umbral | Fortnite[.]exe | Triage

Sharing

General

Target

Fortnite.exe
Size

227KB
MD5

9b107d5d9f8df40eb30e3168ebe6f9dd
SHA1

6b61781552e8173e5bc446128b0683e3dde7ad68
SHA256

e6f71ac80e3dab87309de89a4840824b680ae897c19bda25a766b216595f30c5
SHA512

0a504481a0413a3de4d0e6e2a000a2371be46d6896c399b635f8e3ad7b5a777678a82502a2ec02ead689068c1a7ca9ceffddc7ce47607eff405dde9b7eaeb7fc
SSDEEP

6144:eloZM+rIkd8g+EtXHkv/iD45CcwZCl38e1mBi:IoZtL+EP8RNZ

Score

10^/10

umbral

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1303698745497747511/SnUKC9sR9ycNE1CskwuavqmgNSracYu2d2x4rnwrxYQ91OKqtgLWRDAMJ3OoDH3KnesY

Signatures

Detect Umbral payload 1 IoCs

Processes:

resource yara_rule

sample family_umbral
Umbral family
umbral
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Fortnite.exe

Files

Fortnite.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