c9baed104ca0d486711a845a5b64ea58364a51ac2f06f8d2eb56ff3f543ef22b | Triage

Submit
Reports

Overview

overview

7

Static

static

3

FortniteHa...OR.exe

windows7-x64

7

FortniteHa...OR.exe

windows10-2004-x64

7

Sharing

General

Target

FortniteHackiNJECTOR.exe
Size

6.7MB
Sample

231013-244vjagc98
MD5

77a5f56a1a7fa037c0e37022fce38cc4
SHA1

ed971e8a929214302489cfbaa578bb8a26eceacf
SHA256

c9baed104ca0d486711a845a5b64ea58364a51ac2f06f8d2eb56ff3f543ef22b
SHA512

18e2afc17be833b293d49c3feccc0273e9082a0db447489a32509320304fda1dc906750bff2b3c3c1787a5e24e40aad5c499d043c42a819843b5ca7c130afa06
SSDEEP

3072:x2D8lTxrUT3UGgdutq6S6hUU+V8Ao7QNvo3jkgiutF/s228t6iNBIFTo:oDrT+ahPE0VN+R

Score

7^/10

collection spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

FortniteHackiNJECTOR.exe

Resource

win7-20230831-en

collection spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

FortniteHackiNJECTOR.exe

Resource

win10v2004-20230915-en

collection spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  FortniteHackiNJECTOR.exe
- Size
  
  6.7MB
- MD5
  
  77a5f56a1a7fa037c0e37022fce38cc4
- SHA1
  
  ed971e8a929214302489cfbaa578bb8a26eceacf
- SHA256
  
  c9baed104ca0d486711a845a5b64ea58364a51ac2f06f8d2eb56ff3f543ef22b
- SHA512
  
  18e2afc17be833b293d49c3feccc0273e9082a0db447489a32509320304fda1dc906750bff2b3c3c1787a5e24e40aad5c499d043c42a819843b5ca7c130afa06
- SSDEEP
  
  3072:x2D8lTxrUT3UGgdutq6S6hUU+V8Ao7QNvo3jkgiutF/s228t6iNBIFTo:oDrT+ahPE0VN+R
Score

7^/10

collection spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionspywarestealer

behavioral2

collectionspywarestealer

© 2018-2025

Terms | Privacy