6111e71236070d8635100af800f8677fb7d7c85d786190d156359e48a9b28496 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

fortnite e..._3.mp4

windows10-2004-x64

8

Resubmissions

20/11/2023, 15:12

231120-sk7yeagg56 8

20/11/2023, 15:10

231120-skea4ahf4w 6

Sharing

Copy URL Twitter E-mail

General

Target

fortnite edit nice_3.mp4
Size

9.5MB
Sample

231120-sk7yeagg56
MD5

b269315972e2932a2008ca787c90aee6
SHA1

9f8dcbaebdc3d1285b431182147628115dddcd3f
SHA256

6111e71236070d8635100af800f8677fb7d7c85d786190d156359e48a9b28496
SHA512

8792ffe61ed9292f9fdd67363ef2586767e0f8f3026e44108a0fbb4a9c738927c7863ba3afe9523d9a1c8bf0153bd26efd7dfaffe29832eb1b04e64231b79723
SSDEEP

196608:IgTEPAgukqJQIjS6UU9CJl2036/SjwDssqNwCsIMOjRpFVGPxZfD8Gk83:IgAPVuBJQIj51CB3aDssqerIBjRpFVGh

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

fortnite edit nice_3.mp4

Resource

win10v2004-20231020-en

discovery persistence

windows10-2004-x64

29 signatures

1800 seconds

Malware Config

Targets

- Target
  
  fortnite edit nice_3.mp4
- Size
  
  9.5MB
- MD5
  
  b269315972e2932a2008ca787c90aee6
- SHA1
  
  9f8dcbaebdc3d1285b431182147628115dddcd3f
- SHA256
  
  6111e71236070d8635100af800f8677fb7d7c85d786190d156359e48a9b28496
- SHA512
  
  8792ffe61ed9292f9fdd67363ef2586767e0f8f3026e44108a0fbb4a9c738927c7863ba3afe9523d9a1c8bf0153bd26efd7dfaffe29832eb1b04e64231b79723
- SSDEEP
  
  196608:IgTEPAgukqJQIjS6UU9CJl2036/SjwDssqNwCsIMOjRpFVGPxZfD8Gk83:IgAPVuBJQIj51CB3aDssqerIBjRpFVGh
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy