General

  • Target

    FortniteAimbotESPCracked.rar

  • Size

    1.9MB

  • Sample

    241207-2wkfxstmgr

  • MD5

    6ba473a1bc9b14e42058eae6bae59c07

  • SHA1

    5e095dff1636b731b0053b426e73c447996e2950

  • SHA256

    f6d0b44bec406ef977eadbea62f9327c210ce26de6624801109a0e600968540a

  • SHA512

    a5c67d629d38b062b83ef8a92de4aeb3c6ade4456d340904effc1bbb3a71a06b6654d212c90b87a9b156866253686536934515be1f4ff7448dc1327bf5f4e330

  • SSDEEP

    24576:qplzYPHkIkDf4Hwjd9CJhqa8sexDL8H4F8iSXwjd9CJ/8sexDL8Hx:q7KgibLhYFSQeLhR

Malware Config

Extracted

Family

limerat

Attributes
  • aes_key

    blunts

  • antivm

    true

  • c2_url

    https://pastebin.com/raw/1NRAsuVh

  • delay

    3

  • download_payload

    false

  • install

    true

  • install_name

    FortniteAimbotESP.exe

  • main_folder

    Temp

  • pin_spread

    false

  • sub_folder

    \

  • usb_spread

    true

Extracted

Family

limerat

Attributes
  • antivm

    false

  • c2_url

    https://pastebin.com/raw/1NRAsuVh

  • download_payload

    false

  • install

    false

  • pin_spread

    false

  • usb_spread

    false

Targets

    • Target

      FortniteAimbotESP Cracked/FortniteAimbotESPcracked.exe

    • Size

      237KB

    • MD5

      7c34d5a99e33db01d724deb87553768c

    • SHA1

      fc70dfff2a6cbccb519959f15001c4e40bae5e11

    • SHA256

      3385e46ff06f7a6ade7bab54dc59fbabb2a7b00c8481feeb4aaf108d28e08de1

    • SHA512

      a841f09307494457cb4d9bce0fd39fed061e3fc2e6f24aeaec70262a8f247df4f359d79e2e8d8704ec4cee2556369d9453a01b939af1d7e877cf264c69b9859d

    • SSDEEP

      3072:x4lROkV6jW+tKFh36Lv+GSBADfBZRBadxlv:x6RHMrETGmALon

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Limerat family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      FortniteAimbotESP Cracked/db/Aimsys.exe

    • Size

      28KB

    • MD5

      a863d73e691e352731c313d8bf2562d0

    • SHA1

      14789c7c44aea7838cdeb4aa40cb392e6ea2cd54

    • SHA256

      e0cf5d340422e29ed6f46d84e22af1e38fef342ede85172d9c4af65ea86886d0

    • SHA512

      3f460657e119200b3784c433770705af51521472f0514f3c9dc32f25edab8cbcb2c83374a1ec389f1e175f218ac4aa93740b56f89a5a49c87202726e5a649e86

    • SSDEEP

      768:wpex6txrwNpUpyxdJ745NDbnEY4R6Xxldj:wpddwNpcQTk/bXb

    Score
    10/10
    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Limerat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      FortniteAimbotESP Cracked/db/Ionic.Zip.dll

    • Size

      480KB

    • MD5

      f6933bf7cee0fd6c80cdf207ff15a523

    • SHA1

      039eeb1169e1defe387c7d4ca4021bce9d11786d

    • SHA256

      17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

    • SHA512

      88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

    • SSDEEP

      6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9

    Score
    1/10
    • Target

      FortniteAimbotESP Cracked/db/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      FortniteAimbotESP Cracked/db/libeay32.dll

    • Size

      1.1MB

    • MD5

      d5405dd640e870b1dd4f5b4bd08865bb

    • SHA1

      bc73ae7346e125ffd53dd456c711d2cbb8f9ee34

    • SHA256

      c548cd69756d2ce83bb7d2d372257111b158b8d6f167d4a7ccecd6f7d3b4d394

    • SHA512

      355bb4de5ea820ed0b260ac3302f3116b729fbf8bc72e82a11398439f8a926100ea48e08e5fc5daa8c1842e72a9e09a04bdf2db30a37d10e77b77825f9a16e36

    • SSDEEP

      24576:A1dxBPCNuIDyCldvK5Yc6RMpMXwmIwYS:GkhyClJciRMpMXwmILS

    Score
    3/10
    • Target

      FortniteAimbotESP Cracked/db/tessdll.dll

    • Size

      732KB

    • MD5

      289f73dee43e46cbba4114997c817618

    • SHA1

      aba093d7a5d977a787d08288a7e4e961141d9f76

    • SHA256

      43e14317c002c2fe90ea6012050f5a2af15901456a7f99cd47055152250d8e86

    • SHA512

      8fac607bbab0cd0b7560b0dc983540798a82699429fce4cc4e45c034dda91b20505ea4e88b006be3e5b3b272b06787fd3c153cd7d73d0ab818b9c959286796d5

    • SSDEEP

      12288:CwfWAt7BZLs+vg6htqs5aH8/9QUA6amvFs1Xf5gfAhXRNA42BHUHVRJJ5q0PdcVU:Cwf9l/YA9yhPf5gYhXA42BHULjdKiwb/

    Score
    3/10
    • Target

      FortniteAimbotESP Cracked/libeay32.dll

    • Size

      1.1MB

    • MD5

      d5405dd640e870b1dd4f5b4bd08865bb

    • SHA1

      bc73ae7346e125ffd53dd456c711d2cbb8f9ee34

    • SHA256

      c548cd69756d2ce83bb7d2d372257111b158b8d6f167d4a7ccecd6f7d3b4d394

    • SHA512

      355bb4de5ea820ed0b260ac3302f3116b729fbf8bc72e82a11398439f8a926100ea48e08e5fc5daa8c1842e72a9e09a04bdf2db30a37d10e77b77825f9a16e36

    • SSDEEP

      24576:A1dxBPCNuIDyCldvK5Yc6RMpMXwmIwYS:GkhyClJciRMpMXwmILS

    Score
    3/10
    • Target

      FortniteAimbotESP Cracked/tessdll.dll

    • Size

      732KB

    • MD5

      289f73dee43e46cbba4114997c817618

    • SHA1

      aba093d7a5d977a787d08288a7e4e961141d9f76

    • SHA256

      43e14317c002c2fe90ea6012050f5a2af15901456a7f99cd47055152250d8e86

    • SHA512

      8fac607bbab0cd0b7560b0dc983540798a82699429fce4cc4e45c034dda91b20505ea4e88b006be3e5b3b272b06787fd3c153cd7d73d0ab818b9c959286796d5

    • SSDEEP

      12288:CwfWAt7BZLs+vg6htqs5aH8/9QUA6amvFs1Xf5gfAhXRNA42BHUHVRJJ5q0PdcVU:Cwf9l/YA9yhPf5gYhXA42BHULjdKiwb/

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks