdZA
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1
- Target
  
  SDL2.dll
- Size
  
  1.6MB
- MD5
  
  55013e5ee3616844a96ab69c5c46f37e
- SHA1
  
  e2256a15201631fd10d180c7019730d6c4e0ac70
- SHA256
  
  7037442c8b930be5fd17e95db9f0ba4a58737197c1c2cdceb2547898dd0f30c8
- SHA512
  
  8960473932e4dfc73250f2959b50fc46fc31723422a0898a81045a72af86368a590173ae10e97a629721fa769d8d7b709615207a82fec4f7a739528176c51b07
- SSDEEP
  
  24576:EfZegL7O9jF4qGVCn+ujjvqUmE088AEzW/WnWkWpW/WCWkWCueuQuBuBrASCrneO:EDO9jmzVCn93ZWAEd1UFF2HuQ4
Score

1^/10
behavioral2
- Target
  
  avcodec-58.dll
- Size
  
  12.9MB
- MD5
  
  23535578773f99dcadb9e97be04780ee
- SHA1
  
  2832989500853a2d86fe66be8266de6e0f4944b9
- SHA256
  
  20e60518a969a11ff2d2915ba24e3670510f1f39f4ca0d9cbb0ab8efd961b0eb
- SHA512
  
  7b38399da7149d2314fe72bedb2ae8a3dde099be571041c59d5bfafdd52ee853b4869ccbdadf40cf20e964b57d4adfb001640aea2c929ccc70357d20dd906b78
- SSDEEP
  
  98304:8urrR5+OOYpKbt7qxfGkWJchcXXj3jc+6IJ9dUYKKyGHhod1/HYBmhMYcOKFtimz:Vrr/K+zqjQ+vJ9/Ra8mhPcuPYpPY5+
Score

3^/10
behavioral3
- Target
  
  avfilter-7.dll
- Size
  
  3.0MB
- MD5
  
  fc336f15e520366f842c923ed1d954c0
- SHA1
  
  7390505103137a562ebe053520111bd8eb0b8c8d
- SHA256
  
  570fc9cebecf5b938fb04dec449437bba800f510618bd7f8994f3eb6043da71a
- SHA512
  
  fa37e6da4e0bc11a0c5104256781845247fd9902b76d133fd95f8a8c5c34d1242b50bbcd5b2066fb3984adfbc98c2fed1015923d09e49b975afcdef9ef402d14
- SSDEEP
  
  49152:HhIwvRq/934tjY2+3TnE0Kh1iTpzGtU+mLdsb/zSOeflYaSFAvZ:HhTZ0zDybfAvZ
Score

1^/10
behavioral4
- Target
  
  avformat-58.dll
- Size
  
  2.2MB
- MD5
  
  cd559db5e8daf5e4cdee5d63be22ee5d
- SHA1
  
  1980041f3872960474824795145e238238954741
- SHA256
  
  767974cc1c1e448836e7f958341bf5cdb83a9aeccc1a49434e1687e346024b93
- SHA512
  
  55cee01ad69676a887a3b39f6184ecf6573066b54e1a897e600f9dab90dddaa1b60c391b279f4fc6d3f455a1a87a175461bfc2cdff8017589267977da0f6eb09
- SSDEEP
  
  49152:EHWSc4YX0H7/SM7Fzg0ngV1xxvPdJVOiT+/n/pbR/3KLQ+8I06qNQJTSX+xdRdPE:vI5g0ngV1xxvPdJVOiT+/n/pbR/3KLQj
Score

3^/10
behavioral5
- Target
  
  avutil-56.dll
- Size
  
  776KB
- MD5
  
  f9029d35ec96a18cf13cf5acf24cedb1
- SHA1
  
  634ab23a86fd19b7e5e99267da7dfb55c6f0284b
- SHA256
  
  7a226ed5ad93badadc05941eb5d6fc659b0fcda902d2661b7bc9b616a8919c8b
- SHA512
  
  3227277a0f8e110545aae0d874baef9f8c3986661dbbcf0b6c00c6b97947b42e5d2e4f8b406f1007c35f453f2d3fe62cf760ced6ae9250508e32530d98c09350
- SSDEEP
  
  12288:dJVtHpLpBM07Z1Am051KXKuSaLrPToFBKGTMHKS+iDtfHgXZRtE+gix6:dPtJdBVe5NuSaLrPToFBKGTMqA5Hgg
Score

3^/10
behavioral6
- Target
  
  bass.dll
- Size
  
  251KB
- MD5
  
  bad0d33c7e0d150ddf9835cd8c373ea5
- SHA1
  
  7231815986ed07a0af10c371138a02a52f4f2b51
- SHA256
  
  4bbb323f48fa7ea549abd59ecfc30e71b574d20f52e295b7e3ebf19f07f53efe
- SHA512
  
  2777a2ae0dcbc6c5891be0cfb88b49ba9d4646d3fe58d749742c126aeafb19496b21d63fc0060d591424f22744d3bfb9c34af60371aa362b92b60506dd72da07
- SSDEEP
  
  6144:wrN4FdMfStD/FowSfOky7Fi/FjTpv/zK7jkbHC7DbDz:wrNOdM8/aik8FyFPpv/z847CXbn
Score

1^/10
behavioral7
- Target
  
  bass_fx.dll
- Size
  
  86KB
- MD5
  
  7c943f2e32514e87a61da8a8e060fc95
- SHA1
  
  b154c4a55897338f98361a241d5f6d65ea117d68
- SHA256
  
  a6e1847eef52d882b4137af514d834c2e220daceb417c821d1e502fb7a34c84a
- SHA512
  
  fe3a5d398464565e557a6bcfcee625de11437f0f74a377abaf6c6ed844509c235c6366b017fdd4d4ec75c4531c25b101cec6cfdae2e9bb98e9876ac1b022b4b8
- SSDEEP
  
  1536:wywddR7cJbfFBY+uokpVhIgIEQVSfS1sqJVUwgXJfO4FgQlquwCV:ahcJbFKokpVvIEqVTUwgXJngQlquwC
Score

1^/10
behavioral8
- Target
  
  bassmix.dll
- Size
  
  41KB
- MD5
  
  a763bb885bfdaa63b4df810e314d8b88
- SHA1
  
  ff91e4ea1b79d963b1abb1a0f0691ebac71daf0b
- SHA256
  
  edd68bf5d527c343e4db7f71deb5675da2c13dc4dc4b382a6495fa73ca6658f9
- SHA512
  
  927d3eade7fa5a0aab8304a8fcbf3c1fca86dbd4e3da1386b2e2dae5efe053168deab0b45dbb83a0b46155b6099b26a9e1dc5036359b1e51232c818019d8fef0
- SSDEEP
  
  768:j7ZLyyDwpNgEGkP2335pywE6NIoIBl/Vd57bPI1LGjU4jB5tfmy6yAT3xwigpYXe:ZLBSgLhpy3kaB5dcziDMxzm6A
Score

1^/10
behavioral9
- Target
  
  libveldrid-spirv.dll
- Size
  
  5.6MB
- MD5
  
  b2c8c28c5e3d7a73f978e322377e6b5d
- SHA1
  
  36ae7e8f7a3b6b635dc7fedd2811f58c5651374b
- SHA256
  
  ccde17890a36ea829c61dbc58ed1f5db13dd0539c4768a72be984bda0801b4d6
- SHA512
  
  df530833abc4d2f0d6fe04b5d533a59d6c5ad02b3c7f4073ab820aa64887dbaafe43e9fef807d3708a547348c7d8d75b4ece0a11c6329a66031af11bcec615f7
- SSDEEP
  
  49152:LBl58obg95sR38KJ0aRdK7/WiB/FOe5XdvZg+/AJDI5itO/IzlPZNfR8cL0OpJNT:LIi6Ae5XdhguijVNfR8OlXplI
Score

3^/10
behavioral10
- Target
  
  stbi.dll
- Size
  
  192KB
- MD5
  
  db79536676f4d3650bdac5566662f47f
- SHA1
  
  2fac6f85894ca954e68648baea18eb56408989e1
- SHA256
  
  a730d09001a57c32bd59a3f776199ae67376b4ca5732893633523cc5335b1668
- SHA512
  
  2f80ada94ded99c382f12592fb27e57f125aad29d519715d66fb34085cb50dad149a0c63f4108f0cfd18c44835094fc126560ef137e87464e3a89b9dd68648fa
- SSDEEP
  
  6144:Gm4ZQP2ygSpwDM2Ekzw6xEgrfRqkdoxoh:P2Jdx+g4kdoxo
Score

1^/10
behavioral11
- Target
  
  swscale-5.dll
- Size
  
  543KB
- MD5
  
  9866b1f57b4ce7f89972c6ce094987da
- SHA1
  
  b21d58c54dfe057115a9220ea84503507301de7d
- SHA256
  
  b84b04b246f71e094ad725a7799f34f91ce14e66baa0411e1b285b6a8d9f4b01
- SHA512
  
  90d8278fc6d7779cefe2a3ab2e1de80a3a70d15dd8a748c43d864d1dc96c3246b9efb8c221eea73d6a2c598277cb9276b97a7c1aa43b68f3d812136f11ee3dfd
- SSDEEP
  
  12288:1BiKK0mmiczyrgMYDMTeEhkoOwwApAU06aPpTZURezZEH:1sKK0mmwwAp10bpTZURezZE
Score

3^/10
behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Executes dropped EXE

Registers COM server for autorun

Sets file execution options in registry

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12