Overview

overview

10

Static

static

3

fortnitespoofer.7z

windows11-21h2-x64

1

Guna.UI2.dll

windows11-21h2-x64

1

cleaner.bat

windows11-21h2-x64

8

loader.exe

windows11-21h2-x64

10

mac.bat

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fortnitespoofer.7z

  • Size

    4.8MB

  • Sample

    241229-rf3x8atjhn

  • MD5

    5854c6283a7d0187036cd9cba204e716

  • SHA1

    79180d6ef5a639f80b2cdfe3c7d2ddec931e82bd

  • SHA256

    564f08ca2ad008e85407528f04e39b3087f53443c774be0898be735813d91f18

  • SHA512

    3bf405b66c04733c877027f16755e4643374fe2c582683f2c46c6ccddb590d56033f5259c7a9d3c54260a77e064bc548ce6c6f6dd4160018878bc4177f71f89a

  • SSDEEP

    98304:XsPrNN7TsM/EOxDTf9EnBamGx8hJO5h03l89rtvdqHLIAi9:8xNHMqFIBOxOq2CrtvdRAW

Score
10/10
cerberdiscoverypersistenceprivilege_escalationransomware

Malware Config

Targets

    • Target

      fortnitespoofer.7z

    • Size

      4.8MB

    • MD5

      5854c6283a7d0187036cd9cba204e716

    • SHA1

      79180d6ef5a639f80b2cdfe3c7d2ddec931e82bd

    • SHA256

      564f08ca2ad008e85407528f04e39b3087f53443c774be0898be735813d91f18

    • SHA512

      3bf405b66c04733c877027f16755e4643374fe2c582683f2c46c6ccddb590d56033f5259c7a9d3c54260a77e064bc548ce6c6f6dd4160018878bc4177f71f89a

    • SSDEEP

      98304:XsPrNN7TsM/EOxDTf9EnBamGx8hJO5h03l89rtvdqHLIAi9:8xNHMqFIBOxOq2CrtvdRAW

    Score
    1/10
    behavioral1

    • Target

      Guna.UI2.dll

    • Size

      1.9MB

    • MD5

      83e9df5d534f50280251d662861bf476

    • SHA1

      d2ecd37e462b3c6fa763341a12f9de74326cb646

    • SHA256

      836e1cc306eab0817a10c613a9c99d4dcbd604624b8b90f551d410dc164eef82

    • SHA512

      af38cfbd5fb866662afa4548011ba2d262cd70ff145fe4118db3322a9ea243bd9d8dc9cdfc62a246df014949a94d159bcd47a8f8f04010b93c963511a7e6a72a

    • SSDEEP

      24576:+5lxrKZ9DHFoXP/Jt/A1IKKPZANZuwgHQ/jz41RMIK24:Av/CIRqwRMIK24

    Score
    1/10
    behavioral2

    • Target

      cleaner.bat

    • Size

      371KB

    • MD5

      d4a755cf4816c251a2c08548301ab6d1

    • SHA1

      33c2b40ae11177fb116b361bffbc73690b668d73

    • SHA256

      c1a955fd9a937afba415bc45f5b174254f708ac018321674c4967fd2d8afba4b

    • SHA512

      860a3576184395d21df293c083c683807c584670149ce03570634494725dcaf914c8d7db24812c7aa6b29dfc04fb92b456676319c070a74a3d453c7014cf7828

    • SSDEEP

      768:UF19fj/zTATLU3fjX5F0VYIYIXuhsDGLPhJMT2Nz5U3/D35lU14IYIXZBMjmgPB+:+fymzozEzozOd5T6EZ

    Score
    8/10
    discovery

    • Drops file in Drivers directory

    behavioral3

    • Target

      loader.exe

    • Size

      5.1MB

    • MD5

      2feca6c6065a51f8ce0fba51010c8e72

    • SHA1

      533ecd7078632a162e7bf6444797a9495927e2da

    • SHA256

      2508b00db8479ba856be5c395e2ae74d435e455202116cc1c3db69e771b416be

    • SHA512

      cf8e34c2152219bb0b2a3dd5a71413db98418ab11f39d61bc859854166467289af02a95930bd29d01acd864dde03679d7f3ea05a7b0ad544a6c42bb4356cdeb3

    • SSDEEP

      98304:nGCd7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6KlRPJ:Gx+y4ihkl/Wo/afHPgRB

    Score
    10/10
    cerberdiscoverypersistenceransomware

    • Cerber

      Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

      ransomwarecerber

    • Cerber family

      cerber

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    behavioral4

    • Target

      mac.bat

    • Size

      2KB

    • MD5

      86630f471a1c7f40e8494347f9ab8249

    • SHA1

      10a2139adfb884f01799de89bf9b9ccb2a8bb460

    • SHA256

      c15faade0e71acd4abcb60a7e9f3f002a46d3d47bd294f7b12d811c871d1292c

    • SHA512

      666fe7866c2bedc78aad081bddf7e4dc8a9038b173527dc9464dd9c0776314a8c3e1ec7f4d0f34aff0d946b94ed1178a5c665d79173d1bfe0a0a611f6af65369

    Score
    3/10
    persistenceprivilege_escalation
    behavioral5

MITRE ATT&CK Enterprise v15

Tasks