Overview

overview

10

Static

static

10

Generatork...ee.exe

windows7-x64

10

Generatork...ee.exe

windows10-2004-x64

10

Generatork...fig.js

windows7-x64

3

Generatork...fig.js

windows10-2004-x64

3

Generatork...aft.js

windows7-x64

3

Generatork...aft.js

windows10-2004-x64

3

Generatork...der.js

windows7-x64

3

Generatork...der.js

windows10-2004-x64

3

Generatork...der.js

windows7-x64

3

Generatork...der.js

windows10-2004-x64

3

Generatork...der.js

windows7-x64

3

Generatork...der.js

windows10-2004-x64

3

Generatork...ter.js

windows7-x64

3

Generatork...ter.js

windows10-2004-x64

3

Generatork...der.js

windows7-x64

3

Generatork...der.js

windows10-2004-x64

3

Generatork...der.js

windows7-x64

3

Generatork...der.js

windows10-2004-x64

3

Generatork...der.js

windows7-x64

3

Generatork...der.js

windows10-2004-x64

3

Generatork...der.js

windows7-x64

3

Generatork...der.js

windows10-2004-x64

3

Generatork...ons.js

windows7-x64

3

Generatork...ons.js

windows10-2004-x64

3

Generatork...nds.js

windows7-x64

3

Generatork...nds.js

windows10-2004-x64

3

Generatork...log.js

windows7-x64

3

Generatork...log.js

windows10-2004-x64

3

Generatork...bug.js

windows7-x64

3

Generatork...bug.js

windows10-2004-x64

3

Generatork...dex.js

windows7-x64

3

Generatork...dex.js

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-02-2025 15:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GeneratorkontFortnite/FortniteGeneratorKontFree.exe

  • Size

    229KB

  • MD5

    e832bd1f241d7756833ae95396a59a7f

  • SHA1

    e7d019edd30c7734dab54581370b6d2eda9fff2f

  • SHA256

    3b6c7693f2f8ee8e86b6f6e983e0c0973fe70ebbcff638361710e335256f350f

  • SHA512

    1e0d2969528956c95e008acddaccbe729c6fa4042d6d4ed778bfe3629030ba6f77a18f547217e1c878e2f6ccb95ba3260b2be8cd9fc662ae193fd9046ffa92af

  • SSDEEP

    6144:VloZM+rIkd8g+EtXHkv/iD4J1A9hv0IHq2PxM4dE1b8e1mvzi:3oZtL+EP8J1A9hv0IHq2PxM4dkd

Score
10/10
umbralstealer

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Umbral family
    umbral
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 41 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GeneratorkontFortnite\FortniteGeneratorKontFree.exe
    "C:\Users\Admin\AppData\Local\Temp\GeneratorkontFortnite\FortniteGeneratorKontFree.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" csproduct get uuid
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2868-0-0x000007FEF5A53000-0x000007FEF5A54000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2868-1-0x00000000009D0000-0x0000000000A10000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2868-2-0x000007FEF5A50000-0x000007FEF643C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2868-3-0x000007FEF5A53000-0x000007FEF5A54000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2868-4-0x000007FEF5A50000-0x000007FEF643C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2868-5-0x000007FEF5A50000-0x000007FEF643C000-memory.dmp

    Filesize

    9.9MB

    Download