Analysis
-
max time kernel
62s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20250502-en -
resource tags
arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2025, 17:04
Static task
static1
Behavioral task
behavioral1
Sample
FortniteBurger_v2.exe
Resource
win10v2004-20250502-en
General
-
Target
FortniteBurger_v2.exe
-
Size
12.1MB
-
MD5
e1727f481fd66463ed281daaeeaf675b
-
SHA1
641e44acf38b4272f2d37a824c9764fe1310b3fc
-
SHA256
7ab735a88ae95c23810f69d18ee078a19de1894d3beb1e2a512e0688d21c43bc
-
SHA512
23504a336dff888eeb9fd84d85dcf7ee434c41db8eec701473f06df06a62683a947d836b81f7a8de923b682cac769a2566870392ae5b834b9a48cb20e35e95e8
-
SSDEEP
98304:6ls29qm/Y3mDDDy/WTAjM7iHbaldePP84H+4jcFYT1iJFz8tgPv:6lZA3mDDDy/WTALOg8o+9qpiJFz8tgv
Malware Config
Signatures
-
Detect ZGRat V2 1 IoCs
resource yara_rule behavioral1/files/0x00070000000240c5-60.dat family_zgrat_v2 -
Zgrat family
-
Executes dropped EXE 2 IoCs
pid Process 1984 FortniteBurger_v2.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe -
Loads dropped DLL 6 IoCs
pid Process 3076 FortniteBurger_v2.exe 3076 FortniteBurger_v2.exe 1984 FortniteBurger_v2.exe 1984 FortniteBurger_v2.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 25 raw.githubusercontent.com 26 raw.githubusercontent.com 28 raw.githubusercontent.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
pid Process 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1232 96ab9148f91b44159cbc68fb0fbc2559.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe -
Suspicious use of SendNotifyMessage 4 IoCs
pid Process 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe 1232 96ab9148f91b44159cbc68fb0fbc2559.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3076 wrote to memory of 1984 3076 FortniteBurger_v2.exe 88 PID 3076 wrote to memory of 1984 3076 FortniteBurger_v2.exe 88 PID 1984 wrote to memory of 1232 1984 FortniteBurger_v2.exe 89 PID 1984 wrote to memory of 1232 1984 FortniteBurger_v2.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\FortniteBurger_v2.exe"C:\Users\Admin\AppData\Local\Temp\FortniteBurger_v2.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3076 -
C:\Users\Admin\AppData\Local\FortniteBurger2\Run\FortniteBurger_v2.exe"C:\Users\Admin\AppData\Local\FortniteBurger2\Run\FortniteBurger_v2.exe" --continue2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Users\Admin\AppData\Local\FortniteBurger2\Run\96ab9148f91b44159cbc68fb0fbc2559.exe"C:\Users\Admin\AppData\Local\FortniteBurger2\Run\96ab9148f91b44159cbc68fb0fbc2559.exe" --continue3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1232
-
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
926KB
MD5a8a705381e73bc7beba7532818e2767b
SHA1386b8e6b4dae114414ba91e44c346275864ae6b6
SHA256796242d7cddd0c96e1c05f93406ec5c84d80033b97b4e02da5526a98fb9c0808
SHA5127645e7e642c48c19e73c84f2bcdd5b1ad6f29f280369baa26363a217a0dd9bd6db890e73a166fc1a66983b210a32b94971c22301605ce04e7e52f476b80d793c
-
Filesize
12.1MB
MD5392c3929eea08dd2474e6caaaae3477c
SHA11b19aa2f3ac9bbcd67820eb9b4e729659e09287b
SHA256d9043984c8772025f8c5c0a27c3d9973ae93b8e3d9474fe6f75f8f7aa0eecbc2
SHA512fe02a7e550f88be30c4b2145a28c2e2acb20ab4715df95f3df8b50a85fab1e77d826f8d8fcaa8cb6c276c5057ab8329329088c240966c57ce634bfaabc146f16
-
Filesize
12.1MB
MD5e1727f481fd66463ed281daaeeaf675b
SHA1641e44acf38b4272f2d37a824c9764fe1310b3fc
SHA2567ab735a88ae95c23810f69d18ee078a19de1894d3beb1e2a512e0688d21c43bc
SHA51223504a336dff888eeb9fd84d85dcf7ee434c41db8eec701473f06df06a62683a947d836b81f7a8de923b682cac769a2566870392ae5b834b9a48cb20e35e95e8
-
C:\Users\Admin\AppData\Local\Temp\.net\FortniteBurger_v2\jG4I8EjH2Uht_bQwKhDNlmHg04VYWFo=\svchost.dll
Filesize522KB
MD5d34da837298440c94597fc11e35d8eac
SHA1074c8a4eebaff81019bce8eb5f25efdc54d7400c
SHA256e0b0c4da536b40be97aa04da748bc64b28c19ef7898f053c8e9f07db9fd7559a
SHA512bdf5ce3e07118773aaa7d6ff75ac3c5e71263e612da3c691d25d225f66a16fd8f8089d41a466e04e5677b1288ee4b1719eb200f5ed5c5c1dc05c49a59561b501