Overview

overview

10

Static

static

3

FORTNITECHEAT.exe

windows7-x64

10

FORTNITECHEAT.exe

windows10-2004-x64

10

Installer2.exe

windows7-x64

10

Installer2.exe

windows10-2004-x64

10

Zeus.exe

windows7-x64

10

Zeus.exe

windows10-2004-x64

10

installer.exe

windows7-x64

10

installer.exe

windows10-2004-x64

10

lnjector.exe

windows7-x64

10

lnjector.exe

windows10-2004-x64

10

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-11-2024 08:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FORTNITECHEAT.exe

  • Size

    236KB

  • MD5

    205a1f643c7f26603dc645b515a8900d

  • SHA1

    0b7ffb1768dbfc50f1976c1088786d51fa6ec39f

  • SHA256

    2e68d477438ee0ed7b4d44635867a3fbee80d63436e5c780eb3d5ec554b0e713

  • SHA512

    d4a432d1959268ea9cbd345aa1da8f0c3e3de8c559df02fe4e5eb1d5b5ff94ecf1edb56cff4ad6e6e89253967f567b194d255b9000c7e58c4780878dccddee52

  • SSDEEP

    3072:YWsC/69uHTRv/pUXxtHchIb2SyEz6itegZP7iyi1pkOiK6JPytw:KC/69cV/pYxxck2OHFQpkOTQ

Score
10/10
redlinediscoveryinfostealer

Malware Config

Extracted

Family

redline

C2

82.115.223.46:57672

Attributes
  • auth_value

    65fba98f55adb38b082f2f52949a5552

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 3 IoCs
  • Redline family
    redline
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FORTNITECHEAT.exe
    "C:\Users\Admin\AppData\Local\Temp\FORTNITECHEAT.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1792
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1792-1-0x0000000000390000-0x0000000000490000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2608-7-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2608-2-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2608-3-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2608-9-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2608-10-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2608-11-0x000000007426E000-0x000000007426F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2608-12-0x000000007426E000-0x000000007426F000-memory.dmp

    Filesize

    4KB

    Download