a4b84a7fd6a4d619990e77d1d4d356597fc1f48e866719628069bb3d7d71a1dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fortnitevanta.exe
Size

35.3MB
Sample

240711-qlqpeaxhmk
MD5

bc9fe785837a3e10a4980c02f867c02d
SHA1

9c5cb9d00c7905b4a52d1935410696ce0ab56175
SHA256

a4b84a7fd6a4d619990e77d1d4d356597fc1f48e866719628069bb3d7d71a1dd
SHA512

8659834a33e7f0586511c5f5b558a7a8e320e58a3f6f712f3e97a4e6411ed9cf009df8ed9397073cd7fbb1632354e437cb8adb058fe5a84ffb69989fbcab52c1
SSDEEP

393216:HIko+ArmqoQNVOlQgforYYqlWVLGGEkWQ1s3B3gGGbYsOnVeRvG+0CcLSCVEXvlY:HIdrIyRsZGOVet0CcLEXv1TrpryxlaI

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  fortnitevanta.exe
- Size
  
  35.3MB
- MD5
  
  bc9fe785837a3e10a4980c02f867c02d
- SHA1
  
  9c5cb9d00c7905b4a52d1935410696ce0ab56175
- SHA256
  
  a4b84a7fd6a4d619990e77d1d4d356597fc1f48e866719628069bb3d7d71a1dd
- SHA512
  
  8659834a33e7f0586511c5f5b558a7a8e320e58a3f6f712f3e97a4e6411ed9cf009df8ed9397073cd7fbb1632354e437cb8adb058fe5a84ffb69989fbcab52c1
- SSDEEP
  
  393216:HIko+ArmqoQNVOlQgforYYqlWVLGGEkWQ1s3B3gGGbYsOnVeRvG+0CcLSCVEXvlY:HIdrIyRsZGOVet0CcLEXv1TrpryxlaI
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1