Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
15-10-2024 20:28
General
-
Target
FortniteChecker.exe
-
Size
883KB
-
MD5
5ff30ec323f9e6ec632ea3b2180a1cbc
-
SHA1
aba95d8f4f7f634170cbad0461a3e6e0a4574059
-
SHA256
d548ea85db4681de9393a4bd8369283db49f9f0525356d15f8ca06259e4fa930
-
SHA512
e990b1de0d4f6c2f830bca0ddea747ab733289f8fc45f2da1b9e20128b9eabb51c8f2ed62ca0346bdbb20ca73b4ab871e2a0298e1f4df9d559d4bbee41cce66c
-
SSDEEP
12288:GToPWBv/cpGrU3ywFm/byWr+5q+LViWdEVr9WoMwtubIwyqd7zw:GTbBv5rU4/b9SDmVr98w009qdHw
Malware Config
Signatures
-
VanillaRat
VanillaRat is an advanced remote administration tool coded in C#.
-
Vanilla Rat payload 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 8 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\FortniteChecker.exe"C:\Users\Admin\AppData\Local\Temp\FortniteChecker.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Fortnite.exe"C:\Users\Admin\AppData\Roaming\Fortnite.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Roaming\FortniteChecker.exe"C:\Users\Admin\AppData\Roaming\FortniteChecker.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=FortniteChecker.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5df551ed1b3096cfb2d147c10ba910860
SHA1749681d3b077fa23fcc692acca5709a1d22c0b3d
SHA256c1a7cd2e6b8007d7c34b1a54767eb936f69d1ecc3af0391983eb426b3d6d9ce1
SHA512ad70428ba14a21832e48b7fe1a398cd7cb8019ee64c274afe0602a51e23e0ae03ba16672d96295dbbbdc4a97476dfe1e7de6245628f4fcc2530d65d61158480d
-
Filesize
342B
MD52ed715413e74f7feee39a71090b3b058
SHA1e8795006227f2483e42d4f0acd2df669e9eea7ac
SHA25649cfdd000aaed88b865ad0930557d56ffa8d0381d01acf830d171406f338a606
SHA512f37ca00388e4ecb101610476e5dd86e603642f5f013c461e6ec77fb4ffd91e21a2910bebf964812154496a750e9a7b51f2028b637bdd0ba3f2b6f217e6cafddb
-
Filesize
342B
MD566e63ba56869656d4f34efbdaf1e4a6d
SHA1658c0554f03b0aae1dc36ca796069b2fce32384e
SHA256a12c347e33ba9ac8edb658f5cce1e9790b0b95ecdad835d984f817ebbeafac89
SHA512cc38a5953ca92fa285352bb415677293595ebfebc4bba10b715198fe6f7fdb26af0f79e76849a2a2641bd8888d656664b5c8a79f2813c4780526e927dc5ec152
-
Filesize
342B
MD560131cd3d87482ae87f2a2a8c6e3c952
SHA14c30d8b8ec59ecec0cac8c4884429d13b7a24f72
SHA256843ee7d9cc64c1483cb2478aeb9d758a27b16d340136fc2ed52b68d31430626d
SHA5121f6b2b947eeb743c739cbf12446eacfb0ad9416cdcb1f11c32a56809200608cf705e50bf550c88521a12e1cf77177b13408e5f2b56c363202ca3c0255d3b2521
-
Filesize
342B
MD50b7e7673abae9890ea888f0a3d912038
SHA18c1be1b871b481bb0ea2734042b093667ea0214b
SHA25683fcd5debac987b14b643d480530f89e7eff02e550472df2efc0e410be7166e3
