General
-
Target
CheatEngine75.exe
-
Size
28.6MB
-
Sample
230830-pbry2sed4s
-
MD5
28a85ba5396fcfa8a5f794f04dce35e4
-
SHA1
c730d730e167d68a41a8382823c181ff9a75a891
-
SHA256
d77fbaa35585f25de3f492e4e3d0bfa6f0f73b053fd6a64058766fef75eca04e
-
SHA512
9aa41988b028689ed848ab18bfbc8957d139ccdbd452cda2fa9f0a7a5fb7b73751e0006a0f7830eac43127d9042fff9deb9041f3a3076a1f397e4b7bbd9019f9
-
SSDEEP
786432:4CxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFHOP:dEXFhV0KAcNjxAItjOP
Static task
static1
Behavioral task
behavioral1
Sample
CheatEngine75.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
CheatEngine75.exe
-
Size
28.6MB
-
MD5
28a85ba5396fcfa8a5f794f04dce35e4
-
SHA1
c730d730e167d68a41a8382823c181ff9a75a891
-
SHA256
d77fbaa35585f25de3f492e4e3d0bfa6f0f73b053fd6a64058766fef75eca04e
-
SHA512
9aa41988b028689ed848ab18bfbc8957d139ccdbd452cda2fa9f0a7a5fb7b73751e0006a0f7830eac43127d9042fff9deb9041f3a3076a1f397e4b7bbd9019f9
-
SSDEEP
786432:4CxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFHOP:dEXFhV0KAcNjxAItjOP
-
Cobalt Strike reflective loader
Detects the reflective loader used by Cobalt Strike.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Stops running service(s)
-
Modifies file permissions
-
Checks for any installed AV software in registry
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1File and Directory Permissions Modification
1Subvert Trust Controls
1Install Root Certificate
1Modify Registry
1