General
-
Target
Fortnite Rift Cheat Client.rar
-
Size
81.7MB
-
Sample
250122-kyv7rsylbz
-
MD5
28b0d8b8ac4f6a1a0148921ee40554e9
-
SHA1
4a8f0c07231181c63be63a86cb3502e6509bc010
-
SHA256
c45e4642e31ac58d8dc615b0ed1eaf5f96fff254567bd22ac4070b89db13bb8e
-
SHA512
de4777f6be7bfbe6adaa12c5becbcaa4be8210bdef7ecded3f418a36214ef3545db60e0b03dff881e79338a17fa32cbf9a4fbfd2b641800e7a5cb02c98cb3f83
-
SSDEEP
1572864:L0+xzl30GR46mnoRvJ+UVMhD0dT4gubhj87JAJpHETt+MLCy2HBOkipLw/:LRxzl3Fa6mnehVC0xh4t876JW+Q2hApu
Malware Config
Targets
-
-
Target
Fortnite Rift Cheat Client/Rift Client.exe
-
Size
83.2MB
-
MD5
41d1ea4988bfecce6e65dc97a49aed13
-
SHA1
c9312b2bbafc62193ce29cbfc8ff516b5a1065f8
-
SHA256
1a9db52cc36a8f1f92505453f752cdfd925ef7321b330fe93022d707ddb43ab0
-
SHA512
aab46f4b6806a81cbde049b46eb52b2dd16243f7004ed47cab69859836f03c8690fdc6e291ad7878eda1ba209d0b8a702ce6636b6cb6a782de317c518b9e3eb2
-
SSDEEP
1572864:3VjlVW0Im7OkiqOv8im2ARxE71lhpBB8iYweyJulZUdgcrNWkWWUoyAb53:tbxIm7OknOv8i3KGLpnNpu4rX53
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
Fortnite Rift Cheat Client/Rift_Injector.dll
-
Size
2.4MB
-
MD5
0e32788bd10309b96ee81b5be318dc29
-
SHA1
b619eb13bee9cb03706ef5dbc04d166391baef9a
-
SHA256
3ec6fe1de9bb66cf517593ddd22a754d59b28002abaf510cf6483db121b14085
-
SHA512
ec85832fd6e2f6ee7cc5c3cc5d2847381df37c9f49be8ae9012003fb5ecdb214595dd2d5fcf6d1224e1e15ce5b7f34b196aaaa398ccf9369391c0df48ab68be5
-
SSDEEP
6:3PWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPWPW0:t0E
Score1/10 -