Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
15-10-2024 20:21
General
-
Target
Fortnite Checker.exe
-
Size
883KB
-
MD5
5ff30ec323f9e6ec632ea3b2180a1cbc
-
SHA1
aba95d8f4f7f634170cbad0461a3e6e0a4574059
-
SHA256
d548ea85db4681de9393a4bd8369283db49f9f0525356d15f8ca06259e4fa930
-
SHA512
e990b1de0d4f6c2f830bca0ddea747ab733289f8fc45f2da1b9e20128b9eabb51c8f2ed62ca0346bdbb20ca73b4ab871e2a0298e1f4df9d559d4bbee41cce66c
-
SSDEEP
12288:GToPWBv/cpGrU3ywFm/byWr+5q+LViWdEVr9WoMwtubIwyqd7zw:GTbBv5rU4/b9SDmVr98w009qdHw
Malware Config
Signatures
-
VanillaRat
VanillaRat is an advanced remote administration tool coded in C#.
-
Vanilla Rat payload 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 8 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Fortnite Checker.exe"C:\Users\Admin\AppData\Local\Temp\Fortnite Checker.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Fortnite.exe"C:\Users\Admin\AppData\Roaming\Fortnite.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Roaming\FortniteChecker.exe"C:\Users\Admin\AppData\Roaming\FortniteChecker.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=FortniteChecker.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD59a6d2b917c058da27a48f9db31982dc3
SHA189f406e013531ce69ea5ff9fcfff7d404f6e6e3c
SHA256cc1c314f90ee6b3b3a174d716832e9b30b9f71c67aa0df7addf67e9cbb71f907
SHA51248a2c99d9cc2ada2e9134123a5e2a4bf98b6152036a1d33813523654e0a83c68ed2712339f4bfdf2553f700f4b385f820ebe8bcd23ed2b5acc959eca67741efd
-
Filesize
342B
MD55a3a0cb97c081ef08479b2d1107232ef
SHA1d823f65232aea8c0c4b2453be623b92752b6b669
SHA2569d0d74819a66307307b42e0f9ae096dd21cdf8ad9a9e764f7f4e519114261378
SHA51203148ef05844beee744959089453facf746ee1e79f5ba5d8c59742d1eb388496aba44d4bb093255eb9716962b21eccb17e5380e66ddf9c9c2d384d00c661f996
-
Filesize
342B
MD5c53797992d48439383f8fd1c3183d2e8
SHA1c273230d5c23c771fcfc6d450050d36a1c54d8a3
SHA25691d22e317b119e73b845d27181465ff0a81aae9b382ac960b12e5e90420143f2
SHA5125b8f1dd92e31cec9e23d4fc81548ce3ed31af2dfefae1b041d94050f3e340ca4a86bef8dd97e2541130d3cd236a12078ebbce80eb242b71d105ceaed5de71268
-
Filesize
342B
MD522a3c45edad0d38e7b3c1381a0df48a4
SHA1d035bb598c219ea262d774458c9acde5a2215582
SHA256952e764ca6ec1244461b89bc0e22955a6863f07cf5629942f3318c4bdba1b668
SHA512ddcb116426a4bee13a1e21b2d7cb067cdbe7f7e56d719f1972137062c75fa7d31e7794b877423a58741dc0e3bc7ff30405f37318e4e4b173a2db48ceb009132b
-
Filesize
342B
MD5bd89a588f125ae548e731d183ae99a0c
SHA1cb0cbc10627828d94d50e94cdfb79c2fef3701d6
SHA256788dedd93f343740da913e90fd5f45d9550e47621418ba3a9f6c6ab5f1bafb95
SHA5123f5769af5387b3549223afcb3e6a3fe7c89b0c8f4b3625ae3f3e952680feead3264456a694fdc97d5f43e41b286b5c7a636e1f4c02c0e88ad07c8a4bd9e27fc7
-
Filesize
342B
MD59c47c181d904435ab19b3e69e89940b0
SHA1ddce0e0ae0fa6694afa79bde5659d938e6df1d7f
SHA25604f728acb70088f8d77687ddab333ad6216e64113def2162bfafe1ea77325140
SHA51212fa92f04c4863a5beee041777260b65dcd86840fbbce85440f6717b0040993fb5e60bb80246d4f91c53a8a8525706765c4f413b36cabb5b688664efbc99bd8c
-
Filesize
342B
MD55d9aa0a317c37cb7a3798a04b279b762
SHA1ddcf4d2f49d177552068b7977e0982a86994a8fa
SHA2560f413e5d46e729c295a0fa4c226a5c32926670cdb1c599bc516db852950e251b
SHA5121fffd681bdbdc9bb4d7c9b2036d6d85041600a8ace5bd18c03cf1507ec2e4044ed6d3f74f932ded4225b152c1f16bee63d67f78209ecb2f0d86c2eb6feaadbb7
-
Filesize
342B
MD5fa4fb64925224725a71bfc695ead7be4
SHA1d8838ad43763580018f117a0f34801add86e7a04
SHA256587a0425e9163bb87b0bcd8f07bb8975224d092df34d704ed9e9f514a1903c32
SHA51230ac98b88f00a69ed69f4a2d6609f10f39695a974145be313446aaa6034f284ce42ebb2adf052cc443c8ab4c3066e5cc8d05ef108488d1ee0514755cf2a58c0f
-
Filesize
342B
MD558dab959dee30e9467132ce14fd9d224
SHA156f844be4f8512b5331bd08174cac2f05cd09ed3
SHA2566e794b48f15fa1b998cdf15dc204c46b2341955209e0b0a8b0a6fd22165aab19
SHA51210bee1b8e2cafe9fe9f3b71677dc8bbb834dfa72e09b5c06251fa58b53ebd355bdde4542f3a25730bfe60cefdb666a68247ef047f56d59de91aab3b658f23e85
-
Filesize
342B
MD545711a7ea582f42d49197fd50c9abdae
SHA1de9718d11baa03619f6dec48cb9656e1176866cc
SHA25626a36f92de325958c5c240e5b176b36d7ea11678a8729c958d478cfd1c4073e8
SHA5127420a9853adb8398290cfdbdbec4fb19480f2a500d4ff56252cc4b5ebbabec89c54478aa5e48057f67a6724ba7dd764388ff1316194719574f97ad55ad4c6b5c
-
Filesize
342B
MD58b6300a2f55e6cf0e8ded67226f105fc
SHA126cf8d0af87ce751d278a17731b1417a85696fe5
SHA256d02c4ca4fd13e27284d35a9dfa9ae29c8638f9c05cde43c47a30040a1ea1d531
SHA512e766513d9cd90e5008b30d739564bb093a4056a933569c95990ea26cf75d542e4f2bbd5f000235bee0701e74b9fae08cd08b4b6ee69ab196802645198e1d6bb9
-
Filesize
342B
MD5a7a4c44225eaa4cec0230e5f2475f29c
SHA181616dfd93314f90634b31d86444d97779f74d51
SHA256151bb3667618e1e815017ba82b286774a21cca8b44f75b70e4d76a94d7fa80a6
SHA51297eeb7154634cc985ffa5449b1798ca36f6c0abf4da53e11ee8cc8709de8896bdb6a37d2d608d8ec0c9a23e375d1058f9bf4197c0bfad0b4dbb6efd40b8f33b5
-
Filesize
342B
MD52205455ac0d5506b9a6d87a236cf1cec
SHA161b919bcc20fb89cc7372e1c7fd0bac976214259
SHA256b85cc685fb41ab424ed4c53d9ffa071adfb1fad30b5a98eef65e4c9f639b0413
SHA51259c6ce078ddefb75609c9a7aa67b511e708a92f37731e2ba6cccd41fa0da78e4f2780091a29f418e4624c8c178d85b24b26d878d074f5a2a4bb16a8e5e60d393
-
Filesize
342B
MD52bbf6eed0539a4947463ebdcb59af9bf
SHA1dbfaaae75510a3e2caa86fadba5d57f9f9cd7c1c
SHA256e584cbb047ad7af2963d70d646f1a87391354463263652284484877402882582
