Overview

overview

4

Static

static

4

FortniteV1...ts.bat

windows7-x64

1

FortniteV1...ts.bat

windows10-2004-x64

1

FortniteV1...bot.py

windows7-x64

3

FortniteV1...bot.py

windows10-2004-x64

3

FortniteV1...nar.py

windows7-x64

3

FortniteV1...nar.py

windows10-2004-x64

3

FortniteV1...rt.bat

windows7-x64

1

FortniteV1...rt.bat

windows10-2004-x64

1

FortniteV1.../ui.py

windows7-x64

3

FortniteV1.../ui.py

windows10-2004-x64

3

FortniteV1...box.py

windows7-x64

3

FortniteV1...box.py

windows10-2004-x64

3

FortniteV1...ent.py

ubuntu-18.04-amd64

1

FortniteV1...ent.py

debian-9-armhf

1

FortniteV1...ent.py

debian-9-mips

1

FortniteV1...ent.py

debian-9-mipsel

1

FortniteV1...els.py

windows7-x64

3

FortniteV1...els.py

windows10-2004-x64

3

FortniteV1...ing.py

windows7-x64

3

FortniteV1...ing.py

windows10-2004-x64

3

FortniteV1...der.py

windows7-x64

3

FortniteV1...der.py

windows10-2004-x64

3

FortniteV1...ect.py

windows7-x64

3

FortniteV1...ect.py

windows10-2004-x64

3

FortniteV1...ort.py

windows7-x64

3

FortniteV1...ort.py

windows10-2004-x64

3

FortniteV1...onf.py

windows7-x64

3

FortniteV1...onf.py

windows10-2004-x64

3

FortniteV1...t__.py

windows7-x64

3

FortniteV1...t__.py

windows10-2004-x64

3

FortniteV1...10.pyc

windows7-x64

3

FortniteV1...10.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 01:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    FortniteV1.75/lunar-main/lib/aimbot.py

  • Size

    14KB

  • MD5

    5606e76ed549c348cf870d43ea47d326

  • SHA1

    a5e1db0adc93edfa93c1b00dc30da5393a413712

  • SHA256

    78321928772f55a149cace2a132143ce0c1cdea4158df1763cb056cc5f764de0

  • SHA512

    38a46157a5aca8bf2997afe688fe487fce84c59cb53f2de7b80aa5baab28a9ebeb230e1548ea07e22abd04d1d2b851f67d6d0262c12618cf16316fe06130778a

  • SSDEEP

    384:KAeFaHMjZcxIgsWsrQdDH38C5MqMbPazlZ2+gP:KAoFEdDHB64fgP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\FortniteV1.75\lunar-main\lib\aimbot.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FortniteV1.75\lunar-main\lib\aimbot.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\FortniteV1.75\lunar-main\lib\aimbot.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2776

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          2a9cc9c36abb28675ef781ef6117148e

          SHA1

          1b58d0a67864caf833deba4fe797030bf1a77ebd

          SHA256

          ea88570be2eaa34d790dd7df57f143c9b3c0ac152bbdeb27dd7e0748247698b5

          SHA512

          21803477c34150b513c4c20ab3b1760952d751f36fc21e4ff27c51e8934155103e32738e4ec247a8bcdb63d43bd8c45e2edee9fd7291613c33e6067cd7ed47d3

          Download Submit