General
-
Target
FortniteToolsV2.1.exe
-
Size
5.9MB
-
Sample
241029-rah1vsvlgw
-
MD5
1011d55d70469b03f36c0f3927264fd7
-
SHA1
908556acac681ca109eef9bb00e4a9324557beb3
-
SHA256
0b835bacf6da0192a5d71090969e7747a0c20b6810d2df840845d67d3d899771
-
SHA512
95cfa4b83578b97b38a2fe73337a5cc7ca39455603df482d78a94da1cc4088f59fc35ca81aaee9d7a47dbf9ec43c4aabbe2b2588b20ac054cd173f19188166bd
-
SSDEEP
98304:2zfrAEHhCoP3i65sn6Wfz7pnxCb3AtZC0VZHtKpbzL8SG2XATHNm9bk6nnp/dCiU:2brAEDZDOYbwtZVZibPpG2QrNsb5neiU
Malware Config
Targets
-
-
Target
FortniteToolsV2.1.exe
-
Size
5.9MB
-
MD5
1011d55d70469b03f36c0f3927264fd7
-
SHA1
908556acac681ca109eef9bb00e4a9324557beb3
-
SHA256
0b835bacf6da0192a5d71090969e7747a0c20b6810d2df840845d67d3d899771
-
SHA512
95cfa4b83578b97b38a2fe73337a5cc7ca39455603df482d78a94da1cc4088f59fc35ca81aaee9d7a47dbf9ec43c4aabbe2b2588b20ac054cd173f19188166bd
-
SSDEEP
98304:2zfrAEHhCoP3i65sn6Wfz7pnxCb3AtZC0VZHtKpbzL8SG2XATHNm9bk6nnp/dCiU:2brAEDZDOYbwtZVZibPpG2QrNsb5neiU
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3