General
-
Target
FortniteSpoofPerm.exe
-
Size
13.1MB
-
Sample
240817-lxwbtasfnl
-
MD5
ad573405f9df03d594e432620925c7b5
-
SHA1
05d4d7beb2c809c3a03548204a12a5ea39ee1e95
-
SHA256
220b48bce46e46eb34f3c049b9d47c038fa40e9c7c9e18bc194c6c5d7f16d9f3
-
SHA512
f04349c16f8d8c9250faf00b5ff04444c47cc5cfef93e51e47c1de12026232c754b6f1d741dc661ab328603ddea6527342e16e75ffcab500da3195bd3b658496
-
SSDEEP
393216:niIE7Yo9+4u3wW+eGQRJ9jo7BGcGLY/dt1Wom6:87r9+R3wW+e5RJ9Mjpm6
Behavioral task
behavioral1
Sample
FortniteSpoofPerm.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
FortniteSpoofPerm.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
FortniteSpoofPerm.exe
-
Size
13.1MB
-
MD5
ad573405f9df03d594e432620925c7b5
-
SHA1
05d4d7beb2c809c3a03548204a12a5ea39ee1e95
-
SHA256
220b48bce46e46eb34f3c049b9d47c038fa40e9c7c9e18bc194c6c5d7f16d9f3
-
SHA512
f04349c16f8d8c9250faf00b5ff04444c47cc5cfef93e51e47c1de12026232c754b6f1d741dc661ab328603ddea6527342e16e75ffcab500da3195bd3b658496
-
SSDEEP
393216:niIE7Yo9+4u3wW+eGQRJ9jo7BGcGLY/dt1Wom6:87r9+R3wW+e5RJ9Mjpm6
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-