General
-
Target
CheatEvolution.zip
-
Size
13.1MB
-
Sample
240313-z56z6sbc86
-
MD5
643f26fc4d70f7b4cb6cc69f81871e1b
-
SHA1
68d93756fe0244373556424c1b05969d818c4967
-
SHA256
0f0d91b9f5fff3f9106753b914ec92aceefdcb223ddcd3ccacffa9f7adbfef08
-
SHA512
4b8f524bc10bd5cd594c19419efd0fbf0651a6561c6ef735b1698133ae3900957da9aa43df3a19b6bb99c854a71c47ee147f8e337297c1a1df913722f9897cf7
-
SSDEEP
196608:QUnKJA2Yj88dz9ub25R9pjHjLDsMpj5pLApi9QFr/qW9ZD8qanmd5zI7qo0uWOdm:QMOYwAzq6RjDpLAmK8Jnmrgl3RN/ubMi
Malware Config
Targets
-
-
Target
CheatEvolution.zip
-
Size
13.1MB
-
MD5
643f26fc4d70f7b4cb6cc69f81871e1b
-
SHA1
68d93756fe0244373556424c1b05969d818c4967
-
SHA256
0f0d91b9f5fff3f9106753b914ec92aceefdcb223ddcd3ccacffa9f7adbfef08
-
SHA512
4b8f524bc10bd5cd594c19419efd0fbf0651a6561c6ef735b1698133ae3900957da9aa43df3a19b6bb99c854a71c47ee147f8e337297c1a1df913722f9897cf7
-
SSDEEP
196608:QUnKJA2Yj88dz9ub25R9pjHjLDsMpj5pLApi9QFr/qW9ZD8qanmd5zI7qo0uWOdm:QMOYwAzq6RjDpLAmK8Jnmrgl3RN/ubMi
Score1/10 -
-
-
Target
CheatEvolution/CheatEvolution.exe
-
Size
11.1MB
-
MD5
e385bf6abe0ddfadfb7e098da559a882
-
SHA1
3681f2ec7bbfe2e2d6edab73ea3b108d0d45999d
-
SHA256
5d5162db542340f73b7451c2d9138ec714da25483b05344392111c8b0316dbfc
-
SHA512
1f439e28270b49f6c7421bec6dc0f70d14df8d41e43e54a79c037a626df6645b0a6d500c1598c1678cac0e44c0934ab67b02191895f87aed1f8f1cf5c5d0946d
-
SSDEEP
196608:6Gn6Hg2U/VbIRN92THpdNV3nTgv9j8p6DQLpx6yfrrUXQLA2iYhPOuw7mV:6WUU/VsRIHQ9j8M6UALA2iwP07m
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
CheatEvolution/DotNetDataCollector32.exe
-
Size
178KB
-
MD5
f1c9c9a8b035da9385d88ca34cd49305
-
SHA1
77e48f73c224949ec8bd8a32087609b7bf217e94
-
SHA256
4168d6408994a297665aeea68abb6c062d58ea00851751959557e7f8a8bac17d
-
SHA512
d7bd2fc8592e18ca46cdf1dc74496cf3cb5ef991f4bd9e141deeaba0f665e731a5953caaf1cd39859817eb6d0c1b77700fe08eeed15320757b3fa36d798c4c7b
-
SSDEEP
3072:KAm/u5ImKJacvUOQC2mCDiGuTEG2BiERGNcCYOqtwyROYeoHVP0bkHnP0z:Niu5MJa9hZun2BiERaEwyOM2Qsz
Score1/10 -
-
-
Target
CheatEvolution/DotNetDataCollector64.exe
-
Size
205KB
-
MD5
a2c0b5d0d9e5c2a2c774e8b587850447
-
SHA1
c8aa4cb01676d57b34aab22c7fd018b63dff6892
-
SHA256
f0f3d0fad632d9ddac8ff0b4eaec20094fa0f9abddf784954dfbb0723a997f21
-
SHA512
85f4aeb562424abf0e2bc5ede0cdf0052fbb15e7df70f691c11b06171a8a45a6672c2c688cd5b6ffebee16c36fdac7978e39ca04f8c29f75d588d2aca3599395
-
SSDEEP
3072:vWMJUr2f2Im9kj/FqgmHpJ1/YCVuIB9Vxv7bn1UC9gfkCeEWHFP0jHzP0Q:vWc02f2R6FqgoJ1boIPRUsfGjQQ
Score1/10 -
-
-
Target
CheatEvolution/Launcher.exe
-
Size
1.4MB
-
MD5
d26ebf669c6736fa7b300b34ec6bf2d2
-
SHA1
b5232029e3dee01a9b4c935d341cb0b952473500
-
SHA256
8dc6883eb66ca05dbf5cc6c0f98178abf34b848a1c748dba8a8ca4e97c64df87
-
SHA512
0f58f1b9c93453002720aaec4aca545d85bc4871cd165f0c07df42904c6ea242aa51846a82edbe3d11e1b6c78379b805f05100787abfcc1b687e2290f0df2452
-
SSDEEP
12288:ridXiXyXGDjDeewZgDxbMAMnHxPN2cSosXWApDp0L9MIl4JS:OXiX6G/DrwZgpMbdN2o+pDp03wS
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
CheatEvolution/data/data.dll
-
Size
1.3MB
-
MD5
c11138204609ea63a3e88b4c8c09b035
-
SHA1
b0829124f7e275b0f341c6af0fdd3dd5f65667a4
-
SHA256
60c16c2fab14b344b8343778dcd6bbfdee3dfe5f83d1ac8d2e50c6877419eee4
-
SHA512
28d9e92498433c1f6ec41893fc17db76d6cb7a1c565461eb6e67eebc2b924dd4aa65486c29874caa9ac5c78f804a8799c7ce1c641dd9f080bf1bf94b58ca208c
-
SSDEEP
12288:aHnKY5WcmiyfogSknJbjhrbXBbrxaLsBDJbVQAjXwcasznMbDz43X6dmM:aqY5Wcmi4FJbXdsLsBNRQAjgH
Score1/10 -
-
-
Target
CheatEvolution/lua/DotNetInject.lua
-
Size
7KB
-
MD5
b5ae011c70c1d26cc31a5d818d60e53c
-
SHA1
7be6ad86fcc9208d6f21b9f1d464b6334e64922b
-
SHA256
31ed4209776dbfad74ec811326439d26c02b6ab653056d5e171d952c12d3f25b
-
SHA512
440b1afc72d671d8aa663b6672371ac365029525ee055cf380a9c9c84625fd5fa2b328110633a183f87cecf8d1d2cacb62e49a7eb382b30aaa75da5b3d2f3054
-
SSDEEP
192:zuiTTPEYya1gq5jfFEYQhRIA03xB97cq1fvhEN:ztTzyapKRiG
Score3/10 -
-
-
Target
CheatEvolution/lua/DotNetInterface.lua
-
Size
20KB
-
MD5
04cde30d6aa9999a846b5fc3cfc1f56c
-
SHA1
2187ab73161ee8a516d25f8295bb4c7e3da2f7e3
-
SHA256
eae2a91808bb58b386f3bdde75176c7208c22bf5515c5d6e467c583df2e72e15
-
SHA512
fb2f27f3981e587ddd379d54999067092dc2fbe2f243e4a49b2f9d4da172907d169bc708aa0840631c951fb01ccb9e69a403eb2e19a5f1aff1be3ff0eec27c62
-
SSDEEP
192:Rmi4uQRgQgAgm2+CXgSKgKghmg60gGg4tgKplg/Dhrf+1e5l7jTRgzKgIgmoJMQZ:y3KQBHvSo9a452TZ0YgkP
Score1/10 -
-
-
Target
CheatEvolution/lua/additional_settings.lua
-
Size
426B
-
MD5
1f73e4d6e1a5c6eb97b31813ec21d0db
-
SHA1
2b7be02d9a14c3141dcc1a147928cc617e198ebc
-
SHA256
a0343d322f042622040d129c7b5d9f9b4cd10e0ee3b249f280b9da7c1f7c0222
-
SHA512
570f8228f08cda9514d548ef2b6602be677cf03886c2c33cb46e2bde1c74ead077dd6282742bf8bbfaa2b9ef51dec931270e268b4d2520ba273c1a1778da8871
Score3/10 -
-
-
Target
CheatEvolution/lua/dlls/DotNetInterface.deps.json
-
Size
1KB
-
MD5
1af5b8ecc43a1b62f78047514bb6f481
-
SHA1
b6286ea3117f3ab1f4f64e0e459d6a035fe0a270
-
SHA256
e80618cc2eea23d14764ce357d8e48c60cfaf9aac548cd9a8907d21c7faeef44
-
SHA512
b448a2f8de00aeb951df656e4db297bb3250d61888e19acb6b63f4f88956f888877cd87b8507eea3796c876fcc6783fb1e53bbd22eb652b9ed62acd89f51b5ce
Score3/10 -
-
-
Target
CheatEvolution/lua/dlls/DotNetInterface.dll
-
Size
38KB
-
MD5
ed7867296697880928f297914d80f211
-
SHA1
1cc9b65d8f94a04ea59b7511df522fcb68c275e9
-
SHA256
3dc9ea4350e99e6216da0840c53ed8ccca39ba7df7a4146b47affcab128a4432
-
SHA512
044fdeccb4a46edf37bbef8e6cbb36ac586a2aa505b34f71977a2e404fff088a60ff8277d0251b23c7f5d090a337b4cb5af1fea1a638b408eec6f334bc416ad8
-
SSDEEP
768:3N8So6jKJjZr25rm7V1VaXLkjYr25rm3V1VaXLkjn:3N8FaeF2m7P012m3P0A
Score1/10 -
-
-
Target
CheatEvolution/lua/dlls/MonoDataCollector32.dll
-
Size
407KB
-
MD5
c5b870ce07da5206d8a81e139920b7dc
-
SHA1
f868450ed5f886f084c00345c75143c65fd9338e
-
SHA256
eb26b38a604cf98b95a39fd249c0771e351061a9894d22284cdfe984e8fc7a6c
-
SHA512
7dfb3e9940ec0d14b42c77483f71274701c46483e65ee57a0853a31f688cc5c3d0c0af2050229ba196d9beff9813f259e3f92eec9d8352cc0e416feb4eb1a6be
-
SSDEEP
12288:CLM9vziuDEVmqU2Im5/P1OhGKexP+gVuQ:lLiuDEV15/tVP+ouQ
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
CheatEvolution/lua/dlls/MonoDataCollector64.dll
-
Size
535KB
-
MD5
4237719534b21bb179480ed8bb23c0cc
-
SHA1
a1c8db76137b6131b7b8fe379841cb3df62f3b7d
-
SHA256
15ee5851ff1b33e369b43c66d44e3d1452a212c2a37f337b680fe8bd88df8748
-
SHA512
4ace9a2ca9beaf64a3b097922300e6bf46729375cb4dfa4bc3d81b0420ff28cd45c2cfdb9c05e4885ddd39cb6bf160d932be4711c219302d684d23afeadb4f72
-
SSDEEP
12288:7dShHq6xdR8zWUjwmoRb2qORTCKTJ7PYn:Z6xdqzWUjwmr8n
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
CheatEvolution/lua/dotnetinfo.lua
-
Size
82KB
-
MD5
f30091a31003345eae2a915d1ee13e9d
-
SHA1
b42c1b7da7e620a89a68274c7551d7bb3806441c
-
SHA256
cc505da9ea622e39783d6ac0a98370e1b58eba6702b9a1796fdc869aeebba261
-
SHA512
a9a801f42bf9a1ed54cbc2dc7ac397e6695eb685d4f03313059b08db23ed9055727168b9affee94416a584f703b9b97d515b6bc02fef99f8ef6fb4b372aee65e
-
SSDEEP
1536:yui2L/B3vpXErHBRpUPrEUvh8VRzXzycAcnNSoaam0WEj:yurB6rhRpUPr9vszjycAcYoaam0WEj
Score1/10 -
-
-
Target
CheatEvolution/lua/dotnetsearch.lua
-
Size
14KB
-
MD5
c5d67d9cb5017f96f34cb9ba0f08fdf0
-
SHA1
53dca47cf042380f8dbc3399832a559a2c7368bd
-
SHA256
42896bbe75c79c381cc90fbae685da24013caad0786f1b1a4b569620c45f3f72
-
SHA512
c2f41a7c1a25b66b9dc0a496ad87818c9c7e3f70ceb82344ad7f664764293d2f9a43e607a4a299597e44b6763b3bfc63ad8f4eb01c6bd68eae4bb04acf775f42
-
SSDEEP
384:fTJbJcJtJZJtJeJAmDF3zY0PLTuHrRthutT9AT0HqkVWAcK3wMexR9WnraIeBXjJ:LJbJcJtJZJtJeJAmDF3zY0jTuHr7huFG
Score1/10 -
-
-
Target
CheatEvolution/lua/monoscript.lua
-
Size
131KB
-
MD5
ce632d2f40ba5f9fabae5e780d2e0cb0
-
SHA1
e499c18592bdc0842ae2ab57989a5de7e48b0a82
-
SHA256
96c10aaa7603c29c31614faff16c9030aacdc11adecf4be7b85d3d7b6e65d23e
-
SHA512
db41ba373cc04e2aefb2d64be8cbbbc408956a1a5c2a13c6e7f4d574da2a7eb3454be9552fee974037a07fe0f014ee554edeed071f65d71d0168548dded512ac
-
SSDEEP
768:St5zmxQLPqWuiXL9eqiK8uthP/xoiEFLWiP8bTg1b3lDWIkGkxv0C2r0EcD+JZSb:dXfQ21CGi7hXz4XYHo6BG7236nDs
Score1/10 -