SHA5124e9d3bde0f37dc2b39fcfd8e9c0f5e6e8f6b300f84d7cb90b55e57945083c57f58f57d1ae329b7d84fe0367eb1dbecfe6be55944d3231507ae656206d6ec35f7
-
Filesize
342B
MD56093d8c5bafd005c09eca149fd223e00
SHA1eae39068acfed3dba1928862b5989862a2785bef
SHA25629e724b8797ae6e3a0f3c6da876c2709eb9efeab632683bf8a5e761f1164f1d8
SHA5120db903e24ba7ca002b7f7abd498e339a222269dff7fe2817caba7b36dc28d3e2e19c0f00a7c2735a4b38981c08ac2f4393cf1e0e2f5b4c89f7ce372c85da1efc
-
Filesize
342B
MD5f42cf977162b5f7227977466b88ef524
SHA183f712b1ab4500b132f5cca7f1ab4ec263d64e93
SHA256316b3013c0731ba3655bbec503f8685fcc5abf37881d7c4a7dee27d4917a48ef
SHA5123d2ea6313741ce5d5f31d3b6f32ea64f6430f86fdec8e2dc7db2b69b3c0a66a894e58d0c9e70a1076afe9ab669d65f02a871d344a773315c269b43bb3694f08a
-
Filesize
342B
MD5394211f6972bfd483cef9b7f4c79ea29
SHA10b63489d11ab3eb49701d4ecffa0cac946db681e
SHA256b25766e594649f32c2394b641fe2d36be0fa5447eacba7d43d546962cdf21dd8
SHA512279a8b39e88e39fb4dbdf48b39344ac74ca7036e3da28f1b49b3e5c67eba15711bb76d6a2897b1db8524763db447014471f0653b15f96f19f9e30d86872c67eb
-
Filesize
342B
MD59553480b87b8340e1d74673127bb4be6
SHA19da7640258d92f48f2ce939bf541561445ca2c44
SHA2567840ea30dcadaa8e68815abe4d1509b5ce2d931b5f149cfa5fa60f2848eade9b
SHA512f92a2fcd589d9d711b8c53526a316caae2d9d74c5b39574d0e089f05e27c367ce912666c74b2e0891a41b90f0827336c5605a8fd4d6c9f5e545302cf8a1df54b
-
Filesize
342B
MD554e0c490986ed18f4c81e9fd860f8677
SHA1d5a9d630f6052e3caf9a375dc36553130a4ca4d7
SHA25639eb6766c24e9cc556f1f4559b8f4726049496aaa89fa46918af6ebf08367970
SHA512605f3c0f09844a096695cee0aa1430d52f7a7d94bbfed85d284e635c542fde161b8d87451ea64b77b1ee9c1164d3c247729edf5704fe834710fecf8aa94b84dd
-
Filesize
342B
MD5f64ecd52f4267673ec5026944e2b844c
SHA198ec308f316312ead35e747fd0d8b27bf17d5d90
SHA2564c1ad7963d97758791447458bd6f3c749b022a334fc3707f89015a58a2131ff4
SHA51278754bd9bb6d9c4a003b54269187a0eaf9874de7d9337b5c780f650857dde3ed2b78f7477922b546d178966e5c40f96d088400c2455a0a37eee26c6a95b0ed05
-
Filesize
342B
MD54a2a232e0707be0e84405d801e3ae574
SHA10101eb7674919e898bc3ce2e662e5ae7f1c83dbd
SHA256ed18217295e68863632c7a327fcc709bbef5e6c99b0492f5f14c9dfee920075b
SHA512e799ed73e4be055768d3f48147fd3f896b8ea1876cd73d277d92d5a2b8eb425ebbcee1b6d9a0aa94263c4ac5c085893a31745beac52dd732f64d6c05c06c7d64
-
Filesize
342B
MD5b72fe316720797bf18139543451025bb
SHA19bd0fefdb1500714b73d42b778bc60685d65d2fb
SHA256ba26c50bce8f64dea9283e51b85a352581e979be294a4f3de831d0bd5eb06a36
SHA5123e7ae5b3454b1ee65c3e58812ecb3bf2263719fff243541e92cbbc57fd6958a0c880c28cd03eed0bf801ffc61f7159df8e8013ace10cb426d33b1f4a943a97b1
-
Filesize
342B
MD5383f2eedeb64aa77140006c4a0cb01e6
SHA1ab9b9f8778414f4637615de35f710e029290673a
SHA25694e0b18a67132b896c3dfb1495c8614c0a23a1c5f0541f69037e706b0828f0d3
SHA512ecc7f016266d6d166d6c3453774da90057d5368a7b13a6629d111f19dc3da47b310f6459d4922bee182ffc2ccab94d64c32439d38a48794f8e8e23159ee867bc
-
Filesize
342B
MD57551eb25ecc5f6ae38aaf802a45b8f63
SHA1b5117d92500c1e7d9827fd0370960f115a61e199
SHA256dcad8171e963281b4990f08cecf07cf137cc9ef53165e2925479f4c7a5af7b8a
SHA51205698f2bd392dbd667bbf7b69604a1d91cb2978a8cf28570ac325f927fe8eefe9d2b93d720a7f6b46e52849c39d774e049a685e639e63fc0be3735e9c28ceb8f
-
Filesize
342B
MD5bf7dd58764ef8e7e93449bf6a4cc3db4
SHA107dc04f4947c24cfac2cb32a60039f575f20f62b
SHA25619b5ff52634ad96b9dfb0cb03cf2fa740de3c5eb8f57d3eb7ec1274298d41fca
SHA512c6b58ad44b5154dd4919fbf84ee88e34f20c65168e343c1cccbc91024a445c885bbd10b068bf886d660fde9b18d7c92667b2803d4c4d3d2994f0ead98d339d2b
-
Filesize
342B
MD5981d2912fc74c5b3817d2ee14d4b2e8b
SHA193e984757c69f5feb6e4e3f1edc687d5d584c1db
SHA2561c3de498bb77a1da6146030376bc1b77b01de5c9486ca2cec4b5c258ec0e8547
SHA5123d24f0a764a0f2027b0d1924caa262f98543eb2a55f1fd8cd2dc57dd7e1261da7ac59aa201152e06425107c7487b6e1b1e7295698ea64af2b9c5c2dcd97e66b9
-
Filesize
342B
MD5b6357f08cd07135f6f0699bfda19692b
SHA1623c9bb7a26cb3f9027d9d5f1d28285c55eaf971
SHA256c0b0af7e6a36c15a8edf1a4817e30e4cbfba8516feff66dfa2bd7808796cea57
SHA512377665bb991fa029990d9226b4d4ecb9679460ffb1a612b043422ee6a627dd38164a1a8be73791b7086d51f9c596c3ea480f79c5d26d75f8666d600b5e46494e
-
Filesize
342B
MD527eda772fd65ce873b1e9463481785dc
SHA125db5367eec1843e306716855d1746a7824fd4cf
SHA256bbf334c86f01420b3c04acbfa7894260aef212f54792261a5a3679601ece3e2e
SHA512cca87b694af937a633845f9a7faf17953a37dbae14fd3e83078a2bfbef13cd772f9f6fbee8ff48897272855b11ffe877aad0ff56b7d8b3da687b77df644692fa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
184B
MD513ff21470b63470978e08e4933eb8e56
SHA13fa7077272c55e85141236d90d302975e3d14b2e
SHA25616286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a
SHA51256d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8
-
Filesize
114KB
MD54bd20275a3148a44bf040367a43f6fe2
SHA14faa5b6fca5f3b31b00995b4372f635b1ed3a019
SHA25698efc33ad38ab3a913716402cb445a25e5e578bdd379494c0188b30028430336
SHA512ba5477c92038704feea1988228b25c82107f1803a3a331ba4337ae48dcdd019b6fc9f3e7fc14ace08b6637ce85ae4ad029a6d1d60ee4daac6a82c0cc1466bc66
-
Filesize
83KB
MD5f5d8bedb9dcc17a0a356f2f3f621971e
SHA176ed7763602cc198be87b3eb51949f54ae9c0f9b
SHA256355ae598c711cf98fb78b485fe2bf351233e81d5b98ffd3c81b20470182e6ebe
SHA512ee5c55a562259481199def67fba592bfa1b524fc4eaa5c9b558f6fbb9609542b0f1a915768f79662a6b7fd2f8127c013aa2fb08a249f5bba89aafad03c9e99eb
-
Filesize
4KB
-
Filesize
136KB
-
Filesize
4KB