Overview
overview
7Static
static
3Github.exe
windows7-x64
7Github.exe
windows10-2004-x64
1Mono.Cecil.Mdb.dll
windows7-x64
1Mono.Cecil.Mdb.dll
windows10-2004-x64
1Mono.Cecil.dll
windows7-x64
1Mono.Cecil.dll
windows10-2004-x64
1Open.Nat.dll
windows7-x64
1Open.Nat.dll
windows10-2004-x64
1lib.dll
windows7-x64
1lib.dll
windows10-2004-x64
1protobuf-net.Core.dll
windows7-x64
1protobuf-net.Core.dll
windows10-2004-x64
1protobuf-net.dll
windows7-x64
1protobuf-net.dll
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
Github.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Github.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
Mono.Cecil.Mdb.dll
Resource
win7-20230712-en
Behavioral task
behavioral4
Sample
Mono.Cecil.Mdb.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
Mono.Cecil.dll
Resource
win7-20230712-en
Behavioral task
behavioral6
Sample
Mono.Cecil.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
Open.Nat.dll
Resource
win7-20230712-en
Behavioral task
behavioral8
Sample
Open.Nat.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral9
Sample
lib.dll
Resource
win7-20230712-en
Behavioral task
behavioral10
Sample
lib.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral11
Sample
protobuf-net.Core.dll
Resource
win7-20230712-en
Behavioral task
behavioral12
Sample
protobuf-net.Core.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral13
Sample
protobuf-net.dll
Resource
win7-20230712-en
Behavioral task
behavioral14
Sample
protobuf-net.dll
Resource
win10v2004-20230703-en
General
-
Target
Fortnite-Internal.zip
-
Size
2.5MB
-
MD5
ac5d58e77c83e0affe15256eba6d8950
-
SHA1
7265ad0a706307b2d55973beb5d1287f8efd521c
-
SHA256
286d26788f3e1f65074dd794b68d691f79abd7680c0e56bde13c64e8715d1de9
-
SHA512
d4cebae7170c97169f1c4a855e0961bc502f61b6359be2d8152a4506b9f4442bcd5981a73c5fac42a9667d588cc3a01516ed43c39392a15e8d95939fa24e08df
-
SSDEEP
49152:k0dwGCgSPRlPHZcVJEKcXPHD7FHGyxh/M92uP58mH+F3g1izPjHaMW84I:kFnguf+LEpPFHG2/M9l8gsv6L85
Malware Config
Signatures
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource unpack001/Github.exe unpack001/Mono.Cecil.Mdb.dll unpack001/Mono.Cecil.dll unpack001/Open.Nat.dll unpack001/lib.dll unpack001/protobuf-net.Core.dll unpack001/protobuf-net.dll
Files
-
Fortnite-Internal.zip.zip
Password: 123
-
Github.exe.exe windows x64
Password: 123
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 663KB - Virtual size: 663KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Mono.Cecil.Mdb.dll.dll windows x86
Password: 123
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mono.Cecil.dll.dll windows x86
Password: 123
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 348KB - Virtual size: 347KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Open.Nat.dll.dll windows x86
Password: 123
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
lib.dll.dll windows x86
Password: 123
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 4.5MB - Virtual size: 4.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 720B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
protobuf-net.Core.dll.dll windows x86
Password: 123
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 278KB - Virtual size: 277KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
protobuf-net.dll.dll windows x86
Password: 123
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 247KB - Virtual size: 246KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