Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Fortnite_Hack_v3.2.rar
-
Size
6.7MB
-
Sample
230420-f87w4ahh2z
-
MD5
10a84dd13e051cc5c8a725346a059116
-
SHA1
968a8eb11cda8e8c32ad8cb981147d4ea7b19e3e
-
SHA256
c2797dd833c4aafa1ea8be296491d30088e246367ed18cfeb9fbc5b2a6ee323e
-
SHA512
5c66701cdd1b9d897207ba185e6b761bf09ceeeb9975265e1d379695c6ebcac8ad18133a62d82093494270fda6e3d02444fd8c00ecd5db6640760bdb806b5e3c
-
SSDEEP
196608:5I9NUu7xtnnF1h18TI0ZuYANl4gEOnrM9BR:5GNn9tnF1HmHLiFa
Static task
static1
Behavioral task
behavioral1
Sample
Fortnite_Hack_v3.2.rar
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Fortnite_Hack_v3.2.rar
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Setup.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Setup.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
vidar
3.5
395ff08de6af5e2dbf2e94b1ee2175c2
https://steamcommunity.com/profiles/76561199497218285
https://t.me/tg_duckworld
-
profile_id_v2
395ff08de6af5e2dbf2e94b1ee2175c2
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7
Targets
-
-
Target
Fortnite_Hack_v3.2.rar
-
Size
6.7MB
-
MD5
10a84dd13e051cc5c8a725346a059116
-
SHA1
968a8eb11cda8e8c32ad8cb981147d4ea7b19e3e
-
SHA256
c2797dd833c4aafa1ea8be296491d30088e246367ed18cfeb9fbc5b2a6ee323e
-
SHA512
5c66701cdd1b9d897207ba185e6b761bf09ceeeb9975265e1d379695c6ebcac8ad18133a62d82093494270fda6e3d02444fd8c00ecd5db6640760bdb806b5e3c
-
SSDEEP
196608:5I9NUu7xtnnF1h18TI0ZuYANl4gEOnrM9BR:5GNn9tnF1HmHLiFa
Score3/10 -
-
-
Target
Setup.exe
-
Size
1011.0MB
-
MD5
d35a4d0264151fe12392c2de7b862df5
-
SHA1
2db6d67aa751316ce81b539c29283e6fdf7ea127
-
SHA256
bff00b68ddba7142583a95fe90cb337ba59fef25fc0696847a19b60a4a782e6a
-
SHA512
eb5b22d44e90d70da0e6142b5a4725f1475a0db5c132aa783b11abc54fde6c7b51d31644be34de0fd27eb69598c592fbf9a289cb36e698c460bd7187f38069a9
-
SSDEEP
24576:cMOCW00r5wCxnzmkMDghx9qinBSl6QOM6LvFuPROlW5wwwwwwwwwwwwwwwwwwwwQ:bBW00GCZ6e5rdu8lWK
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-