Resubmissions
07-12-2024 21:33
241207-1d8kcsvldw 10General
-
Target
Fortnite AIO.exe
-
Size
7.6MB
-
Sample
241207-1d8kcsvldw
-
MD5
4f58dcb61367ae2487979808ffba0a0a
-
SHA1
7a1111fecaf2a994418089e7bfb63c4e45579053
-
SHA256
cd2311111e02c650c5b6616e676c6bcccb57f373be407c149704d5815d289275
-
SHA512
22df5c8b785c1bb4bf9b2581194ebd93fe1f5b4026107457780a91d23314f87c6c5caf9b438dbb5f97a95bbed4afa2069f4d189275bcb399e7cc6c9e246bc5ba
-
SSDEEP
196608:gAD+kdC0bwfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeW4:d5oHIHL7HmBYXrYSaUNC
Malware Config
Targets
-
-
Target
Fortnite AIO.exe
-
Size
7.6MB
-
MD5
4f58dcb61367ae2487979808ffba0a0a
-
SHA1
7a1111fecaf2a994418089e7bfb63c4e45579053
-
SHA256
cd2311111e02c650c5b6616e676c6bcccb57f373be407c149704d5815d289275
-
SHA512
22df5c8b785c1bb4bf9b2581194ebd93fe1f5b4026107457780a91d23314f87c6c5caf9b438dbb5f97a95bbed4afa2069f4d189275bcb399e7cc6c9e246bc5ba
-
SSDEEP
196608:gAD+kdC0bwfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeW4:d5oHIHL7HmBYXrYSaUNC
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
����TP7.pyc
-
Size
1KB
-
MD5
f245a96a398827909021caf136c4e2a5
-
SHA1
274204d183f8607645016a7bdb47223ee9410c0f
-
SHA256
b00f3816fcf6f902897cc54d7d9485bdaf0e322685b886e002e4b9bf41241c79
-
SHA512
f46e909ecbe3426ef38b7f27e7b6214d59cc33fbca42e57d4126c7d7e8a93c11b28b3c0bc79ef9d0b4fb5faea80d2af6e087938d8b50a17ae4fc41dcbbe5fbc3
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3