General
-
Target
FortniteAimbotESPCracked.rar
-
Size
1.9MB
-
Sample
241207-2wkfxstmgr
-
MD5
6ba473a1bc9b14e42058eae6bae59c07
-
SHA1
5e095dff1636b731b0053b426e73c447996e2950
-
SHA256
f6d0b44bec406ef977eadbea62f9327c210ce26de6624801109a0e600968540a
-
SHA512
a5c67d629d38b062b83ef8a92de4aeb3c6ade4456d340904effc1bbb3a71a06b6654d212c90b87a9b156866253686536934515be1f4ff7448dc1327bf5f4e330
-
SSDEEP
24576:qplzYPHkIkDf4Hwjd9CJhqa8sexDL8H4F8iSXwjd9CJ/8sexDL8Hx:q7KgibLhYFSQeLhR
Malware Config
Extracted
limerat
-
aes_key
blunts
-
antivm
true
-
c2_url
https://pastebin.com/raw/1NRAsuVh
-
delay
3
-
download_payload
false
-
install
true
-
install_name
FortniteAimbotESP.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
true
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/1NRAsuVh
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
FortniteAimbotESP Cracked/FortniteAimbotESPcracked.exe
-
Size
237KB
-
MD5
7c34d5a99e33db01d724deb87553768c
-
SHA1
fc70dfff2a6cbccb519959f15001c4e40bae5e11
-
SHA256
3385e46ff06f7a6ade7bab54dc59fbabb2a7b00c8481feeb4aaf108d28e08de1
-
SHA512
a841f09307494457cb4d9bce0fd39fed061e3fc2e6f24aeaec70262a8f247df4f359d79e2e8d8704ec4cee2556369d9453a01b939af1d7e877cf264c69b9859d
-
SSDEEP
3072:x4lROkV6jW+tKFh36Lv+GSBADfBZRBadxlv:x6RHMrETGmALon
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Limerat family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
FortniteAimbotESP Cracked/db/Aimsys.exe
-
Size
28KB
-
MD5
a863d73e691e352731c313d8bf2562d0
-
SHA1
14789c7c44aea7838cdeb4aa40cb392e6ea2cd54
-
SHA256
e0cf5d340422e29ed6f46d84e22af1e38fef342ede85172d9c4af65ea86886d0
-
SHA512
3f460657e119200b3784c433770705af51521472f0514f3c9dc32f25edab8cbcb2c83374a1ec389f1e175f218ac4aa93740b56f89a5a49c87202726e5a649e86
-
SSDEEP
768:wpex6txrwNpUpyxdJ745NDbnEY4R6Xxldj:wpddwNpcQTk/bXb
Score10/10-
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
-
Limerat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
FortniteAimbotESP Cracked/db/Ionic.Zip.dll
-
Size
480KB
-
MD5
f6933bf7cee0fd6c80cdf207ff15a523
-
SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d
-
SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
-
SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
-
SSDEEP
6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score1/10 -
-
-
Target
FortniteAimbotESP Cracked/db/Launcher.exe
-
Size
53KB
-
MD5
c6d4c881112022eb30725978ecd7c6ec
-
SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
-
SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
-
SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
-
SSDEEP
768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
FortniteAimbotESP Cracked/db/libeay32.dll
-
Size
1.1MB
-
MD5
d5405dd640e870b1dd4f5b4bd08865bb
-
SHA1
bc73ae7346e125ffd53dd456c711d2cbb8f9ee34
-
SHA256
c548cd69756d2ce83bb7d2d372257111b158b8d6f167d4a7ccecd6f7d3b4d394
-
SHA512
355bb4de5ea820ed0b260ac3302f3116b729fbf8bc72e82a11398439f8a926100ea48e08e5fc5daa8c1842e72a9e09a04bdf2db30a37d10e77b77825f9a16e36
-
SSDEEP
24576:A1dxBPCNuIDyCldvK5Yc6RMpMXwmIwYS:GkhyClJciRMpMXwmILS
Score3/10 -
-
-
Target
FortniteAimbotESP Cracked/db/tessdll.dll
-
Size
732KB
-
MD5
289f73dee43e46cbba4114997c817618
-
SHA1
aba093d7a5d977a787d08288a7e4e961141d9f76
-
SHA256
43e14317c002c2fe90ea6012050f5a2af15901456a7f99cd47055152250d8e86
-
SHA512
8fac607bbab0cd0b7560b0dc983540798a82699429fce4cc4e45c034dda91b20505ea4e88b006be3e5b3b272b06787fd3c153cd7d73d0ab818b9c959286796d5
-
SSDEEP
12288:CwfWAt7BZLs+vg6htqs5aH8/9QUA6amvFs1Xf5gfAhXRNA42BHUHVRJJ5q0PdcVU:Cwf9l/YA9yhPf5gYhXA42BHULjdKiwb/
Score3/10 -
-
-
Target
FortniteAimbotESP Cracked/libeay32.dll
-
Size
1.1MB
-
MD5
d5405dd640e870b1dd4f5b4bd08865bb
-
SHA1
bc73ae7346e125ffd53dd456c711d2cbb8f9ee34
-
SHA256
c548cd69756d2ce83bb7d2d372257111b158b8d6f167d4a7ccecd6f7d3b4d394
-
SHA512
355bb4de5ea820ed0b260ac3302f3116b729fbf8bc72e82a11398439f8a926100ea48e08e5fc5daa8c1842e72a9e09a04bdf2db30a37d10e77b77825f9a16e36
-
SSDEEP
24576:A1dxBPCNuIDyCldvK5Yc6RMpMXwmIwYS:GkhyClJciRMpMXwmILS
Score3/10 -
-
-
Target
FortniteAimbotESP Cracked/tessdll.dll
-
Size
732KB
-
MD5
289f73dee43e46cbba4114997c817618
-
SHA1
aba093d7a5d977a787d08288a7e4e961141d9f76
-
SHA256
43e14317c002c2fe90ea6012050f5a2af15901456a7f99cd47055152250d8e86
-
SHA512
8fac607bbab0cd0b7560b0dc983540798a82699429fce4cc4e45c034dda91b20505ea4e88b006be3e5b3b272b06787fd3c153cd7d73d0ab818b9c959286796d5
-
SSDEEP
12288:CwfWAt7BZLs+vg6htqs5aH8/9QUA6amvFs1Xf5gfAhXRNA42BHUHVRJJ5q0PdcVU:Cwf9l/YA9yhPf5gYhXA42BHULjdKiwb/
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1