Overview

overview

9

Static

static

1

CheatEngine75.exe

windows7-x64

4

CheatEngine75.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CheatEngine75.exe

  • Size

    28.6MB

  • Sample

    230731-sr3x2aha32

  • MD5

    c1b4681a48b60f4564efea5b01a969b6

  • SHA1

    91a4fdd6d61d715bb27038f6be56204a2a9f1967

  • SHA256

    5afab3f026d198ed6a6c03f72644a62ef066c320d68c124c6250d4f18f285c00

  • SHA512

    e9f8b46ba0693ee6f07266679df5bced9c070bfd6b1169e54027a3cf7bdf9bd479ac3d05b703868bfecfa0691a6e0dc32f142e4e6207818d3a4207c0ca8902ca

  • SSDEEP

    786432:pCxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFHcU:AEXFhV0KAcNjxAItjcU

Score
9/10
coreentitydiscoveryevasionpersistence

Malware Config

Targets

    • Target

      CheatEngine75.exe

    • Size

      28.6MB

    • MD5

      c1b4681a48b60f4564efea5b01a969b6

    • SHA1

      91a4fdd6d61d715bb27038f6be56204a2a9f1967

    • SHA256

      5afab3f026d198ed6a6c03f72644a62ef066c320d68c124c6250d4f18f285c00

    • SHA512

      e9f8b46ba0693ee6f07266679df5bced9c070bfd6b1169e54027a3cf7bdf9bd479ac3d05b703868bfecfa0691a6e0dc32f142e4e6207818d3a4207c0ca8902ca

    • SSDEEP

      786432:pCxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFHcU:AEXFhV0KAcNjxAItjcU

    Score
    9/10
    coreentitydiscoveryevasionpersistence

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • Creates new service(s)

      persistence

    • Downloads MZ/PE file

    • Stops running service(s)

      evasion

    • Modifies file permissions

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

File and Directory Permissions Modification

1
T1222

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks