Overview

overview

8

Static

static

3

Cheat Engine.exe

windows11-21h2-x64

8

Runtime Modifier.exe

windows11-21h2-x64

1

autorun/Do...ct.lua

windows11-21h2-x64

3

autorun/ce...ts.ps1

windows11-21h2-x64

1

autorun/ce...up.xml

windows11-21h2-x64

1

autorun/ce...ns.xml

windows11-21h2-x64

1

autorun/fo...or.xml

windows11-21h2-x64

1

autorun/java.js

windows11-21h2-x64

1

autorun/mo...can.js

windows11-21h2-x64

1

autorun/monoscript.js

windows11-21h2-x64

1

autorun/patchscan.js

windows11-21h2-x64

1

autorun/pseudocode.js

windows11-21h2-x64

1

autorun/ps...ram.js

windows11-21h2-x64

1

autorun/sa...ion.js

windows11-21h2-x64

1

autorun/ultimap2.js

windows11-21h2-x64

1

autorun/ve...eck.js

windows11-21h2-x64

1

buildsigs.bat

windows11-21h2-x64

1

cheatengine-i386.exe

windows11-21h2-x64

5

cheatengin...64.exe

windows11-21h2-x64

5

packfiles.bat

windows11-21h2-x64

1

rt-mod-regreset.exe

windows11-21h2-x64

1

win32/symsrv.yes

windows11-21h2-x64

3

win64/symsrv.yes

windows11-21h2-x64

3

windowsrepair.exe

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    release.zip

  • Size

    30.6MB

  • Sample

    240301-3gkzksfc45

  • MD5

    f71ca4f8268e24dec4e299db416dbf6b

  • SHA1

    b1916c18df1d212ed1f64a6d2f47580d17f740cc

  • SHA256

    7f14d25a6d20a0f6658ec977e4751e2c951ede27f5b4d5c5f3d469b131d8e008

  • SHA512

    f6121f2b1e0c427b94c20942e373404d8af57cd7917e7a81833295f1d9e9e24b5c9406daaa8968d3d74fb8c150d98530a98815c2ccec6098af840851f44f2813

  • SSDEEP

    786432:RpGOui5Dy/JTng18klTU/VSAsuDdwTiveQw8pnID/Bodp5FTt:R1UNng18M5uDd4ihGDpodht

Score
8/10

Malware Config

Targets

    • Target

      Cheat Engine.exe

    • Size

      371KB

    • MD5

      ea1a9d53dab1e72847b024a22d372d62

    • SHA1

      558271c71a9df6da04f87564cf34e854abdf25c9

    • SHA256

      8bc19af09574a0cc32c58b4e9ab4d3a496eb48465a226a97be32aaf6ade4901a

    • SHA512

      5ad2a9a45a0b12e02556514cd3208a8226314179eed5aa4f72d909edac1babe86f933a20a504839f01a6a9361dd7f49133804382742782ab9a5c38da50edc595

    • SSDEEP

      6144:Cl010wHB5zP3sHFQJZBuMLI/NCVpdIAkttAqgmMk044tmZ8B+gugEkkoSE5f:2010wHrzPcHFQjL2CVpGzJ+44EZ8B+gd

    Score
    8/10

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Drops file in System32 directory

    behavioral1

    • Target

      Runtime Modifier.exe

    • Size

      371KB

    • MD5

      0e42c979c80f0cf4c67719e38b0c28a8

    • SHA1

      6957b89f7f59da74f47a4804f4fa8047783bf779

    • SHA256

      a294ba0d140095eafa3532ece42805d9fdd040bf153b9a5244a11a59b05f396c

    • SHA512

      15430501caa39e53d49510912810fade8395b9876aa38ec3f12dc990b2d6208d0755b044c7893f2bb01469a994807b6cdad377d0846e2045305b51aea9857d4c

    • SSDEEP

      6144:dl010wHB5b/vsC1Qi7Ywucuo/YClp5IGNNQ8MclowU44Df80ggugEkkoSE5f:D010wHrb/kC1fzTujClp555nowU44DfB

    Score
    1/10
    behavioral2

    • Target

      autorun/DotNetInject.lua

    • Size

      7KB

    • MD5

      b5ae011c70c1d26cc31a5d818d60e53c

    • SHA1

      7be6ad86fcc9208d6f21b9f1d464b6334e64922b

    • SHA256

      31ed4209776dbfad74ec811326439d26c02b6ab653056d5e171d952c12d3f25b

    • SHA512

      440b1afc72d671d8aa663b6672371ac365029525ee055cf380a9c9c84625fd5fa2b328110633a183f87cecf8d1d2cacb62e49a7eb382b30aaa75da5b3d2f3054

    • SSDEEP

      192:zuiTTPEYya1gq5jfFEYQhRIA03xB97cq1fvhEN:ztTzyapKRiG

    Score
    3/10
    behavioral3

    • Target

      autorun/ceshare/forms/BrowseCheats.FRM

    • Size

      8KB

    • MD5

      d4f5fe5a2f5feeb3d97b2fdf4ae7e6bc

    • SHA1

      eef59c5a8aacd86f993e2bb3f8e5892817a9f7eb

    • SHA256

      9cb25c63ab41be2ba3984df20686dd27bf937e029ebfaa56ebe88bac6dfc53b6

    • SHA512

      b00e9467a5203b04a958a69b20152ad5907e5337a43e3ff8f9209a01d7874dd477bb8596e93b3acaf7354ee7ce76e742f4a72f598473a9c8cc36bbdbb240bb43

    • SSDEEP

      192:bmmNyxgIf4EwW+rLEUeD0qdYKjj4vxs78t+ojoFv3VU:bmniIf4ERWrPM+O8zjoFv3VU

    Score
    1/10
    behavioral4

    • Target

      autorun/ceshare/forms/InitialSetup.FRM

    • Size

      1KB

    • MD5

      23cc858da49a7bda9e9fe3abf8d86d1d

    • SHA1

      9d869496104acfff0c5cb572628085666dc53486

    • SHA256

      d5786540891c411bc34a5505a6cee0e747df2e5cd410abfeb94e6d4169c85069

    • SHA512

      b5650ab1ae463f97f5681dd3fdff7015c963703a7437ac5f71a158f3e0bdc045e69151897d0ec75aa9dd4ccac5475e6e492ce46a296bcab8c4c329720e3c002a

    Score
    1/10
    behavioral5

    • Target

      autorun/ceshare/forms/Permissions.FRM

    • Size

      1KB

    • MD5

      7ffd1e1b425636cfa08cda89429c69a6

    • SHA1

      ec6a75fca2bc4f2e8cb7ab9644d1bedb1d686221

    • SHA256

      44e9bc08a3f919da8689c4703e77324568f3902e95f8f3f92ccf234bcf7bf649

    • SHA512

      dba72b7a8f1a3d72101e4f735e0cea1be8e72236a81e6fc2ce18e7f93715b5c1f21aa384790c7e0097a23aeb6d52e954ce7c7adf7c6189a855dcd6fadade7c9b

    Score
    1/10
    behavioral6

    • Target

      autorun/forms/MonoDataCollector.frm

    • Size

      1KB

    • MD5

      03d4dd46084bcbe16a39d72ba22e5446

    • SHA1

      ba414e6ba6cd5503baba82a7a96272d850cb9cd1

    • SHA256

      4f254bbc897ad0e165986d18577e0a04fd31c93cca542a0999fa0093edc5bc61

    • SHA512

      b37cf277443f3d4d9c8207e17ef146fabe003402750f812c27369210c79e43baf45fb49ac2b370d2b1b1077912c9b9a9ea4aa4f7d5166b9fa1a152384902e19d

    Score
    1/10
    behavioral7

    • Target

      autorun/java.lua

    • Size

      84KB

    • MD5

      ba03de9495fb51e37d133df5b2253085

    • SHA1

      2444cbe61869f7da300455b4bc55d2c1c1b2ac26

    • SHA256

      24281af45e46678a8a669a822f9eeddc490aadcc9f4dce6cfb21d639f270e671

    • SHA512

      b89e2cb7e647f9ec1e7728312bfdb9ce33f3621ac8e3db8b195407b87bab67390ed22fecd19c7f3c89cb08396fec1c25ccca6d6d6d2686fc078e9ab2a8bda16c

    • SSDEEP

      1536:JiRtmZhlpsM/bMWohLZWM0h5G87N6F7MCjLmQ3cRCJdGwLDxIB8BFC+N/0ENjokk:JiRtmZhlpsMFM0q87efmQsYBFC+N/0Ms

    Score
    1/10
    behavioral8

    • Target

      autorun/modulelistscan.lua

    • Size

      2KB

    • MD5

      ca347def8a682d2adf951c4ecbabd948

    • SHA1

      c65bbc8a5106e9ace9ddc450ec3a5f637704fa62

    • SHA256

      1f11078b143b92612822f3dfc09d93778471198f203694c8fc911e249fbbc557

    • SHA512

      9f7a08822d9357af72a27707c17fc0d3ec03e72333d88e2ba8e2be95eab7ba9c1b33ea3e2e20d734c382f4732f77443d3aa9c189667a74195987f5db486e2651

    Score
    1/10
    behavioral9

    • Target

      autorun/monoscript.lua

    • Size

      147KB

    • MD5

      e5278e0e7e4365a465aef701afa9a49d

    • SHA1

      4089117518bcb81fd338585ba80366a812369da1

    • SHA256

      4d18b505eff3eb40888f245fd40009d016d04247a9c9596d3131e7cefb56714d

    • SHA512

      da76d8d346f74400b3f6b3371da7e310089cb65b25c3506a1c2d7b78ae9a91e8f43ab757a834810a6165613e4900fec52dfeb5eb3e5732a5e2d680eb451139a5

    • SSDEEP

      1536:ksN6psUYrcJtSix+3QYdHBo6pk6IP3CqvEr36nDZ:2wbiYNNBNu

    Score
    1/10
    behavioral10

    • Target

      autorun/patchscan.lua

    • Size

      17KB

    • MD5

      f2896031568f43a7e4a7529a16f4ea12

    • SHA1

      a24b17aec47fb290ee29bfc01c7386b85827d14e

    • SHA256

      0714bd0f908345d7588a09c856746d76861ce4eb3571692babc1bce2d35a57aa

    • SHA512

      b4f9ebb1e8375045269ff11fe2b6aec3c31e64ab89cddbff1d26451db3426ae841e28d184539959f84248cf101854f47e8f3497ba8414460abcac3c0d66248b3

    • SSDEEP

      192:02/2WiurcwWJsFH1bukLWmHwt/5B9ndDiC4fVAslnlKQ8gLIeHkSD//TVxVkB8CZ:HtWIBugO8ieHkSDnTVTnC8i+lLQC/6

    Score
    1/10
    behavioral11

    • Target

      autorun/pseudocode.lua

    • Size

      7KB

    • MD5

      2be703bf1ff1ea4dd6d1eff673367e48

    • SHA1

      13c122cfd7eb38d298fa91f3d6021f025578b508

    • SHA256

      6704bef60f60f85e76aa19b96a43aca74c4aa8905b4033a20c24b75171b33d0a

    • SHA512

      e1fc1c55574f5fecef535734a23db9738d4c5762e085dea721f9cd7f5f9f364dd1428f669f26149f1e49414f38a4c00bc7fd4f5e1a5c03a0e53b24c859b25c5e

    • SSDEEP

      192:K9yd/VQilJ6HLwxxKF9Znu8KX+qNdYSnatJoqVSQPFLqJ4:K0VPlJMgNdYSnatmqVSQPFLc4

    Score
    1/10
    behavioral12

    • Target

      autorun/pseudocodediagram.lua

    • Size

      58KB

    • MD5

      08011ddf131669d05e0b2bb65c7be1ae

    • SHA1

      5a8bcf5d1bc8bf57338d006e089405d3feb65783

    • SHA256

      e1f875083e13f376979eb358852d1172e93ff986127ca4334d12836ff077c23c

    • SHA512

      d5ea901a9c598f9e9e523239dce922b102d55fc7d2e8c10e0811addff2f8a1689c6480932222eae690644b1eec07b7a3642b633f517b0d511b224fec25585775

    • SSDEEP

      1536:SDN5O8ZQVIVPW3R89MvhbxjGkT8g4Ahj26:SDN5OKPW3W9MvhbxjH+D6

    Score
    1/10
    behavioral13

    • Target

      autorun/savesession.lua

    • Size

      8KB

    • MD5

      18d66678d7078c907fddb5cc4e16e94e

    • SHA1

      681dc425c522d1a87588e224980f539de791f2c2

    • SHA256

      d99600bd2a0e754423499c963953fbf16b5ff9cecadc44f1332733f08f3d3f6e

    • SHA512

      d22c18c47d93c12ed60bf704c590af3fe7d7d0bcc49b77939f18424f2d15241c084f7288ac1695f22ea97de1c6605351daaf98fb86a6d4269adae2c78642ba10

    • SSDEEP

      192:b4QnfODIk5ktS+Xp7SjCjL6jSCXNB3mtS+jwKtwTZX:bwDIAoL6jfMbtwX

    Score
    1/10
    behavioral14

    • Target

      autorun/ultimap2.lua

    • Size

      17KB

    • MD5

      0343d5d130e8522727b70aeebbedd02e

    • SHA1

      31943fe25fbaf4d16ee57eea2f586e2faeb8418c

    • SHA256

      5bfb455e45d51daa6836ef423a37e5848149da96e87baa2d770c4869cbf124ad

    • SHA512

      2ff7edc150c0b6d5090ab477b53f0ee4b4e83eec2e3b6c3d1430470b8b7c0811f857e73b311568fbd99fc96d731c5e38b3a35e59c90a41b13e4b82250e752c16

    • SSDEEP

      192:9IigIDxb/3+gDrWSvBtE1Dmn0ouVL+rMpDmxmleNyoJzuWSvxL/HYUb:asCcwVL4MtU2OcxDV

    Score
    1/10
    behavioral15

    • Target

      autorun/versioncheck.lua

    • Size

      7KB

    • MD5

      d609ea53ad996e63300e703ed98eab08

    • SHA1

      8e19906c32bee40e9a24cb82ab57d109ae11e038

    • SHA256

      e0c48c9033c52f77ad7b1df44e2bb81c2fef868ce08d46054723bc8441f0c742

    • SHA512

      cc85857d449f507477a12cb7d5be31288baecb3b41bd760ebf1bad289771cc7eaaf608b74e421eda948d0b45e02a6fc188474c0e926eae20510c77d2af8890a6

    • SSDEEP

      192:J+/R0h8p0wyUYCCTLysSUDfH0HwjOtHdqFB2i6uMPV:LWBUDU9Er4V

    Score
    1/10
    behavioral16

    • Target

      buildsigs.bat

    • Size

      228B

    • MD5

      dc3119b4e011d09c240fc78b18b2dd52

    • SHA1

      51a75928434d66cb1c6cdcaea1c27951881f4dc6

    • SHA256

      1487b1f4a9c37208cf93f2f041aa45f1cd64d09b5377a62be2707f03f68afe93

    • SHA512

      f5e039ec2418148777ba2604232ea65be1119ee670ac906c0da49ac456d6f96c44195df3d8a51671de94b082f11b41db315189b3f1e943792cd9dbcd2fae5ef1

    Score
    1/10
    behavioral17

    • Target

      cheatengine-i386.exe

    • Size

      12.4MB

    • MD5

      df76271297c0a864d3d6f39e7581e0d9

    • SHA1

      b30d09c732619c37ba5b289924e04b4440849223

    • SHA256

      625257702195b7706870d3d7f276225b7688797a8363f1be914202f342f9144f

    • SHA512

      e6ab926dbf083fc87936f10c16a350ca12ffb13d51db7250266933f9ecd3147df413324bb1a933558e81691fb053ddf352481ece9fb122f3f413bed0bf35365c

    • SSDEEP

      393216:0zalJmfxkhtk/8ZQoMyHMEZtMdOVznrY8pMTA+o8q:erUo4CArh

    Score
    5/10

    • Drops file in System32 directory

    behavioral18

    • Target

      cheatengine-x86_64.exe

    • Size

      16.1MB

    • MD5

      70d324929f0dbc9e1565b2c2ea2b5fd7

    • SHA1

      d2d1ed008a53f1c34c2a4f27f344c1547a51c786

    • SHA256

      aaaff35af81614e87ec412242f06d37c8861c39cf3c57e933b925d7b616326a8

    • SHA512

      6609d22bb37e302bc46555d796cc54ff9db5b2c6fb9c948b8d7273f3cba9b2739982f72a51e0548135adcd54acbf2a7299b7b6dba71c36d2be41f2f3ea501d06

    • SSDEEP

      393216:Gkzc9O2IMG9s/ybzxnp/e0Y1WIaBY3BRAxu48o:Gkznzxnp/hKlBN4j

    Score
    5/10

    • Drops file in System32 directory

    behavioral19

    • Target

      packfiles.bat

    • Size

      264B

    • MD5

      736321192a841e1fdcf2c4dbb2a1c80f

    • SHA1

      dc280788adbead6e7989efc1a802fd7442df1199

    • SHA256

      292cda4b47beedfc9a639c877e3420935e33c0b21fdd0583d5099245ae3e14de

    • SHA512

      d8035d7435cb5f9e3ab8b0eabacbcd91727d5bc56f2b54047da9a0c55857369172dc9caef0cf6a822975f2f555f64b61c9c67c12c019402bce454ca29a46408d

    Score
    1/10
    behavioral20

    • Target

      rt-mod-regreset.exe

    • Size

      209KB

    • MD5

      07aeb091c409440dbdfe114f27f3b91c

    • SHA1

      c9b4c62eda1d26c70081bd783d908674009b1389

    • SHA256

      8c572a51c5d936a7725b244d9e4f04c75c12ee3b0e01144f1fd7c725182c70eb

    • SHA512

      ecc97dd01163130dad19a084a74f4241b33aed854f62c3c325b29aeceb4aede2d66a97021346c852e9f4a4a1d9c4a9946e6e0aff2373eec6d8a02be624f97687

    • SSDEEP

      3072:aLOZ9fiZkI4eGjp5WoMB79QJqbLXqatZ06TX4UPfgwekp+PrSeBDupM+Gu:aLwf7I4PtMB79QJuXqwH/TeA+PrMpL

    Score
    1/10
    behavioral21

    • Target

      win32/symsrv.yes

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    behavioral22

    • Target

      win64/symsrv.yes

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    behavioral23

    • Target

      windowsrepair.exe

    • Size

      338KB

    • MD5

      b93db21f71e79dbb691cab5216b2aef6

    • SHA1

      86a42152207971c2b66bd69ce849e3e4374d2711

    • SHA256

      5b7b3b18bc603c4aa979f5593b8bd36b8ca6a662a39691a6c9f07b7b1b569b95

    • SHA512

      1fb76e4f06d023f7a304c2d4c454e8c574eaed5a0f29dce7bb50e2db34d9d6e1bdd81807c1805d0bcc0055dac5dd8e7d2b0b9a50dbbc06d8698eb2564c0dad56

    • SSDEEP

      6144:oPnUM1TNB6JgzxM9Xmfp/IP9gugEkkoSE5Q:7MVNBYgapmfp/IP9gugEnoSE5Q

    Score
    1/10
    behavioral24

MITRE ATT&CK Enterprise v15

Tasks