Overview
overview
9Static
static
7lcb spoofe...er.exe
windows7-x64
1lcb spoofe...er.exe
windows10-2004-x64
1lcb spoofe...er.bat
windows7-x64
1lcb spoofe...er.bat
windows10-2004-x64
1lcb spoofe...er.bat
windows7-x64
1lcb spoofe...er.bat
windows10-2004-x64
1lcb spoofe...ht.bat
windows7-x64
8lcb spoofe...ht.bat
windows10-2004-x64
8lcb spoofe...er.exe
windows7-x64
1lcb spoofe...er.exe
windows10-2004-x64
1lcb spoofe...er.exe
windows7-x64
1lcb spoofe...er.exe
windows10-2004-x64
1lcb spoofe...er.bat
windows7-x64
9lcb spoofe...er.bat
windows10-2004-x64
9lcb spoofe...er.exe
windows7-x64
9lcb spoofe...er.exe
windows10-2004-x64
9lcb spoofe...n1.bat
windows7-x64
7lcb spoofe...n1.bat
windows10-2004-x64
5lcb spoofe...n2.bat
windows7-x64
8lcb spoofe...n2.bat
windows10-2004-x64
8lcb spoofe...n3.bat
windows7-x64
7lcb spoofe...n3.bat
windows10-2004-x64
1lcb spoofe...AC.bat
windows7-x64
4lcb spoofe...AC.bat
windows10-2004-x64
4lcb spoofe...up.exe
windows7-x64
3lcb spoofe...up.exe
windows10-2004-x64
3lcb spoofe...ck.exe
windows7-x64
1lcb spoofe...ck.exe
windows10-2004-x64
1lcb spoofe...64.dll
windows7-x64
1lcb spoofe...64.dll
windows10-2004-x64
1lcb spoofe...64.dll
windows7-x64
1lcb spoofe...64.dll
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-11-2024 17:28
Behavioral task
behavioral1
Sample
lcb spoofer_updated_quack/Loader.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
lcb spoofer_updated_quack/Loader.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
lcb spoofer_updated_quack/Serial Checker.bat
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral4
Sample
lcb spoofer_updated_quack/Serial Checker.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
lcb spoofer_updated_quack/cleaners/FortniteCleaner.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
lcb spoofer_updated_quack/cleaners/FortniteCleaner.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
lcb spoofer_updated_quack/cleaners/Midnight.bat
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral8
Sample
lcb spoofer_updated_quack/cleaners/Midnight.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
lcb spoofer_updated_quack/cleaners/Toruney_Cleaner.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral10
Sample
lcb spoofer_updated_quack/cleaners/Toruney_Cleaner.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
lcb spoofer_updated_quack/cleaners/cleaner.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
lcb spoofer_updated_quack/cleaners/cleaner.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/New Cleaner.bat
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral14
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/New Cleaner.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/applecleaner.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral16
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/applecleaner.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/clean1.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/clean1.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/clean2.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/clean2.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/clean3.bat
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral22
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/clean3.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/eac install/EAC.bat
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral24
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/eac install/EAC.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/eac install/EasyAntiCheat_EOS_Setup.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
lcb spoofer_updated_quack/cleaners/leakedshit/eac install/EasyAntiCheat_EOS_Setup.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
lcb spoofer_updated_quack/lcb_spoof_crack.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
lcb spoofer_updated_quack/lcb_spoof_crack.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
lcb spoofer_updated_quack/libcrypto-3-x64.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
lcb spoofer_updated_quack/libcrypto-3-x64.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
lcb spoofer_updated_quack/libssl-3-x64.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral32
Sample
lcb spoofer_updated_quack/libssl-3-x64.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
lcb spoofer_updated_quack/cleaners/FortniteCleaner.bat
-
Size
1.5MB
-
MD5
2429db21a224c48fa6b17e55a6762328
-
SHA1
f86eb0c2de25e8970add83b66253d3f18b0994e1
-
SHA256
365685c1e71944bc955c6be46cc33a44099bcb0f8c625228e89445f18866b778
-
SHA512
0487e79a9b2b427f8c0e5bb860e78039bcf29626bd58ad8190df858fcfa130d15add3fcd350cdadaccbc1d2e13f822dab76e418029d692d2ccd972594b4c0e23
-
SSDEEP
