Overview

overview

10

Static

static

10

FortniteEx...dup.js

windows7-x64

3

FortniteEx...dup.js

windows10-2004-x64

3

FortniteEx...pp.exe

windows7-x64

10

FortniteEx...pp.exe

windows10-2004-x64

10

x64/Releas...ev.exe

windows7-x64

1

x64/Releas...ev.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SigmaBase.rar

  • Size

    5.1MB

  • Sample

    241207-yres4a1kes

  • MD5

    d0c067fb8571dc6b3fb712b587a9f815

  • SHA1

    4e8b3dc0eecf3742d6ab2b7bbbd1bb62fb969e1d

  • SHA256

    13cc2f2806d65c35f10a500e8e109c48c1b4ab12642ebdd5c0b3ae85c28fed53

  • SHA512

    71228c7cab4c8e143d4f570aa237fb8a17b130044c1bf1100f0f4fdb0aee52ab41064a8a913e45fc1a56d608d0ff89c1da3680508d49b789f50ace07c109189a

  • SSDEEP

    98304:yW0Jih/Oj2tvKBV3TGU28aPlqdFsmGhEdntT+w+rSK/5anNREjNYEN8:yW//Xe3xOPlqdXXdtT+rTwEpYl

Score
10/10
discordratexecutionpersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxMzk0OTc0NTY1NTQ0NzY0Mw.GvqYM1.8ZwhOILcM3Ijsfbzqc8F-Cy7wfV5wKSv-BMD0I

  • server_id

    1313949691574226985

Targets

    • Target

      FortniteExternalBase/util/loadup.hpp

    • Size

      7KB

    • MD5

      a0f66b0a76db9a2faedfc8aa94601a25

    • SHA1

      5a8838b0757be592c61a2e2860336eea7e79ff56

    • SHA256

      6db0aea5b2d57418c257610ea5ceaa80e7744fafaf0319cba3bc79bb3100a3cb

    • SHA512

      9e4fa89c72a54e6522597b8262792355165c098446a25f9d257d2a5be901536478eeb2370415e21f4cff272f8e8cc58b138f9403c92c7df1bb86cf38643ab95d

    • SSDEEP

      96:XRKQHhzoxEM8z/9vGna6E66Mm3BXx6538x6p3Rx6j34f6Tn+gIXU1L3lwwen+I76:oQHlUEXYyxMscBkYw1LbEgIUGzA

    Score
    3/10
    execution
    behavioral1behavioral2

    • Target

      FortniteExternalBase/vdm/libary.hpp.exe

    • Size

      78KB

    • MD5

      b59a3035631d7d9740f6bbeee9f9af7a

    • SHA1

      63dd307c35e27216f00a5f915fc06c74b3124dd6

    • SHA256

      98ac7772969edb1cec6110cf07ecbd151f008d62373b6fe8b9099a0ad68bf2eb

    • SHA512

      8ac564658284976f614863b8a17faec37cdf014a9188bccdbe3e2e1ad806b7941c107269febad650c41bcfb31e75a8d324ebde7be449858f87841324aa050916

    • SSDEEP

      1536:lIWOBaZ84c6gEz5De2FzNDnghTAsKFbOZGdndxRKDIZ8o1l8ApbDNr1+uexCxoKG:lIWOBaZ84c6gEz5De2FzNDnghTdWd7Kv

    Score
    10/10
    discordratpersistenceratrootkitstealerspyware

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

    • Target

      x64/Release/quantum.dev.exe

    • Size

      645KB

    • MD5

      a9eb5298409209033cf707c0dfbaa60f

    • SHA1

      bf5c0162018ea54fa188e9ac3f678589db4c18f3

    • SHA256

      ac09ad360e3876c15982161015c319c31251f087324d6bd77921ba359d4e3d7b

    • SHA512

      b53d9072411dbfa92cb1a87bcf943ea7e00271d353f5d0d0ebf2088dedc6895ed02fe8c6ba19ca1ba60c139d5ca1ff36a6bc98d1f4ff8e11859b32ce3daff3ec

    • SSDEEP

      12288:hoJOLUTJcMfM2kO9ssSxJY+IQREyIoXQsXIyHoF9iS3nF1sUZx1sUCN:hoJOLUTJcMfM2kO9ssIG+GKYMoFx3nFw

    Score
    8/10
    persistence
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks