Overview

overview

10

Static

static

3

fortnite.exe

windows7-x64

1

fortnite.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fortnite.exe

  • Size

    1.3MB

  • Sample

    241103-r9m4vsxepl

  • MD5

    1c16bf40db9d99d8a4f882ee6f00af78

  • SHA1

    82c7fdf41cd5681210da9214faa247fd26bcd350

  • SHA256

    9bfc9ba2bb3b295e72a6898bfa7ed7a77421d06a0886b27dc6c79e40f90e7877

  • SHA512

    378779c8be8bfef6bc2fa60bc6db618a1edc7ccd1fa130b992350ed2c28d9c87f0790b589ad3e498792ca02183286261e1f941b64f1098c1aa8eb109b61ba38a

  • SSDEEP

    12288:8lOYMXO4mKrGuiQa47F6zKRbOQCLqn4UxCj2AqeMQm5ZQyRWkhuq3nbep3+bKDZb:8iXdm+oHLqn4uGKF5lpC+bKlAtc06x

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      fortnite.exe

    • Size

      1.3MB

    • MD5

      1c16bf40db9d99d8a4f882ee6f00af78

    • SHA1

      82c7fdf41cd5681210da9214faa247fd26bcd350

    • SHA256

      9bfc9ba2bb3b295e72a6898bfa7ed7a77421d06a0886b27dc6c79e40f90e7877

    • SHA512

      378779c8be8bfef6bc2fa60bc6db618a1edc7ccd1fa130b992350ed2c28d9c87f0790b589ad3e498792ca02183286261e1f941b64f1098c1aa8eb109b61ba38a

    • SSDEEP

      12288:8lOYMXO4mKrGuiQa47F6zKRbOQCLqn4UxCj2AqeMQm5ZQyRWkhuq3nbep3+bKDZb:8iXdm+oHLqn4uGKF5lpC+bKlAtc06x

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks