General

  • Target

    FORNITE SKIN CHANGER.exe

  • Size

    5.9MB

  • Sample

    240624-3zsgdaygna

  • MD5

    2eb607121c07c140954f6074db788b42

  • SHA1

    99c109ff3067b6faa2d4558ae698a17add9698e9

  • SHA256

    28b0091019d8de0e8a99785b1af54adcf5ef38ddb559b58d14e81ab5bf979251

  • SHA512

    a6f0c1392aef1aacc1d0878ef48aa550cb0c8ed77977220a9fe83828cf5aeeda3fa4a30b5d032254e25887e86124180ec6fc0c354f4dcddb3b83daa7fd6ceda2

  • SSDEEP

    98304:8D+WCHT84i65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeF/9hZkr9Lc0:8yrAmDOYjJlpZstQoS9Hf12VKXkbZCzZ

Malware Config

Targets

    • Target

      FORNITE SKIN CHANGER.exe

    • Size

      5.9MB

    • MD5

      2eb607121c07c140954f6074db788b42

    • SHA1

      99c109ff3067b6faa2d4558ae698a17add9698e9

    • SHA256

      28b0091019d8de0e8a99785b1af54adcf5ef38ddb559b58d14e81ab5bf979251

    • SHA512

      a6f0c1392aef1aacc1d0878ef48aa550cb0c8ed77977220a9fe83828cf5aeeda3fa4a30b5d032254e25887e86124180ec6fc0c354f4dcddb3b83daa7fd6ceda2

    • SSDEEP

      98304:8D+WCHT84i65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeF/9hZkr9Lc0:8yrAmDOYjJlpZstQoS9Hf12VKXkbZCzZ

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks