General
-
Target
FreeFortniteVbucks.exe
-
Size
12.9MB
-
Sample
240726-n5yg9awdqm
-
MD5
f4dfe31dcd4e1ea36da485bb03856417
-
SHA1
9d9a50d5a1c4be2caf59f792dd8ac8184ff13b74
-
SHA256
be3eeda22c1620f47195d1e1002753b9a15ed3a044e8db38949fd236bcc08831
-
SHA512
993d1688a2b308fcd8075e439e12513823920d57cef92269189b255cf7229691038d441452715a0a1457611394021bfc407577905f381192b01a44ea6c4ac963
-
SSDEEP
393216:NKiCa/gqmVWNIoc3IrDE0EyoZedrQDgF:N7Ca/gNkTRE0vo0JD
Static task
static1
Behavioral task
behavioral1
Sample
FreeFortniteVbucks.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
FreeFortniteVbucks.exe
-
Size
12.9MB
-
MD5
f4dfe31dcd4e1ea36da485bb03856417
-
SHA1
9d9a50d5a1c4be2caf59f792dd8ac8184ff13b74
-
SHA256
be3eeda22c1620f47195d1e1002753b9a15ed3a044e8db38949fd236bcc08831
-
SHA512
993d1688a2b308fcd8075e439e12513823920d57cef92269189b255cf7229691038d441452715a0a1457611394021bfc407577905f381192b01a44ea6c4ac963
-
SSDEEP
393216:NKiCa/gqmVWNIoc3IrDE0EyoZedrQDgF:N7Ca/gNkTRE0vo0JD
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1