General
-
Target
BlitzWare_Fortnite_Menu.zip
-
Size
11.6MB
-
Sample
240206-qxtv7sgcc7
-
MD5
3aff50de39675f2d8e5f47ca1f467e00
-
SHA1
f2ceb18d59b1f71175c93f880db2e4748c1b6f09
-
SHA256
5a52085a5f8f591347e11bc4c9246887ebe5dcde0209edc7016e3d6000f1defa
-
SHA512
0d67de715e17c777b8d129f14ade87094cdc0872e9f022e7097b973d108c0ee4ab43a0aa26b5c363add53dc23e0f0e3bde6f4f907324c6180475b09dee3a5945
-
SSDEEP
196608:45Wbi6lFv7YDR1TDfoSeYaAZ9gL/zhgCkr3tXqeMi4AbfUWgFVZ5:4Ai6TUDR1Wvh2r3tXquvbfGFVZ5
Static task
static1
Behavioral task
behavioral1
Sample
BlitzWare_Fortnite_Menu/BlitzWare.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
BlitzWare_Fortnite_Menu/BlitzWare.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
growtopia
https://discord.com/api/webhooks/1199763266872803338/8vedcXoMcyExhe1xhBm5f8ncmafWmOB3pkulE0l8g9Pel0t3ziyr2V51cLTVEjYsE4Rj
Targets
-
-
Target
BlitzWare_Fortnite_Menu/BlitzWare.exe
-
Size
12.8MB
-
MD5
3b4a760c064fa2e6f5b05c9da03333c6
-
SHA1
8053af5d5858430a3b6f28ad3c8c5be47932dd5d
-
SHA256
bc2d16deb9222945b10f9511c777d7125042d31d748a0f42affc8a659f2dac79
-
SHA512
54399f1198a15e52d04d0d8a0f59ccfeec067ccf331393a1311bb81b6f034449c42ec02fe3811f827847b93916a2264408035c49946e598368bb9a9278cdba0a
-
SSDEEP
196608:Ob5hSxqJAcXCMEKngteZX07mvbSHL8D++wsmReLZijeBCMcwJADXbsdMN2LId+3B:Obmq7yMERtD2bysmMijstOX422cdK
-
Detect ZGRat V1
-
Creates new service(s)
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-