49152:9TOB4ynYygOvXsMruROZyUpWvWOLZkORn:b
Malware Config
Signatures
-
Kills process with taskkill 11 IoCs
pid Process 2732 taskkill.exe 2796 taskkill.exe 2656 taskkill.exe 1872 taskkill.exe 3044 taskkill.exe 2112 taskkill.exe 2816 taskkill.exe 2664 taskkill.exe 2888 taskkill.exe 2572 taskkill.exe 2560 taskkill.exe -
Suspicious use of AdjustPrivilegeToken 11 IoCs
description pid Process Token: SeDebugPrivilege 1872 taskkill.exe Token: SeDebugPrivilege 3044 taskkill.exe Token: SeDebugPrivilege 2112 taskkill.exe Token: SeDebugPrivilege 2732 taskkill.exe Token: SeDebugPrivilege 2816 taskkill.exe Token: SeDebugPrivilege 2664 taskkill.exe Token: SeDebugPrivilege 2888 taskkill.exe Token: SeDebugPrivilege 2572 taskkill.exe Token: SeDebugPrivilege 2560 taskkill.exe Token: SeDebugPrivilege 2796 taskkill.exe Token: SeDebugPrivilege 2656 taskkill.exe -
Suspicious use of WriteProcessMemory 39 IoCs
description pid Process procid_target PID 2512 wrote to memory of 1872 2512 cmd.exe 32 PID 2512 wrote to memory of 1872 2512 cmd.exe 32 PID 2512 wrote to memory of 1872 2512 cmd.exe 32 PID 2512 wrote to memory of 3044 2512 cmd.exe 34 PID 2512 wrote to memory of 3044 2512 cmd.exe 34 PID 2512 wrote to memory of 3044 2512 cmd.exe 34 PID 2512 wrote to memory of 2112 2512 cmd.exe 35 PID 2512 wrote to memory of 2112 2512 cmd.exe 35 PID 2512 wrote to memory of 2112 2512 cmd.exe 35 PID 2512 wrote to memory of 2732 2512 cmd.exe 36 PID 2512 wrote to memory of 2732 2512 cmd.exe 36 PID 2512 wrote to memory of 2732 2512 cmd.exe 36 PID 2512 wrote to memory of 2816 2512 cmd.exe 37 PID 2512 wrote to memory of 2816 2512 cmd.exe 37 PID 2512 wrote to memory of 2816 2512 cmd.exe 37 PID 2512 wrote to memory of 2664 2512 cmd.exe 38 PID 2512 wrote to memory of 2664 2512 cmd.exe 38 PID 2512 wrote to memory of 2664 2512 cmd.exe 38 PID 2512 wrote to memory of 2888 2512 cmd.exe 39 PID 2512 wrote to memory of 2888 2512 cmd.exe 39 PID 2512 wrote to memory of 2888 2512 cmd.exe 39 PID 2512 wrote to memory of 2572 2512 cmd.exe 40 PID 2512 wrote to memory of 2572 2512 cmd.exe 40 PID 2512 wrote to memory of 2572 2512 cmd.exe 40 PID 2512 wrote to memory of 2560 2512 cmd.exe 41 PID 2512 wrote to memory of 2560 2512 cmd.exe 41 PID 2512 wrote to memory of 2560 2512 cmd.exe 41 PID 2512 wrote to memory of 2796 2512 cmd.exe 42 PID 2512 wrote to memory of 2796 2512 cmd.exe 42 PID 2512 wrote to memory of 2796 2512 cmd.exe 42 PID 2512 wrote to memory of 2656 2512 cmd.exe 43 PID 2512 wrote to memory of 2656 2512 cmd.exe 43 PID 2512 wrote to memory of 2656 2512 cmd.exe 43 PID 2512 wrote to memory of 1700 2512 cmd.exe 44 PID 2512 wrote to memory of 1700 2512 cmd.exe 44 PID 2512 wrote to memory of 1700 2512 cmd.exe 44 PID 1700 wrote to memory of 1960 1700 cmd.exe 45 PID 1700 wrote to memory of 1960 1700 cmd.exe 45 PID 1700 wrote to memory of 1960 1700 cmd.exe 45
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\lcb spoofer_updated_quack\cleaners\FortniteCleaner.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Windows\system32\taskkill.exetaskkill /f /im epicgameslauncher.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1872
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteClient-Win64-Shipping_EAC.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3044
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteClient-Win64-Shipping.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2112
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteClient-Win64-Shipping_BE.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2732
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteLauncher.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2816
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im UnrealCEFSubProcess.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2664
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im CEFProcess.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2888
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im EasyAntiCheat.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2572
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im BEService.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2560
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im BEServices.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2796
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im BattleEye.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2656
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\lcb spoofer_updated_quack\cleaners\FortniteCleaner.bat"2⤵
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Windows\system32\findstr.exefindstr /b ::: "C:\Users\Admin\AppData\Local\Temp\lcb spoofer_updated_quack\cleaners\FortniteCleaner.bat"3⤵PID:1960
-
-