General

  • Target

    fortnite-public.exe

  • Size

    6.0MB

  • Sample

    240628-slrb2svfkg

  • MD5

    4ca605b1d9fbac7b53fd45a9b648767d

  • SHA1

    8270a1c173dc39ea5f32e356fbc982e20218f4d8

  • SHA256

    79a933a6fe0c34ec3eac7ec261a1dbebbb09406e962099524fafaf8f54d786fd

  • SHA512

    b0223c9629db8a4e1b9e871423bf688e624df38191d508d79442fe12e7da2e65b2706da43d4c6b4dab1c0c19866c46105edd4aea78b4bcef75e1c8130fc0e805

  • SSDEEP

    98304:grK1EtdFBGnamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RnOuAKn5Hq:grKMFEKeN/FJMIDJf0gsAGK4ROuAKnpq

Malware Config

Targets

    • Target

      fortnite-public.exe

    • Size

      6.0MB

    • MD5

      4ca605b1d9fbac7b53fd45a9b648767d

    • SHA1

      8270a1c173dc39ea5f32e356fbc982e20218f4d8

    • SHA256

      79a933a6fe0c34ec3eac7ec261a1dbebbb09406e962099524fafaf8f54d786fd

    • SHA512

      b0223c9629db8a4e1b9e871423bf688e624df38191d508d79442fe12e7da2e65b2706da43d4c6b4dab1c0c19866c46105edd4aea78b4bcef75e1c8130fc0e805

    • SSDEEP

      98304:grK1EtdFBGnamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RnOuAKn5Hq:grKMFEKeN/FJMIDJf0gsAGK4ROuAKnpq

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      ʁ��IY�.pyc

    • Size

      857B

    • MD5

      c1b94fc1a8b1e1c0c876892e239eeac8

    • SHA1

      fc946e4d7b28423eee6c037b073075c0fe1bbf6d

    • SHA256

      3de217acc862ecaa7ddd23ca735e2cc58432c5d3a2796fd35e5144ce3b9c90a6

    • SHA512

      39056e91d339fcfa598442515f32227f926da4a3b32286d67efe977acc3e4d7628f7d5cc01c88881e2d534118df4ff2aa5330d5357a47704048b3c93b85a24b6

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks