Overview

overview

10

Static

static

10

FortniteCheeto1.1.exe

windows7-x64

10

FortniteCheeto1.1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FortniteCheeto1.1.exe

  • Size

    1.9MB

  • Sample

    241115-y4rcnavnaj

  • MD5

    c45c467e8f19f30607d53008089f3cf3

  • SHA1

    1adb8f8fe7fd4ea27a15b078b6689f02af232ccf

  • SHA256

    b665d95a5937bfe91d3519e449155f167318ef349ddc2a51b216353cbc5b1c20

  • SHA512

    a7b8ba1abc5f4c06a21f73f236721f384aaaa843005d30e4eefdd5707bb16774f9ca8fac4e8d93219d83627a192256f34c5bc287419480813cb86ad3465b9ff5

  • SSDEEP

    49152:jbA3wn9R0GVO1ZNksxh3TsRs+6dZdOk7KEE:jbD9RDmhYRsZgk7O

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      FortniteCheeto1.1.exe

    • Size

      1.9MB

    • MD5

      c45c467e8f19f30607d53008089f3cf3

    • SHA1

      1adb8f8fe7fd4ea27a15b078b6689f02af232ccf

    • SHA256

      b665d95a5937bfe91d3519e449155f167318ef349ddc2a51b216353cbc5b1c20

    • SHA512

      a7b8ba1abc5f4c06a21f73f236721f384aaaa843005d30e4eefdd5707bb16774f9ca8fac4e8d93219d83627a192256f34c5bc287419480813cb86ad3465b9ff5

    • SSDEEP

      49152:jbA3wn9R0GVO1ZNksxh3TsRs+6dZdOk7KEE:jbD9RDmhYRsZgk7O

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks