blankgrabber | cd2311111e02c650c5b6616e676c6bcccb57f373be407c149704d5815d289275

General

Target

Fortnite AIO.exe
Size

7.6MB
Sample

241207-1lqdra1jfj
MD5

4f58dcb61367ae2487979808ffba0a0a
SHA1

7a1111fecaf2a994418089e7bfb63c4e45579053
SHA256

cd2311111e02c650c5b6616e676c6bcccb57f373be407c149704d5815d289275
SHA512

22df5c8b785c1bb4bf9b2581194ebd93fe1f5b4026107457780a91d23314f87c6c5caf9b438dbb5f97a95bbed4afa2069f4d189275bcb399e7cc6c9e246bc5ba
SSDEEP

196608:gAD+kdC0bwfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeW4:d5oHIHL7HmBYXrYSaUNC

Score

10^/10

Malware Config

Targets

- Target
  
  Fortnite AIO.exe
- Size
  
  7.6MB
- MD5
  
  4f58dcb61367ae2487979808ffba0a0a
- SHA1
  
  7a1111fecaf2a994418089e7bfb63c4e45579053
- SHA256
  
  cd2311111e02c650c5b6616e676c6bcccb57f373be407c149704d5815d289275
- SHA512
  
  22df5c8b785c1bb4bf9b2581194ebd93fe1f5b4026107457780a91d23314f87c6c5caf9b438dbb5f97a95bbed4afa2069f4d189275bcb399e7cc6c9e246bc5ba
- SSDEEP
  
  196608:gAD+kdC0bwfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeW4:d5oHIHL7HmBYXrYSaUNC
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  ��TP7.pyc
- Size
  
  1KB
- MD5
  
  f245a96a398827909021caf136c4e2a5
- SHA1
  
  274204d183f8607645016a7bdb47223ee9410c0f
- SHA256
  
  b00f3816fcf6f902897cc54d7d9485bdaf0e322685b886e002e4b9bf41241c79
- SHA512
  
  f46e909ecbe3426ef38b7f27e7b6214d59cc33fbca42e57d4126c7d7e8a93c11b28b3c0bc79ef9d0b4fb5faea80d2af6e087938d8b50a17ae4fc41dcbbe5fbc3
Score

1^/10
behavioral2