General
-
Target
https://www.mediafire.com/file/e4724wqly5msy28/BlitzWare_Fortnite_Menu.zip/file
-
Sample
240127-wlyynsbadq
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/e4724wqly5msy28/BlitzWare_Fortnite_Menu.zip/file
Resource
win10v2004-20231215-en
Malware Config
Extracted
growtopia
https://discord.com/api/webhooks/1199763266872803338/8vedcXoMcyExhe1xhBm5f8ncmafWmOB3pkulE0l8g9Pel0t3ziyr2V51cLTVEjYsE4Rj
Targets
-
-
Target
https://www.mediafire.com/file/e4724wqly5msy28/BlitzWare_Fortnite_Menu.zip/file
-
Detect ZGRat V1
-
Creates new service(s)
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1