Extracted

• • Target

    fortnite‮gpj.exe

  • Size

    872KB

  • MD5

    4498571a9abae3109110f8269dcd3161

  • SHA1

    8ba4b502d42b784cd9dc61c0ba4b4eec7af55db1

  • SHA256

    a7e621222694b1384179574cd023ca68cbd5da5cb36a3de563c04f93c4286dbb

  • SHA512

    414b90fa966969e7ebaf7cfb262afd42894bc964fe9ba7587f559055fb5922ca174c7777d5b5de1a3843dd71304ebb48d94a3ddfee2aadcaecd96c09ee9fb57c

  • SSDEEP

    24576:X5ZWs+OZVEWry8AFBn+yHDB17T4ZrCqKkFPJ1x1CwrNa6h8kQU1s:JZB1G8Yt+yjT/SCoFzxr46ho9

  Score

  10^/10

  discordratpersistenceratrootkitstealerransomware

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat

  • Discordrat family

    discordrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2