General

  • Target

    FortnitePorting.exe

  • Size

    56.2MB

  • Sample

    241113-vpy76swcmd

  • MD5

    6dc4e149c8683578668660e4c5fae19f

  • SHA1

    5ee8c60693c6022217843fe27a4e3d932e876db5

  • SHA256

    c6f282acd5d0af70ec6ab4f261862cd85d982ff68a2bf82a55558b8ddc0b1018

  • SHA512

    ab8450eab96eebbba0d11254ed43ee84444c7f75922b6f853003952623375da95edd0a6749709d364fb919ccc84113275bb45ab350e6c1897b8d4eaceacd224f

  • SSDEEP

    786432:TKbjKYPI8Xa5NI5RqLj9F0eNqFs9fF+niAzzFTtC7T73wYUpJdfd1I2/5ksEKFR9:TqmK7lej9FHhb7Azzrm0npJ5c2tr1v

Malware Config

Targets

    • Target

      FortnitePorting.exe

    • Size

      56.2MB

    • MD5

      6dc4e149c8683578668660e4c5fae19f

    • SHA1

      5ee8c60693c6022217843fe27a4e3d932e876db5

    • SHA256

      c6f282acd5d0af70ec6ab4f261862cd85d982ff68a2bf82a55558b8ddc0b1018

    • SHA512

      ab8450eab96eebbba0d11254ed43ee84444c7f75922b6f853003952623375da95edd0a6749709d364fb919ccc84113275bb45ab350e6c1897b8d4eaceacd224f

    • SSDEEP

      786432:TKbjKYPI8Xa5NI5RqLj9F0eNqFs9fF+niAzzFTtC7T73wYUpJdfd1I2/5ksEKFR9:TqmK7lej9FHhb7Azzrm0npJ5c2tr1v

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks