Overview

overview

10

Static

static

ShadowCheats.exe

windows7-x64

10

ShadowCheats.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ShadowCheats.exe

  • Size

    2.1MB

  • Sample

    220912-qjb38sdcg2

  • MD5

    0022f8fd52070175421f5b8066cbc73f

  • SHA1

    c85a4f4dd0b6087366acdf91b17202fc74af0ae5

  • SHA256

    1a1dabee38811680368e59ba0c985a6623e8c3543dd3ab6bf59769a09d367343

  • SHA512

    03a1e1d57fd0af5a7f23c8219dd7377665454a4d57183ae7c4e3412a4a0d4cc0369a71b68d17d4c969c3e3c2b4288e7022b4cad08f82a26a881bf9428b6df7cb

  • SSDEEP

    49152:1fpAZvV8ftzlwxdjeX/M/cbSDnQPJXMCez6gtmB:1RAZvVAwxdS6QPJZez6K

Score
10/10
evasion

Malware Config

Targets

    • Target

      ShadowCheats.exe

    • Size

      2.1MB

    • MD5

      0022f8fd52070175421f5b8066cbc73f

    • SHA1

      c85a4f4dd0b6087366acdf91b17202fc74af0ae5

    • SHA256

      1a1dabee38811680368e59ba0c985a6623e8c3543dd3ab6bf59769a09d367343

    • SHA512

      03a1e1d57fd0af5a7f23c8219dd7377665454a4d57183ae7c4e3412a4a0d4cc0369a71b68d17d4c969c3e3c2b4288e7022b4cad08f82a26a881bf9428b6df7cb

    • SSDEEP

      49152:1fpAZvV8ftzlwxdjeX/M/cbSDnQPJXMCez6gtmB:1RAZvVAwxdS6QPJZez6K

    Score
    10/10
    evasion

    • Modifies security service

      evasion

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Stops running service(s)

      evasion

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks