General

  • Target

    Fortnite External.exe

  • Size

    76.7MB

  • Sample

    241109-a78jcatdqc

  • MD5

    87095889e4f3a7c5411f2d3b0e1a1b64

  • SHA1

    34cc41348f57d1b0039ccd838b5dbf53d05c6596

  • SHA256

    a3da0a4bb6dae3c2828cff2296f7f22576aac5923e43a6b0382828f5be6aed95

  • SHA512

    bba1a171419a64f689efdd743b4fea794c67fe95626163cff2554724fa7b8230e103db2670c3b75de55a0c5b1b1e813514a8ca1aa4a7a1ee58222c464af28b23

  • SSDEEP

    1572864:Q8VlOWq03Sk8IpG7V+VPhqSvE7WCylKN0iY4MHHLeqPNLtD5KKrGZnbSkENZV:QKY+SkB05awStCyMZMHVLt1K6GVDEV

Malware Config

Targets

    • Target

      Fortnite External.exe

    • Size

      76.7MB

    • MD5

      87095889e4f3a7c5411f2d3b0e1a1b64

    • SHA1

      34cc41348f57d1b0039ccd838b5dbf53d05c6596

    • SHA256

      a3da0a4bb6dae3c2828cff2296f7f22576aac5923e43a6b0382828f5be6aed95

    • SHA512

      bba1a171419a64f689efdd743b4fea794c67fe95626163cff2554724fa7b8230e103db2670c3b75de55a0c5b1b1e813514a8ca1aa4a7a1ee58222c464af28b23

    • SSDEEP

      1572864:Q8VlOWq03Sk8IpG7V+VPhqSvE7WCylKN0iY4MHHLeqPNLtD5KKrGZnbSkENZV:QKY+SkB05awStCyMZMHVLt1K6GVDEV

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks