Overview

overview

10

Static

static

3

Fortnite Checker.exe

windows7-x64

10

Fortnite Checker.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2025, 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fortnite Checker.exe

  • Size

    883KB

  • MD5

    5ff30ec323f9e6ec632ea3b2180a1cbc

  • SHA1

    aba95d8f4f7f634170cbad0461a3e6e0a4574059

  • SHA256

    d548ea85db4681de9393a4bd8369283db49f9f0525356d15f8ca06259e4fa930

  • SHA512

    e990b1de0d4f6c2f830bca0ddea747ab733289f8fc45f2da1b9e20128b9eabb51c8f2ed62ca0346bdbb20ca73b4ab871e2a0298e1f4df9d559d4bbee41cce66c

  • SSDEEP

    12288:GToPWBv/cpGrU3ywFm/byWr+5q+LViWdEVr9WoMwtubIwyqd7zw:GTbBv5rU4/b9SDmVr98w009qdHw

Score
10/10
vanillaratdiscoverypersistencerat

Malware Config

Signatures

  • VanillaRat

    VanillaRat is an advanced remote administration tool coded in C#.

    ratvanillarat
  • Vanillarat family
    vanillarat
  • Vanilla Rat payload 2 IoCs
    rat
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fortnite Checker.exe
    "C:\Users\Admin\AppData\Local\Temp\Fortnite Checker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Users\Admin\AppData\Roaming\Fortnite.exe
      "C:\Users\Admin\AppData\Roaming\Fortnite.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2392
    • C:\Users\Admin\AppData\Roaming\FortniteChecker.exe
      "C:\Users\Admin\AppData\Roaming\FortniteChecker.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3056
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=FortniteChecker.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2708
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c4c0c29fde2e242ab49c5b08dd86785

    SHA1

    20e631fc3cefb7bc83355b2bae22cbd98310016f

    SHA256

    e57087a80e053351afb9e3670d3085b0c11948eeacda80feae9e15fbe9ad9280

    SHA512

    b79116631c400b4f606269c81e276a4c83143307ff5778c1d382976bc70460a7d54ac3f39162766374a739cb237f5ee914d29ae84daadbe58b043fcd3f6c6bfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b1e0de3e47ed889d2b8314958587701

    SHA1

    564f381b28a0dd6895264072a5f02165005750c2

    SHA256

    2d866e89bab3168987a40e5d7fbc20877d12c8b54f098b40297cc7558beaf7d4

    SHA512

    6b3e8eb7a1233914676bb5122cbda61625eb6995f51f226dd159610aa97631e08dd04f307cdba8ff11226f9244afa916ed55039cea13e9d4bee95fcccc38a263

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9159f5c5058fdf075ddb907d23484111

    SHA1

    2bd433e8aa2df69513520cef0cfb8b1dca200d33

    SHA256

    f9680bba95841c7733eb03384f4df62627e348eb94641ddd68ee1896980db1f3

    SHA512

    fa8a85d6bbf35dad858f7376a8cc902fbb0c96bd091d5b4e1e5cbe9974f0adddb1587c31076dfd34a1db75bb1fb9dd7dc5efc3d8c6e661db74b7e851ba76ed77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff2f3dfea92f1c922a891f766078a0a7

    SHA1

    6b9a02069384cd99f9e757130781e0af8c4b8f28

    SHA256

    49ca13dd10b8ebd6b2f0b3dc4f6cb4aef0e1832a92af898905c7a3907f36b7eb

    SHA512

    b6293fbc9b6678bdac11f177dbb26ee0027e98042c00542de1352bbf8ec08efd6a536ad985523cc539bb71f26eefb8e79cf01b8e3be7bfd406fe186c52ef6a98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    901cdee1ed965402c516ae664fff0139

    SHA1

    c34301211087d8bf2b8c93778b8407d674fbdd69

    SHA256

    f9fb9776bc68e5413ae340996e363765cbc4363665cb820d7f3bc84b30cdcc68

    SHA512

    ee6792db20a2179e8b013f35a0f67ae327781b5b5305f5c6e1115e281021990d2fe6aaa39e2a06d6ea88962ac09fb3d48316c07da0b2baf2b81bd777e3d6e077

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    205b1591d4f4e953005fda58a015a8c7

    SHA1

    1edad63ec754e0387d9bc0c09af3a9a6c56ffdf5

    SHA256

    eccadb305063442355886471650b1d58c16a360816a8738c732dd0d6b877b2dc

    SHA512

    e65b71b799afb5bb92796b8cbe1bd56f8731b4ebee93ff6c3fd5d6852d863bd834bb83cf3fafbe44afbdf802872b17f55c08f6bc9619a30184b2172a45b0cbf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ecbd6e8adcb1bcc9b616a46499713c4

    SHA1

    17c23dfc170191f38f03941bc31f0504f9a16fc6

    SHA256

    a591f72241809a75e8440e52e20a286a8f305cd0a00f65f68af4d395235ed1af

    SHA512

    dfb8652499eaf00d843964ebf5a321d9faeb0da4f17fe4a5a33e436d77bf546df4f2a328458968c66bc7424ef318d54e26c9a857a6793aa56e91e5c8cfb6e442

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    462fd0b3224ac788151756a7f192fa47

    SHA1

    3a9e3edbd6d212fc299f8126495b6fd514b4e4a1

    SHA256

    2b8e6c2dd107b247da444c7659d3dae85e37f0551ee846f164b42c64090ea1f0

    SHA512

    58da6b1a47f4225ba8d4743a5c4f87aa85c9bf632b5965bf21e80e1f88f54365ee39f4645447c0f8bbebe9f046f0e8996bd1e6982ba3d56130589dfb10852972

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92998373bacf478eda01020629f26144

    SHA1

    eb5ae0ef862acc8df9598800155a8307ba522c62

    SHA256

    eb4e9242e338c5156cb7912ffed6c1297219b21e4421041020114288fb74269f

    SHA512

    3950158512f0a15609815313079eca7cc3ab308ecc463079fa0914ae98854de8ee8e73be76e0c328038ff0af7cd93e3f1d2fef254face2f8dcb97f7d1ec7ae44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d03cad61a78a91251a256a8ff92f1ce

    SHA1

    fa57454ea32d346fd74bcdc89d7a03323b36e375

    SHA256

    8f5ca706aa83d40a7db20815dfde6d5b550b73097b1d62bbbaf1934ff91c8805

    SHA512

    7ab3d8762c2b6772cdf9108dc5b5cdad778957060b7e4f1c57614e1ae18c965f446ca26d1023b9a8bf09df51584b9601e4132c76af103a774853a3255a3d10b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66943af847f6f8f540c7d646e19ae072

    SHA1

    d6fe2cce560b0f0175e0abff239ccd542ef21236

    SHA256

    2c09fc44fdac02e7209570e168a7e67f7593706ade46c8103cfd74be2b8d2ef4

    SHA512

    49a7edc3e517168f477dd2a6ca9b7805288899afd02f02376f73d25ad57a0177d09182c4fd0732160cc948c49909ea68414e78fe88dc6fd3908d6bf42778b7a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44ee7318ffba9e27ebe4bd4b574fdfbd

    SHA1

    a2087496606a8304931a80b9241ca019bf45c854

    SHA256

    76151caae083ed26902ae8d13e1d55cb8230a3d5d5b59347a95aabb52880c488

    SHA512

    c28e35ea98f056c38305881652961aff6c4fbd6dc1da962c5fe2d29f4e0de260a1bf1946e537939f270f8400542116fcc74542ae017b933fe03ec098450cccb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65436a1d32eb72385376fa4f180dfbb4

    SHA1

    4ba8fc96951fac162bbe0df433d1a2e85d9ddc89

    SHA256

    e639dbfd926d3816f03138fd4db964b10d82ef9d13dfe4204a65e544bd7f20e5

    SHA512

    2b1227851f5547eac97293f5df4f10c34ccc5e2ecd9b567f817a3b937b655cd5a8bc13d1380a6213f21d54f31f7ce5523ba6c06432d2181af2ec4c9e44a23d9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a62b5e3519551650931202dafa23afd5

    SHA1

    62be86268892562bc9c8690013c07315ded2d810

    SHA256

    e65add3f9659126f0aff2dd0272c54b96031c531ae20d9f4d0029a4c41cca045

    SHA512

    6f55e40683cb1cb531f3850ab36fcc1024bc2b71ef99ef0d84d3384e644cafe4da19fa72e0e9b831e8b0d39ffcea8287a0a4bc23e6bac1e4512782d28386c798

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f921525bdb74916be54741de0ae1cacf

    SHA1

    c4d748ad08762c00dc080f893c412d533f17b268

    SHA256

    144c79bf498b752fec1ee586693bfaa53f109e9465cd623210a3837f0b52ceaa

    SHA512

    39fcdd7555de6f0b8f4a492c6741a50cdf140b0d3a1427e840a031d59531b31e06eb3d5f44366780406db35b4f5b3a9d09b0e174d67659f4af010fb6e107d98b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    948902b08d3500b1313bd8926285f11c

    SHA1

    33b1be3b3bab6629351392e6425758dc927b53bb

    SHA256

    94b66a3eb82e0a42006a9c62686977bb6bc389913ad2107ed140540b2d49a872

    SHA512

    d433f5a43edf3b568e5895b53a76749a14881ab67f7bac0467482f93fa43c56180fd10979f76ee2002e3489eda8824b863729b85cfa04ea0d4fa0c02e54e7d66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d558c612b37d16c60f0e2c6b7f48bdc

    SHA1

    4e52aa22f4bd40694f0fe020ea76b66e041f433a

    SHA256

    37874fb4d7e93f59d0b95ca491d9f426607c664c02c5efa205d6aa9eeb820c1a

    SHA512

    c57ee71e15530143e7082fb0310f3c8d66495dcf9ad35f1e4e6b8aa84be06d339a0af8cd791e3a2a237c5dad41c0af61ff5027111a5290b261d00f98bee6c699

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ad102ee3232667e07c084f90ab83ace

    SHA1

    99725bf42114088032c0093d676c0046e553476d

    SHA256

    fd539b6ec626c32fa4768dbc217cb0e3a4a5db7a40f355376b37eb843900a141

    SHA512

    aa1780035583f5fb8c5a2c9062d691cf752534a680443eb0560a73586adccadd9f05e0dc850da1d72fff00d07aa787e5faa8dbb77e9a753e159d296e348b8692

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    663d40bae647baf852594849f0995258

    SHA1

    775ff07a1d42c17eca714e85c9673570783d003c

    SHA256

    e14ca33f7046b11a0ef04d1c948f168c21786cfd6983472ef829836bbbc72d6e

    SHA512

    3cbc5cdcb4802936ddc1eef6691ebcd5d71eae707dba7846ccd5693dde98107407d3ea554fa212e4f0c667e2d1a3877ff02da478811954f11fde5944d45ef108

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e46a90a7a6491bf2d4853cd292e21e06

    SHA1

    50f5354889739cdbbe5764eedf1f801b0d6ae2bc

    SHA256

    198bee1e3a28f70364d3a4e474207ba98dce1e14f538699f4467b3c7dbd99708

    SHA512

    2f5b66e5ace0f058ffed37a0912a76192789f772a0d4e7363ebb1f3fba8716c8a1aa9a60886ecec299c679df73571cd565ad427dce8697a881238caa696fba51

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE590.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE5A3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Fortnite.exe
    Filesize

    114KB

    MD5

    4bd20275a3148a44bf040367a43f6fe2

    SHA1

    4faa5b6fca5f3b31b00995b4372f635b1ed3a019

    SHA256

    98efc33ad38ab3a913716402cb445a25e5e578bdd379494c0188b30028430336

    SHA512

    ba5477c92038704feea1988228b25c82107f1803a3a331ba4337ae48dcdd019b6fc9f3e7fc14ace08b6637ce85ae4ad029a6d1d60ee4daac6a82c0cc1466bc66

    Download Submit

  • C:\Users\Admin\AppData\Roaming\FortniteChecker.exe.config
    Filesize

    184B

    MD5

    13ff21470b63470978e08e4933eb8e56

    SHA1

    3fa7077272c55e85141236d90d302975e3d14b2e

    SHA256

    16286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a

    SHA512

    56d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8

    Download Submit

  • \Users\Admin\AppData\Roaming\FortniteChecker.exe
    Filesize

    83KB

    MD5

    f5d8bedb9dcc17a0a356f2f3f621971e

    SHA1

    76ed7763602cc198be87b3eb51949f54ae9c0f9b

    SHA256

    355ae598c711cf98fb78b485fe2bf351233e81d5b98ffd3c81b20470182e6ebe

    SHA512

    ee5c55a562259481199def67fba592bfa1b524fc4eaa5c9b558f6fbb9609542b0f1a915768f79662a6b7fd2f8127c013aa2fb08a249f5bba89aafad03c9e99eb

    Download Submit

  • memory/2392-48-0x000000007388E000-0x000000007388F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2392-47-0x00000000001E0000-0x0000000000202000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2392-46-0x000000007388E000-0x000000007388F000-memory.dmp

    Filesize

    4KB

    Download