File name:

NEW FORTNITE HACK 2022.zip

Full analysis: https://app.any.run/tasks/eb7b7769-8543-4700-a792-ad0b72ccc216
Verdict: Malicious activity
Threats:

Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links.

Malware Trends Tracker     >>>
Analysis date: February 12, 2022, 07:27:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
rat
redline
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

57BCBFA92436EC34B8B7DEDD7B7CA264

SHA1:

3B4C2DF4CD6D8EDE157A21579BC74DC4135AAE0F

SHA256:

03A0F06D399D37EFDAF180206DBE4E2F235D19C22ECFB8C73A4E0FEC50B597D8

SSDEEP:

98304:gRNlhlmpKyxG1H2dPzTPcx5/myixnxSovaw6HsUhojisWDAdkQSydKeyw:gSKC30bmnGrMUGjBWDAdkjydvyw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • New Cheats Fortnite.exe (PID: 2508)

    • Connects to CnC server

      • AppLaunch.exe (PID: 1028)

    • REDLINE was detected

      • AppLaunch.exe (PID: 1028)

    • Actions looks like stealing of personal data

      • AppLaunch.exe (PID: 1028)

    • Steals credentials from Web Browsers

      • AppLaunch.exe (PID: 1028)

  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 3792)
      • New Cheats Fortnite.exe (PID: 2508)
      • AppLaunch.exe (PID: 1028)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 3792)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3792)

    • Reads the computer name

      • WinRAR.exe (PID: 3792)
      • AppLaunch.exe (PID: 1028)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 3792)

    • Reads Environment values

      • AppLaunch.exe (PID: 1028)

    • Searches for installed software

      • AppLaunch.exe (PID: 1028)

    • Reads the cookies of Google Chrome

      • AppLaunch.exe (PID: 1028)

    • Reads the cookies of Mozilla Firefox

      • AppLaunch.exe (PID: 1028)

  • INFO

    • Checks supported languages

      • NOTEPAD.EXE (PID: 3872)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: NEW FORTNITE HACK 2022/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2022:02:07 19:47:28
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start winrar.exe new cheats fortnite.exe no specs #REDLINE applaunch.exe notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1028"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
New Cheats Fortnite.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft .NET ClickOnce Launch Utility
Exit code:
0
Version:
4.0.30319.34209 built by: FX452RTMGDR
2508"C:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\New Cheats Fortnite.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\New Cheats Fortnite.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
3792"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NEW FORTNITE HACK 2022.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
3872"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa3792.2256\ReadsThis.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
3
Text files
4
Unknown types
1

Dropped files

PID
Process
Filename
Type
3792WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\New Cheats Fortnite.exeexecutable
MD5:
SHA256:
3792WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\security\didtext
MD5:
SHA256:
3792WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3792.2256\ReadsThis.txttext
MD5:
SHA256:
3792WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\security\mace_cl_compiled_program.binbinary
MD5:
SHA256:
3792WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\images\PrintJob.prnzjs
MD5:
SHA256:
3792WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\ReadsThis.txttext
MD5:
SHA256:
3792WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\images\Newtonsoft.Json.dllexecutable
MD5:1F478E39A4C06EA7C6DCE92238F23EC1
SHA256:B9B4E633EA6C728BAD5F7CBBEF7F8B842F7E10181731DBE5EC3CD995A6F60287
3792WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\config\Serilog.dllexecutable
MD5:181F3E3D0C509566283156816EB317CA
SHA256:DB0A4C4A21A1BA0937D1C22095C2B0702422EFD4C7A41AAA577608288A2E69FC
3792WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\security\dctptext
MD5:B026324C6904B2A9CB4B88D6D61C81D1
SHA256:4355A46B19D348DC2F57C046F8EF63D4538EBB936000F3C9EE954A27460DD865
3792WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3792.1540\NEW FORTNITE HACK 2022\NEW FORTNITE HACK 2022\updaterbinary
MD5:A1A4535CBF26C5DFE313E981177ABB61
SHA256:AE0882A22FFABC175605E1F686F5141889A5B15CF480FA21C65B86017D2F0A16
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
0
Threats
5

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1028
AppLaunch.exe
185.215.113.39:34737
Ebonyhorizon Telecomunicacoes S.A.
PT
malicious

DNS requests

No data

Threats

Found threats are available for the paid subscriptions
5 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NEW FORTNITE HACK 2022.zip