e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

CheatEngine75.exe

windows10-2004-x64

8

Sharing

General

Target

CheatEngine75.exe
Size

3.1MB
Sample

230610-mhx3jaeg49
MD5

609fea742d34dc1d53f0eeb4873b1a0a
SHA1

3232c52da3cb8f47a870162a35cdd75fcae60aea
SHA256

e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e
SHA512

27da89901268d153fd7158162fc8f2f3b99ec9a4aa24c281f93b500466552af776b00f0a33182386a62934c3e553561cbc23d3f5ebb0ea0366c04e046e1bcc90
SSDEEP

98304:wSiW4opH4opH4op4U9tNz9RGa/xlbLP/h4:ZDBDBD1t3Hbb+

Score

8^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

CheatEngine75.exe

Resource

win10v2004-20230220-en

bootkit discovery evasion persistence

windows10-2004-x64

21 signatures

600 seconds

Malware Config

Targets

- Target
  
  CheatEngine75.exe
- Size
  
  3.1MB
- MD5
  
  609fea742d34dc1d53f0eeb4873b1a0a
- SHA1
  
  3232c52da3cb8f47a870162a35cdd75fcae60aea
- SHA256
  
  e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e
- SHA512
  
  27da89901268d153fd7158162fc8f2f3b99ec9a4aa24c281f93b500466552af776b00f0a33182386a62934c3e553561cbc23d3f5ebb0ea0366c04e046e1bcc90
- SSDEEP
  
  98304:wSiW4opH4opH4op4U9tNz9RGa/xlbLP/h4:ZDBDBD1t3Hbb+
Score

8^/10

bootkit discovery evasion persistence
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- Modifies file permissions
  discovery
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Bootkit

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

File Permissions Modification

Install Root Certificate

Modify Registry

Credential Access

Discovery

Security Software Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

© 2018-2024

Terms | Privacy