General

  • Target

    FortniteSpoofPerm.exe

  • Size

    13.1MB

  • Sample

    240817-lxwbtasfnl

  • MD5

    ad573405f9df03d594e432620925c7b5

  • SHA1

    05d4d7beb2c809c3a03548204a12a5ea39ee1e95

  • SHA256

    220b48bce46e46eb34f3c049b9d47c038fa40e9c7c9e18bc194c6c5d7f16d9f3

  • SHA512

    f04349c16f8d8c9250faf00b5ff04444c47cc5cfef93e51e47c1de12026232c754b6f1d741dc661ab328603ddea6527342e16e75ffcab500da3195bd3b658496

  • SSDEEP

    393216:niIE7Yo9+4u3wW+eGQRJ9jo7BGcGLY/dt1Wom6:87r9+R3wW+e5RJ9Mjpm6

Malware Config

Targets

    • Target

      FortniteSpoofPerm.exe

    • Size

      13.1MB

    • MD5

      ad573405f9df03d594e432620925c7b5

    • SHA1

      05d4d7beb2c809c3a03548204a12a5ea39ee1e95

    • SHA256

      220b48bce46e46eb34f3c049b9d47c038fa40e9c7c9e18bc194c6c5d7f16d9f3

    • SHA512

      f04349c16f8d8c9250faf00b5ff04444c47cc5cfef93e51e47c1de12026232c754b6f1d741dc661ab328603ddea6527342e16e75ffcab500da3195bd3b658496

    • SSDEEP

      393216:niIE7Yo9+4u3wW+eGQRJ9jo7BGcGLY/dt1Wom6:87r9+R3wW+e5RJ9Mjpm6

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks