General

  • Target

    Free Fortnite [ Astro Services ].exe

  • Size

    14.2MB

  • Sample

    240629-dwkjxszdlb

  • MD5

    ab6de5593a6077c3f030ae78ae8ac9f8

  • SHA1

    62d33a231af411cd40870734d119f075dffae7d9

  • SHA256

    99f20383a6fc1f36cec5a3575208f17bd9a5b93b1f7966beb80e6c8790eece36

  • SHA512

    bc53dc4b5fd120b0a2487fb0899f32801a3476a94d20d0d135e6909d14cec0a1e344165c36cfef44daac28e67f1b31b86ed15d4f0e01073161d80dd4cd492c49

  • SSDEEP

    393216:U8P5zL+9qz80SJHQK1JK/1vqUW5zMSxIq:v+9q40SJH71mTSuq

Malware Config

Targets

    • Target

      Free Fortnite [ Astro Services ].exe

    • Size

      14.2MB

    • MD5

      ab6de5593a6077c3f030ae78ae8ac9f8

    • SHA1

      62d33a231af411cd40870734d119f075dffae7d9

    • SHA256

      99f20383a6fc1f36cec5a3575208f17bd9a5b93b1f7966beb80e6c8790eece36

    • SHA512

      bc53dc4b5fd120b0a2487fb0899f32801a3476a94d20d0d135e6909d14cec0a1e344165c36cfef44daac28e67f1b31b86ed15d4f0e01073161d80dd4cd492c49

    • SSDEEP

      393216:U8P5zL+9qz80SJHQK1JK/1vqUW5zMSxIq:v+9q40SJH71mTSuq

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks