Overview

overview

10

Static

static

3

Fortnite Checker.exe

windows7-x64

10

Fortnite Checker.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2025, 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fortnite Checker.exe

  • Size

    883KB

  • MD5

    5ff30ec323f9e6ec632ea3b2180a1cbc

  • SHA1

    aba95d8f4f7f634170cbad0461a3e6e0a4574059

  • SHA256

    d548ea85db4681de9393a4bd8369283db49f9f0525356d15f8ca06259e4fa930

  • SHA512

    e990b1de0d4f6c2f830bca0ddea747ab733289f8fc45f2da1b9e20128b9eabb51c8f2ed62ca0346bdbb20ca73b4ab871e2a0298e1f4df9d559d4bbee41cce66c

  • SSDEEP

    12288:GToPWBv/cpGrU3ywFm/byWr+5q+LViWdEVr9WoMwtubIwyqd7zw:GTbBv5rU4/b9SDmVr98w009qdHw

Score
10/10
vanillaratdiscoverypersistencerat

Malware Config

Signatures

  • VanillaRat

    VanillaRat is an advanced remote administration tool coded in C#.

    ratvanillarat
  • Vanillarat family
    vanillarat
  • Vanilla Rat payload 2 IoCs
    rat
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fortnite Checker.exe
    "C:\Users\Admin\AppData\Local\Temp\Fortnite Checker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Users\Admin\AppData\Roaming\Fortnite.exe
      "C:\Users\Admin\AppData\Roaming\Fortnite.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2488
    • C:\Users\Admin\AppData\Roaming\FortniteChecker.exe
      "C:\Users\Admin\AppData\Roaming\FortniteChecker.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=FortniteChecker.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2764
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c2b25d0b410cfb24a08ee41ae5ae0f1

    SHA1

    fd017529819042a4c6b8191d3cddf20036e21414

    SHA256

    020d51d8df6560e1cf38bd887c1b1bb61cc49ff68aa6e1a7b69186e4e19dc4fe

    SHA512

    fe65eaea55012a8a5a81543698b4bf36556a2b5aa6456594d5b4d49108560712415185294dbd9eb3ba48401a243109adea1009c0109cb7d54c73f5273ce31f2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8aac0028d287fa89ad465d9b56fb8a37

    SHA1

    ae4379e698ac231f0d9e4b69c612576cf129045f

    SHA256

    848ad88055c4d8b879d0179c7b6b185aa18a8a26dfbe2849bb43b3939e89c483

    SHA512

    1d21707d56f94ec25accbcae6f20378423fd620f3939dcc8d8b477d9ebc9d4728a65c0685598a671f95d9a92dbd5b91c78a360ba0f66276faecd93eda6592e51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b113156c33bbb79e81113ddcfd2b560

    SHA1

    dd853d55684977fbd7c0a3ac476ffda1de14fa1e

    SHA256

    90632519193d2e8dfb554b1294ae5beace4b31c1bf52859802dba125353d57cc

    SHA512

    11fcced9502e27321c564b37ecc5309def7811ea9682c4df8fc5af8bbfab10a2f565e59ecfe1d372e891210fb9035131675ac4cca51548132b3484d5ca3b9ed7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab7429238a2ced0d7acc27afa4930a4d

    SHA1

    1b7328454fda2ee3994c826e0dd5ccb829f1af9e

    SHA256

    ff67f6fb0f52432923d50c3e8a52d71b405ec5fd1a01629d4c5f25e40a5b0184

    SHA512

    872e95ede56dbffeadf1cb4b8c34d8729e4c5294eee7fc9f4977bb3f4774f0d4e98d27974043d04f01b44763fdc37f29c8fc008f769f5426aef8f68dea72d8b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff80d6e4c8673ca1c25a057fae497c1c

    SHA1

    e3a6cb431b4596260512a5c9b7bd7d95881b126e

    SHA256

    64aa32134b581b5e0e34a47b99ad46839a989710830599fe5f555972b348c0f8

    SHA512

    c317aab96b2e83014964dd89eca5e6facb6f7de88a58791838ce80ded2488f89dca728b6c766d42da443dd85ebaf56ed8fa562f33da5d1105a508a1ac53f716a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a228781fc2459a78d650a6ddff679a43

    SHA1

    b4dcecaa692550ee8286bab07570bf35917c1014

    SHA256

    d2ad76defd464e43f77f691a5ecba0f6643d2065e4945c84abec033bfaf96a6b

    SHA512

    d08ef48fd3cdb4dd1143f84b30158188ce1484db1ddcf09e44660ab59be45f48344514308c5b40f3961fbdf0736e302eff1d1c828f9e6710924d83a8c7c105e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    251ee7e00f37b2afa0451e70921c7b64

    SHA1

    6f0a37ca0c5154bef3ecb4152d2e5e5af878da78

    SHA256

    82e8ae8714fba55efda2de3243f9c6208007418f2a7f30447fc076e72cda05cd

    SHA512

    5b0107fa3a20d09705e12ebf98086f0b1f61ea135a528f926ade5ab4502d3ce9b0e45ce9a03e4ee7a2354a374bb706218991ab4ba1e40833ea79fc5e81e759a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f04203ef4fc535e59aa4b8a81b8910a

    SHA1

    2a6249195e2f294bc2e118d2f7b01e431b842121

    SHA256

    d43bd4789585f32da26466a1d6e029a555aba1545b365b193841c9f499a2d4f5

    SHA512

    c6772e30bd3d3406d8acad65a2a5977dd0fea9ac0fbc6e91deef3a51228a03b74a9a52d65e9832d7e38bd80e2a3a363e6c032d653e27a5081a9c288b00abce46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3d4e3728205041b33e8fd849fa666bf

    SHA1

    21a93638d7580e66595b50cb0f3f9d1528c19663

    SHA256

    3fe46e479d6ba45c16e1f06c97a0b9c2da08e2e4e8ea9b5cd3f14156cc495791

    SHA512

    14220b7fd4799249292fc7ce7c6f7ecf074c6df7104ea246d62d7c3fcc53381d88101385ee05ac231b3ddfa2e0c7a8f0dbfaa4aca4aa8dffd1321d8302a0b160

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    778cb33a46b60317ed741137ac485dc7

    SHA1

    899304a5ad06a588375204c238388e0c3ddfd608

    SHA256

    1390b464a0e815393732e5c2371ad639ee5f7bbf46e59aa7d9ef7191589d5347

    SHA512

    e10286fefa8f3f0b86c4d0493c9da0bcd625d578dd41942b5313769dd1d5dec92edd8ffc8511f12cc7ddc3b6a0b3cdde1aafa6ceb0422b9b6ee6e9cb1772f8ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8f55b1379dc0fcfc345860c07af8557

    SHA1

    31b1a9a451f779deb651fc17bd0fe81f8c4d9fef

    SHA256

    177ac9adff4769e1414f3465024f843648679186aa84ed24a11b4536d91b0370

    SHA512

    846ef1a370a1c9493434bf3681d5459ad562a2e519815cc91b8b492d949c39fae4b993d0c15b71d873cbf4ed2e560aa98034ffa32036da967d9a4d66fe94938f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d78e8aaae575941992fffc927f928b57

    SHA1

    8d2a2c259a704c3cf439fb21b65e415c40d8b883

    SHA256

    3df12db3cefa48c2aea7f683b527bcff0fdbdc6dfaa299856f7d8f5beebf1efc

    SHA512

    edd7a1a12fa9b7f9b83c02fe5558432965a88388e7bf9a47d9bda1afed66d61af23a1546b14727065a4e181ecb36b340f8a46bada9d1531ef409dfc4a30d77cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff0858c086a44bc058e6f8b5292d55f7

    SHA1

    093bcd56388e8e195482bbec642423bfc279d9a5

    SHA256

    d4a267fd851a16a78533729e76ccbb8b954ba6a4ee90112f13040c4b8ed3362d

    SHA512

    403573de0723f3f41df466c51d9e0daab7a444320c724304317dbebf2b7fd9729d0276925eb4e9e71ebf96a09c6ee7177fd7a771ab8a836a1a75ec723df87528

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5414cb97b782f204c4107760ca8ad301

    SHA1

    a0c03067314e5ee05e46bf32ea49bb87b30abd70

    SHA256

    4503c0b9fd9a8f53cdfd64f1becb175e34fb97e659a69da36bce1946024a99e3

    SHA512

    c27d280e79367bcd18c63575e358fe6078a827b15410230617c6c24c829908f75bff482eb4a1f50e6adac0e5209287572230af0648853e44cb5cb6738654eedb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92a0c682c86a7404bc0891c5974cf427

    SHA1

    75ecc9021bcefc299a10eea4c62d8a7b36a77690

    SHA256

    a871b173705df4f8f33af43338a8835407fd62bf093117b143a446e8a7b20281

    SHA512

    8a4c10c9093b77b5050324e1f007c39844de75d71f7fe35b6d1cfa56f7264cde905ba36dce7bd256c11d6722eda60a4393f57d4a9bf8550d78559cfb56e0ce1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b5b1e5ee594cc95696d1177055b67ef

    SHA1

    817851a31a0145fe118a0f9b2643d73ac1e57a11

    SHA256

    875f73d74a0ae42d835bde41b70fea091d7adae75ea575c7e0019183bd1faa5b

    SHA512

    64b7cb9e455dc7fd231eb4396f657f346a818f152cd053d85b7fef572354265eeea5e900bb8bd18c531edba0f517c4bdcac1ce5ba1f9c4d280317ae42933791b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4916d9254401b7d0d2dcf4956bffa63

    SHA1

    98e421e496cfe88e329a52d59ccecaf40580d88a

    SHA256

    2e7b145095605365dc093aaacb3ca7fc14e447156ef87f455c44f0e8e7912261

    SHA512

    8eea26ace37f8764b30505b5d912fd4dc05f74132a59814eae0641736b02a4f5c53d2e043caa7daefa7386bceade7ee1bffeb692ac21391a00946ee3462b89db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b376572c8702416b9962b9d8877c6397

    SHA1

    d885f470dd20851f2c11556c984edaae09b691fe

    SHA256

    3adb373aea47a23c6e109308c68edf9e2ca56ba5e6540ca54cea5d9481f3d1c6

    SHA512

    cc128cee66df5de7ceee13bf28886c8acfd96da77bd9ebb3d5e8f8cdf8c540ac129dee4c2e5bb66ad5377bcbcb74e5a69bbbcefc4e26946caf7d75b57b9de7b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7e84f6fd3f79b3383c9473b39978fc6

    SHA1

    ed4dc1eb31028d7a805fc8200294da137e415744

    SHA256

    43cd2edca0d6a3def2b1f0f874d8a308d39ba59ce4f769f5426ff917d1ffd8fc

    SHA512

    43992f886b8b7dc1d68a3c0d9610ca0cf0b138686b41d11db66c94bd3eee806d4681cb8b559f5a87771d687a9cd4ecbd1d83b17a84c57aa82edd02d9fb7665e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    32c1264888cd0f0fe614729a94adf3da

    SHA1

    8c886f405e8f084bab30e98e6e55d085a66b425a

    SHA256

    bcb92b87437bc3b64ccc418fb50a16832b5ae08f926e7d95c210d0d4166d8e3f

    SHA512

    b0c794d7e27d2ac83d19f0aee53575313949a9ae672c8a76703a38feb640c34c1d96e90254aae99292e9164161076a0003ca0c4ade5adedb115c027c7d7ef67f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9D4B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9D5D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Fortnite.exe
    Filesize

    114KB

    MD5

    4bd20275a3148a44bf040367a43f6fe2

    SHA1

    4faa5b6fca5f3b31b00995b4372f635b1ed3a019

    SHA256

    98efc33ad38ab3a913716402cb445a25e5e578bdd379494c0188b30028430336

    SHA512

    ba5477c92038704feea1988228b25c82107f1803a3a331ba4337ae48dcdd019b6fc9f3e7fc14ace08b6637ce85ae4ad029a6d1d60ee4daac6a82c0cc1466bc66

    Download Submit

  • C:\Users\Admin\AppData\Roaming\FortniteChecker.exe.config
    Filesize

    184B

    MD5

    13ff21470b63470978e08e4933eb8e56

    SHA1

    3fa7077272c55e85141236d90d302975e3d14b2e

    SHA256

    16286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a

    SHA512

    56d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8

    Download Submit

  • \Users\Admin\AppData\Roaming\FortniteChecker.exe
    Filesize

    83KB

    MD5

    f5d8bedb9dcc17a0a356f2f3f621971e

    SHA1

    76ed7763602cc198be87b3eb51949f54ae9c0f9b

    SHA256

    355ae598c711cf98fb78b485fe2bf351233e81d5b98ffd3c81b20470182e6ebe

    SHA512

    ee5c55a562259481199def67fba592bfa1b524fc4eaa5c9b558f6fbb9609542b0f1a915768f79662a6b7fd2f8127c013aa2fb08a249f5bba89aafad03c9e99eb

    Download Submit

  • memory/2488-326-0x00000000740DE000-0x00000000740DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2488-47-0x0000000000E00000-0x0000000000E22000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2488-46-0x00000000740DE000-0x00000000740DF000-memory.dmp

    Filesize

    4KB

    Download