SHA512af0d80a60bf3a9ba68589dfd18743b26d66156f012165623886e85bad720abc1e7c46c13f95ad64268a7a8a7c45dc29c0b1c43e6471198c01c8cbc555e4df905
-
Filesize
342B
MD56287ed7db669a040b8ca50daf733dea3
SHA103cd7bbd767e90f659e9020c89cd35a840bafbab
SHA256553d504f363940a67f9e35bc444b82febb27d16c9678cae69148026c2ff5a8f8
SHA5125f8450c5303e8d0253792bd25b6ac1d6b696553d22c4be610f0b0b7167d5d5ca8d69ddc742e0888a9427f04ee64b4fe371ba1bed77220209056df0b5bf3a5ca3
-
Filesize
342B
MD5acb04093ca2e9a0e2930060138b78a9a
SHA1c8eaba3eee457e950da1e96d9d3d97d624be2099
SHA2566475da7fdab1833a95c16f5bda2c96405c8f7d2d8ae917628e19249b3ad708c5
SHA51233bc7f5c3197791527f4c7dcfcf132847341fb787e8d6ec7df22bcf08075b88fbf79bf03de1cb17ab1420ae62a3b19a072a8b82bde50eb9a47fc0517e957e4aa
-
Filesize
342B
MD5b2a625da1b58e9446dae062ba6da891f
SHA10c15c4ebeb68debb1403a6fdfba6736b5ac51793
SHA2567af859de228adeb18dcd98f0e11e5dc94c7ab12f9bdbb91738f4d5a6bc3c0754
SHA512bdd63d8dbcae57fbca4ab10b1e85fbdf83e946a78e673e3e358701a50e4ab240f956a0f73d1ba02279f17374ee599951cbc461d30cc05fced6240d839037b2bb
-
Filesize
342B
MD588001f1bae9a5eb1cf55a65d85a3dcfb
SHA1cceb619cad66f3125556bffc936e7b51a4a91214
SHA256c87634d33f42bd31ab37d3988706f578bcf5183498b8e01defa0f4cbccfe580b
SHA5129bb1b06519eb2a9d6e799bd33cfed67794432f11dc540903bc0b3073072257426aaf7d46961db83a1280a97cfea0f5848b2c33c52d664bd5b37b1f483ff98b19
-
Filesize
342B
MD5b09fd62455ab9da751f868b1912586f1
SHA1b37f8fd325ca0815b6a186d455e8d32dd8942bad
SHA256c74855e13568eac8ee0b03abd637e01a79e46d01e08d2a43228e3318a162bb4e
SHA512e11f9aa24b3e83d3b9d3226a46420b2ca84b0c33a5e26081b11822d2fe7a8ff5046d3c26eefdfc4555b1756302809ac02a5bc2b57b0fe314327216bba7c1b639
-
Filesize
342B
MD525c9af4f6eb39a0a56c837c8e9d3ab44
SHA1a6360086804167bfb4d5db35cd2f6cc143e066b9
SHA25670c317ec2029215dd4802ee93d5ed44e72fd2a6d23f63bb2a9b37864ce585e44
SHA51252b593e7551bdf008072bf69be86ca81e1de96362005efb89be13ef999f671ec1fee4028d439201bd9980f0df97a31c9cf85b5fa70e45ce8dd43a91bc684e2a3
-
Filesize
342B
MD5883317c900498c94f9729fe5c29ce5c7
SHA1c2f32872d0c9adb8f3e897c27d2044e0ce0ecf2c
SHA256a331e9c6a0e3b80918679f6bf65d2c9920e1860f5fd1ae9d4238d549f59fb9e3
SHA5128d645d0f40a5f4955ec4c5baafe4c0492032f7897c12ceb375fe7effffa4883cd1f1e8761ca0050748a1cf28e6c9daa79def676dd61339998031ecd14e691d3a
-
Filesize
342B
MD5fabae50e5071ffb4df263431c6d4c9c5
SHA1f345c93b191d63dccc243c6bbc2b36fcc964e649
SHA256d77c26a7dd5b4fd8f7b2e53d9fae6bdb302c25b3bd3f1606ce9b78658c552d86
SHA5120dabc3b1b2c3cf05e5f2a70458d070a82072be78f492a2d856855393a4b9b13015729ff1aee1f380000723ed3097881d04f34a578241ede879b7cd7ad41aafbc
-
Filesize
342B
MD50bc7d93464efadecf2ab5f52b441d2e4
SHA112f83f42f19d6929a833bdc05c4eb2476b621bde
SHA256d2d2fb17135b3cb5f25006126ff410b8eb3e4accd690c8f9389d5910bdbd43a8
SHA5128c97928f1f54a1b8187aee615c07e453a2c4d18363d837d2e51dc50ae5aeadbe827cee7c2a32f74a9430a4b93a0df1a1ef60154a12b96de2b08b21ca7af7a9a9
-
Filesize
342B
MD555d59f76a9baffaba3d4c1faf23ad33f
SHA1c9582e9357a0c1e7e3849b3dd5630f60d70ebdc5
SHA256d70c9350e1b622b2b1365a0f1f1e4d2a363cd4594113b776d7837ff184ddc8c1
SHA512df2a6fb354ed4d8ecc3d3d760a894d2309f1c7966e7d79db53e8a88b7530f0885fe9c60fa790abec61a7222503fc33486189da43f7be9a11baabdf621f22e263
-
Filesize
342B
MD5933ab9bb87d2d45b9e4e00a5e4e60cbe
SHA12fb5c8c284c3813e701f319ec695ef5b3718ffdf
SHA256459386c30382e9e540acac7386bf35bb9417f030be8fc2fd525dc982eaa33263
SHA512de4ee045dc172bc99e1324677fb105eeda8fcd490c8d097abcb558e47da1cda17fe2165f435108b166150964de986ac514c8388b103902a05374fbb2ec096c99
-
Filesize
342B
MD5d3e55c8911174a4e84eef5362f909ebd
SHA165694a15f4f5f146c3ece799a222132a081f2f79
SHA2562ff4cc01d754d80d1afa6e4569dc919af9845f824f01bfdd8f79d5c23f915aca
SHA5123ceaac69150c9b7186e19530e13879e3423c934d334e1f24aeec45b86d05a3afd420994ec1a88b12efc7a629340d6b5257c2a13e3b545c071bc0d78e5f85e40b
-
Filesize
342B
MD5af76b0cf3014cc47b401c5762c7ed32a
SHA1a2b4bf3c3451ba149954d6faf037093717240093
SHA256ad92cdb67610ccccc7ff285003dd3f2ddd94e0222f2793b9e615aa8abf858eab
SHA512ec28504e4e291bf42abfa5e7b9b869f9c754ead982ba0ba9c07c8fc177a0656fd8c40ce21dd54430b5ceb51e3be54244afaaf7b53d28baf95635a7b494b9dcd9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
184B
MD513ff21470b63470978e08e4933eb8e56
SHA13fa7077272c55e85141236d90d302975e3d14b2e
SHA25616286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a
SHA51256d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8
-
Filesize
114KB
MD54bd20275a3148a44bf040367a43f6fe2
SHA14faa5b6fca5f3b31b00995b4372f635b1ed3a019
SHA25698efc33ad38ab3a913716402cb445a25e5e578bdd379494c0188b30028430336
SHA512ba5477c92038704feea1988228b25c82107f1803a3a331ba4337ae48dcdd019b6fc9f3e7fc14ace08b6637ce85ae4ad029a6d1d60ee4daac6a82c0cc1466bc66
-
Filesize
83KB
MD5f5d8bedb9dcc17a0a356f2f3f621971e
SHA176ed7763602cc198be87b3eb51949f54ae9c0f9b
SHA256355ae598c711cf98fb78b485fe2bf351233e81d5b98ffd3c81b20470182e6ebe
SHA512ee5c55a562259481199def67fba592bfa1b524fc4eaa5c9b558f6fbb9609542b0f1a915768f79662a6b7fd2f8127c013aa2fb08a249f5bba89aafad03c9e99eb
-
Filesize
4KB
-
Filesize
136KB
-
Filesize
4KB