Overview
overview
10Static
static
10Generatork...ee.exe
windows7-x64
10Generatork...ee.exe
windows10-2004-x64
10Generatork...fig.js
windows7-x64
3Generatork...fig.js
windows10-2004-x64
3Generatork...aft.js
windows7-x64
3Generatork...aft.js
windows10-2004-x64
3Generatork...der.js
windows7-x64
3Generatork...der.js
windows10-2004-x64
3Generatork...der.js
windows7-x64
3Generatork...der.js
windows10-2004-x64
3Generatork...der.js
windows7-x64
3Generatork...der.js
windows10-2004-x64
3Generatork...ter.js
windows7-x64
3Generatork...ter.js
windows10-2004-x64
3Generatork...der.js
windows7-x64
3Generatork...der.js
windows10-2004-x64
3Generatork...der.js
windows7-x64
3Generatork...der.js
windows10-2004-x64
3Generatork...der.js
windows7-x64
3Generatork...der.js
windows10-2004-x64
3Generatork...der.js
windows7-x64
3Generatork...der.js
windows10-2004-x64
3Generatork...ons.js
windows7-x64
3Generatork...ons.js
windows10-2004-x64
3Generatork...nds.js
windows7-x64
3Generatork...nds.js
windows10-2004-x64
3Generatork...log.js
windows7-x64
3Generatork...log.js
windows10-2004-x64
3Generatork...bug.js
windows7-x64
3Generatork...bug.js
windows10-2004-x64
3Generatork...dex.js
windows7-x64
3Generatork...dex.js
windows10-2004-x64
3Analysis
-
max time kernel
91s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
18-02-2025 15:29
Behavioral task
behavioral1
Sample
GeneratorkontFortnite/FortniteGeneratorKontFree.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
GeneratorkontFortnite/FortniteGeneratorKontFree.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
GeneratorkontFortnite/config/scripts/config.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
GeneratorkontFortnite/config/scripts/config.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
GeneratorkontFortnite/config/scripts/library/Minecraft.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral6
Sample
GeneratorkontFortnite/config/scripts/library/Minecraft.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
GeneratorkontFortnite/config/scripts/library/classes/blockBuilder.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral8
Sample
GeneratorkontFortnite/config/scripts/library/classes/blockBuilder.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
GeneratorkontFortnite/config/scripts/library/classes/commandBuilder.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral10
Sample
GeneratorkontFortnite/config/scripts/library/classes/commandBuilder.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
GeneratorkontFortnite/config/scripts/library/classes/databaseBuilder.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral12
Sample
GeneratorkontFortnite/config/scripts/library/classes/databaseBuilder.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
GeneratorkontFortnite/config/scripts/library/classes/eventEmitter.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral14
Sample
GeneratorkontFortnite/config/scripts/library/classes/eventEmitter.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
GeneratorkontFortnite/config/scripts/library/classes/playerBuilder.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral16
Sample
GeneratorkontFortnite/config/scripts/library/classes/playerBuilder.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
GeneratorkontFortnite/config/scripts/library/classes/serverBuilder.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral18
Sample
GeneratorkontFortnite/config/scripts/library/classes/serverBuilder.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
GeneratorkontFortnite/config/scripts/library/classes/structureBuilder.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral20
Sample
GeneratorkontFortnite/config/scripts/library/classes/structureBuilder.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
GeneratorkontFortnite/config/scripts/library/classes/uiFormBuilder.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral22
Sample
GeneratorkontFortnite/config/scripts/library/classes/uiFormBuilder.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
GeneratorkontFortnite/config/scripts/library/configurations.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral24
Sample
GeneratorkontFortnite/config/scripts/library/configurations.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
GeneratorkontFortnite/config/scripts/library/utils/bounds.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral26
Sample
GeneratorkontFortnite/config/scripts/library/utils/bounds.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
GeneratorkontFortnite/config/scripts/library/utils/contentlog.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral28
Sample
GeneratorkontFortnite/config/scripts/library/utils/contentlog.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
GeneratorkontFortnite/config/scripts/library/utils/debug.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral30
Sample
GeneratorkontFortnite/config/scripts/library/utils/debug.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
GeneratorkontFortnite/config/scripts/library/utils/index.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral32
Sample
GeneratorkontFortnite/config/scripts/library/utils/index.js
Resource
win10v2004-20250217-en
windows10-2004-x64
General
-
Target
GeneratorkontFortnite/FortniteGeneratorKontFree.exe
-
Size
229KB
-
MD5
e832bd1f241d7756833ae95396a59a7f
-
SHA1
e7d019edd30c7734dab54581370b6d2eda9fff2f
-
SHA256
3b6c7693f2f8ee8e86b6f6e983e0c0973fe70ebbcff638361710e335256f350f
-
SHA512
1e0d2969528956c95e008acddaccbe729c6fa4042d6d4ed778bfe3629030ba6f77a18f547217e1c878e2f6ccb95ba3260b2be8cd9fc662ae193fd9046ffa92af
-
SSDEEP
6144:VloZM+rIkd8g+EtXHkv/iD4J1A9hv0IHq2PxM4dE1b8e1mvzi:3oZtL+EP8J1A9hv0IHq2PxM4dkd
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule behavioral2/memory/2940-1-0x000001DF86290000-0x000001DF862D0000-memory.dmp family_umbral -
Umbral family
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 23 ip-api.com -
Suspicious use of AdjustPrivilegeToken 43 IoCs
description pid Process Token: SeDebugPrivilege 2940 FortniteGeneratorKontFree.exe Token: SeIncreaseQuotaPrivilege 1180 wmic.exe Token: SeSecurityPrivilege 1180 wmic.exe Token: SeTakeOwnershipPrivilege 1180 wmic.exe Token: SeLoadDriverPrivilege 1180 wmic.exe Token: SeSystemProfilePrivilege 1180 wmic.exe Token: SeSystemtimePrivilege 1180 wmic.exe Token: SeProfSingleProcessPrivilege 1180 wmic.exe Token: SeIncBasePriorityPrivilege 1180 wmic.exe Token: SeCreatePagefilePrivilege 1180 wmic.exe Token: SeBackupPrivilege 1180 wmic.exe Token: SeRestorePrivilege 1180 wmic.exe Token: SeShutdownPrivilege 1180 wmic.exe Token: SeDebugPrivilege 1180 wmic.exe Token: SeSystemEnvironmentPrivilege 1180 wmic.exe Token: SeRemoteShutdownPrivilege 1180 wmic.exe Token: SeUndockPrivilege 1180 wmic.exe Token: SeManageVolumePrivilege 1180 wmic.exe Token: 33 1180 wmic.exe Token: 34 1180 wmic.exe Token: 35 1180 wmic.exe Token: 36 1180 wmic.exe Token: SeIncreaseQuotaPrivilege 1180 wmic.exe Token: SeSecurityPrivilege 1180 wmic.exe Token: SeTakeOwnershipPrivilege 1180 wmic.exe Token: SeLoadDriverPrivilege 1180 wmic.exe Token: SeSystemProfilePrivilege 1180 wmic.exe Token: SeSystemtimePrivilege 1180 wmic.exe Token: SeProfSingleProcessPrivilege 1180 wmic.exe Token: SeIncBasePriorityPrivilege 1180 wmic.exe Token: SeCreatePagefilePrivilege 1180 wmic.exe Token: SeBackupPrivilege 1180 wmic.exe Token: SeRestorePrivilege 1180 wmic.exe Token: SeShutdownPrivilege 1180 wmic.exe Token: SeDebugPrivilege 1180 wmic.exe Token: SeSystemEnvironmentPrivilege 1180 wmic.exe Token: SeRemoteShutdownPrivilege 1180 wmic.exe Token: SeUndockPrivilege 1180 wmic.exe Token: SeManageVolumePrivilege 1180 wmic.exe Token: 33 1180 wmic.exe Token: 34 1180 wmic.exe Token: 35 1180 wmic.exe Token: 36 1180 wmic.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2940 wrote to memory of 1180 2940 FortniteGeneratorKontFree.exe 86 PID 2940 wrote to memory of 1180 2940 FortniteGeneratorKontFree.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\GeneratorkontFortnite\FortniteGeneratorKontFree.exe"C:\Users\Admin\AppData\Local\Temp\GeneratorkontFortnite\FortniteGeneratorKontFree.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2940 -
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" csproduct get uuid2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1180
-