Overview

overview

10

Static

static

10

FortniteCr...et.dll

windows7-x64

1

FortniteCr...et.dll

windows10-2004-x64

1

FortniteCr...er.exe

windows7-x64

7

FortniteCr...er.exe

windows10-2004-x64

7

FortniteCr...on.dll

windows7-x64

1

FortniteCr...on.dll

windows10-2004-x64

1

FortniteCr...pf.dll

windows7-x64

1

FortniteCr...pf.dll

windows10-2004-x64

1

FortniteCr...nt.dll

windows7-x64

1

FortniteCr...nt.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FortniteCracker.zip

  • Size

    14.5MB

  • Sample

    240501-xyew1aeb7z

  • MD5

    2ef3a170a6ea1af02de2a4058a39e169

  • SHA1

    1ff2ae2aa8d61fe1c1396dc3ef1a30cf2b5ccbb2

  • SHA256

    6834e4f3defe1566f5c9fe9b25e8ae29144fcdf16115e14204e29d6ff4efe111

  • SHA512

    0ce07ce55ee70e2de8f200fb6ccfb1502b5c47afcc8dc2add2546c01b88e4e926030348b0571225c569773e1a76ea154f9cfa6908d5c6b1677bf4cab6fe01cf5

  • SSDEEP

    393216:fR2ZWVhMDn1Owyi7OCg0YrCjjWwVv2csMcX:wZ8hMT1Ow9yCg5rGWwVDsnX

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      FortniteCracker/Extreme.Net.dll

    • Size

      121KB

    • MD5

      f79f0e3a0361cac000e2d3553753cd68

    • SHA1

      4314bcef76fddc9379a8f3a266b37d685d0adb79

    • SHA256

      8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd

    • SHA512

      c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355

    • SSDEEP

      3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG

    Score
    1/10
    behavioral1behavioral2

    • Target

      FortniteCracker/FortniteCracker.exe

    • Size

      14.3MB

    • MD5

      41ca32a6b1ea0ebf1be53c85632d4af1

    • SHA1

      99bf3882e3ad022ba3cdc43ac033382d941c4eaa

    • SHA256

      f98fb5b78dde808aac86a43a6ce0889f10f8ea6e92657d9774d540ef50f7863c

    • SHA512

      e6e945351bb02c720b5c4e1087382023e09f742cae74879a17ed043cfd71fd41bab9b65069c3d39e21b94fc8a86a941e69c96ecd8242a62971d9b9f31b445a76

    • SSDEEP

      393216:QiIE7YoPQMidQuslSq99oWOv+9fg4TFprTACw:R7rPQ3dQuSDorvSY4TF1AD

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      FortniteCracker/Newtonsoft.Json.dll

    • Size

      685KB

    • MD5

      081d9558bbb7adce142da153b2d5577a

    • SHA1

      7d0ad03fbda1c24f883116b940717e596073ae96

    • SHA256

      b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

    • SHA512

      2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

    • SSDEEP

      12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5

    Score
    1/10
    behavioral5behavioral6

    • Target

      FortniteCracker/Ookii.Dialogs.Wpf.dll

    • Size

      103KB

    • MD5

      932ebb3f9e7113071c6a17818342b7cc

    • SHA1

      9ce2d08bc3840632092325abcc8d842eeb8189d4

    • SHA256

      285aa8225732ddbcf211b1158bd6cff8bf3acbeeab69617f4be85862b7105ab5

    • SHA512

      6b6086cff7b916c0c4536e3c7cba4ba17d6c4be2e4a88a5877be852e197f1f9c9c120d1295acf2b4277a9badd8cfd229ef3c1ab2049d0aeec22d3033be156141

    • SSDEEP

      1536:qgoPBGuyAy52V+gtTLq6ZUc68h8O0SB/XBboIawHUPV5bKLh8sm6b0gl:qgwBGu2IV+ghd68WOxXBbx+5of

    Score
    1/10
    behavioral7behavioral8

    • Target

      FortniteCracker/RandomUserAgent.dll

    • Size

      328KB

    • MD5

      839cd4ce1930eee45f55f6259468d649

    • SHA1

      7afbde253f6adbbc68ce3655b0d5a8b9f6ec1d3b

    • SHA256

      53331bff5e585c471fad6789313a2a8a687a586cc0a8d006b24085b91ed7fc9a

    • SHA512

      38faabf5b03512738b98b0243be9701a5668dcd5f2daba540e5bffb0547bb0fc08bc22f62f723c8aaa8ba724fc4820b4ff608e9c0d98c3aad3d5f9609c1d536f

    • SSDEEP

      3072:umSqPhuDg67YBnmyyiSa2Tu1BpKSE0BrudXz0dLPuY8/0VgvGSQBthFk6K9ZdneS:umSqPhuDS

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks