pysilon | 6348a47d7e11f5d770e81795494e91620e32f531751bc29670f557ff1524422c | Triage

Submit
Reports

Overview

overview

Static

static

Fortnite.exe

windows7-x64

Fortnite.exe

windows10-2004-x64

Sharing

General

Target

Fortnite.exe
Size

77.7MB
Sample

241124-sh83pa1pbr
MD5

97178a64f9575409687576147522c8d5
SHA1

cff8a2ed89c63e6151826d7f702a3bf6aab383a8
SHA256

6348a47d7e11f5d770e81795494e91620e32f531751bc29670f557ff1524422c
SHA512

843df4051021cc7a9a670cd7154c1340c65eca5a636b2fc9de82c777e1a96f28e11a894315ad13bfd90eee186192df74daab1e7b65ccc39cd8e674eb7e99604d
SSDEEP

1572864:Rx1lLW/10hSk8IpG7V+VPhqqxE7LlhpBB8iYweyJulZUdgP7Ul+aswzteN:H1B+uSkB05awqeLpnNpur741teN

Score

10^/10

pysilon discovery evasion execution persistence pyinstaller upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

Fortnite.exe

Resource

win7-20241023-en

discovery evasion persistence upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Fortnite.exe

Resource

win10v2004-20241007-en

discovery evasion execution persistence upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  Fortnite.exe
- Size
  
  77.7MB
- MD5
  
  97178a64f9575409687576147522c8d5
- SHA1
  
  cff8a2ed89c63e6151826d7f702a3bf6aab383a8
- SHA256
  
  6348a47d7e11f5d770e81795494e91620e32f531751bc29670f557ff1524422c
- SHA512
  
  843df4051021cc7a9a670cd7154c1340c65eca5a636b2fc9de82c777e1a96f28e11a894315ad13bfd90eee186192df74daab1e7b65ccc39cd8e674eb7e99604d
- SSDEEP
  
  1572864:Rx1lLW/10hSk8IpG7V+VPhqqxE7LlhpBB8iYweyJulZUdgP7Ul+aswzteN:H1B+uSkB05awqeLpnNpur741teN
Score

10^/10

discovery evasion persistence upx execution
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

File and Directory Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

discoveryevasionpersistenceupx

behavioral2

discoveryevasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy