General
-
Target
fortnite.exe
-
Size
1.2MB
-
Sample
241117-z2qh1sxqhv
-
MD5
36f5b50cb7cf5c1eb050ce5bb6357519
-
SHA1
ffc7f0f226809fc0a8e14f40dff4f39de8eea0bf
-
SHA256
ec3e0efe8027c3aabae9ccd394fc40c87c8a6a0ff563730c8796abc31202c26b
-
SHA512
64291ce8e927281d205706ccfe8fa22580c82ff060e479c2206158e14ab0a2f40d9498cb063038505ab32135513893406922ef488dfa1bb3998cc49fe8a4550e
-
SSDEEP
24576:5xbn0OetgzfnkuGKFI+lpC+bKlAtc064:0p2n2Gz
Static task
static1
Behavioral task
behavioral1
Sample
fortnite.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
fortnite.exe
-
Size
1.2MB
-
MD5
36f5b50cb7cf5c1eb050ce5bb6357519
-
SHA1
ffc7f0f226809fc0a8e14f40dff4f39de8eea0bf
-
SHA256
ec3e0efe8027c3aabae9ccd394fc40c87c8a6a0ff563730c8796abc31202c26b
-
SHA512
64291ce8e927281d205706ccfe8fa22580c82ff060e479c2206158e14ab0a2f40d9498cb063038505ab32135513893406922ef488dfa1bb3998cc49fe8a4550e
-
SSDEEP
24576:5xbn0OetgzfnkuGKFI+lpC+bKlAtc064:0p2n2Gz
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-