General

  • Target

    Fortnite cheat.rar

  • Size

    3.5MB

  • Sample

    230730-z4vkrabe39

  • MD5

    1796f7e81884ebf0f58c6f0d13fd3192

  • SHA1

    83bd32e2dd9844f92907272cbd060930d0829137

  • SHA256

    ebbd1af2b2516d62db06b4f3d8361bd610c53081884da05044102c30ccd7d948

  • SHA512

    4f79cc2b8e6f0a4ebe8f9b2bfa7c49a7c03cf9578bc6baa5de0b59ce8589fbf5730ce34b79b1a9a3f9d9b3cd820362bbfc7d05b14d79dab33ce1965f72aac29c

  • SSDEEP

    49152:i/bGrFCF7aYQTTpOqMyRii7lFzzS6XHdkIiQcuWxfT21vJJT5qyRU+Lz4ynponlf:98F+F1lM9UlFzmCkIi/x721xdHho5

Malware Config

Extracted

Family

redline

Botnet

@X_Store_support

C2

94.142.138.4:80

Attributes
  • auth_value

    fd77b45902d41987d4650619467a4d55

Extracted

Family

laplas

C2

http://185.209.161.189

Attributes
  • api_key

    f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7

Targets

    • Target

      Fortnite cheat/Loader.exe

    • Size

      252KB

    • MD5

      26fc4234f48b5a042bc075a7dcdf760e

    • SHA1

      a866e3c4e083de5f7afd5867d41f2100113165f0

    • SHA256

      32cd1513e006dda8cf412ccf145e783c89727f3bdb5ac4e5cd0ce235082652e8

    • SHA512

      938479455b376252d790630c0ecf050c33f323815c54dde30978c3c2f249976400d339174e7bd07e25336b67b4d9a4a0a3a6dce9e562a8cde552a8c6cba10c12

    • SSDEEP

      3072:vcGDkOqcQVyec25qtpaZpeMn9SMoTQnfho6tNI9ByRdq9mxIrG7jxo:vcYao525qtwe1MoTQnfho6m2dq9tS7+

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks