General
-
Target
Fortniteee.exe
-
Size
33.7MB
-
Sample
240808-3aeh8asbrr
-
MD5
4ea625d39ab2668718fdb3a74adeee90
-
SHA1
591be0d039c6a977fb8d9801fc1a3f7c4ca9c407
-
SHA256
1ce70f72df3aa34c90e8ae0ef047df9c567530abb77a1da1e63cf63b93b94df5
-
SHA512
74e3bd1734560ee5130590af58a06c2aaebe3b26d0c979900269d38a4f757bc62bd72df02bf0329eb8764cf00a06be11dc2aacb85ceaab2ba1ecf04a1a3c22c3
-
SSDEEP
786432:X9AOQNA7vDUdbxKvIACT6ESWqEj/C7/u3Eywxh:tAOQi7v4dIvIxlq25+b
Malware Config
Targets
-
-
Target
Fortniteee.exe
-
Size
33.7MB
-
MD5
4ea625d39ab2668718fdb3a74adeee90
-
SHA1
591be0d039c6a977fb8d9801fc1a3f7c4ca9c407
-
SHA256
1ce70f72df3aa34c90e8ae0ef047df9c567530abb77a1da1e63cf63b93b94df5
-
SHA512
74e3bd1734560ee5130590af58a06c2aaebe3b26d0c979900269d38a4f757bc62bd72df02bf0329eb8764cf00a06be11dc2aacb85ceaab2ba1ecf04a1a3c22c3
-
SSDEEP
786432:X9AOQNA7vDUdbxKvIACT6ESWqEj/C7/u3Eywxh:tAOQi7v4dIvIxlq25+b
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Hide Artifacts: Hidden Files and Directories
-