be04dd814b65640b36c5c4fa45966e3d424116177915817c706a68ac1222ed4f | Triage

Sharing

General

Target

Cheat Engine for Roblox.exe
Size

2.5MB
Sample

240629-rx5s5szbmc
MD5

05e5b267fcfed47cc3e56d6cf74b71e4
SHA1

26d883cf4bcba219b8475400916a94a23465863e
SHA256

be04dd814b65640b36c5c4fa45966e3d424116177915817c706a68ac1222ed4f
SHA512

78e5ae0d3452aa30e9768a39dfe096e7ee29766b45df54a5eaf1321b74cdbd30781976d7f1b92854c25db1457c71abba8e62d1f5f5addfe3cbafdaaf1f342156
SSDEEP

49152:dgEnoSE5DEdED2TlnfPnFNzBjCwOkkgKJEvwvKqeJF34ffLCfJZCJieQCQeQ6NtS:dgEnoSE5DHEnfPtpOEIvqqLqCyCQer7S

Score

8^/10

evasion execution persistence

Malware Config

Targets

- Target
  
  Cheat Engine for Roblox.exe
- Size
  
  2.5MB
- MD5
  
  05e5b267fcfed47cc3e56d6cf74b71e4
- SHA1
  
  26d883cf4bcba219b8475400916a94a23465863e
- SHA256
  
  be04dd814b65640b36c5c4fa45966e3d424116177915817c706a68ac1222ed4f
- SHA512
  
  78e5ae0d3452aa30e9768a39dfe096e7ee29766b45df54a5eaf1321b74cdbd30781976d7f1b92854c25db1457c71abba8e62d1f5f5addfe3cbafdaaf1f342156
- SSDEEP
  
  49152:dgEnoSE5DEdED2TlnfPnFNzBjCwOkkgKJEvwvKqeJF34ffLCfJZCJieQCQeQ6NtS:dgEnoSE5DHEnfPtpOEIvqqLqCyCQer7S
Score

8^/10

evasion execution persistence
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
behavioral1
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  b5a1f9dc73e2944a388a61411bdd8c70
- SHA1
  
  dc9b20df3f3810c2e81a0c54dea385704ba8bef7
- SHA256
  
  288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884
- SHA512
  
  b9c8d71b5da00f2aff7847b9ec3bd8a588afeb525f47a0df235b52f7b2233edb3928a2c8e0b493f287c923cc52a340ad6fee99822595d6591df0e97870de92a8
- SSDEEP
  
  96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  05450face243b3a7472407b999b03a72
- SHA1
  
  ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
- SHA256
  
  95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
- SHA512
  
  f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b
Score

3^/10
behavioral3
- Target
  
  Client.exe
- Size
  
  5.9MB
- MD5
  
  1d7c380a28a428b67b72bcb7d1c28d6c
- SHA1
  
  3f00a6e1e95f09690456ee8e1ae05d3964432fa4
- SHA256
  
  76db8fea5dc386cfbac67340744ad57e6f50589918b3762eb6c92dfb39cf8588
- SHA512
  
  587c9282718672526eb6401ec9f5b899a6538ca9748cac5c044b41d4e786ce18a84d81b092cf522c89103566176c13be0a3c76aa75f9801fbc3fa78eb3856f61
- SSDEEP
  
  49152:F7qkp5Oc6JESheFu4YJx1KoIAZjA6mmyGa4GKWxjXbCb2qRhmS2WUda9vy3dT/:F7XEmuxx1KSy6NFGbh+2WOa9Y
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistence

behavioral2

behavioral3

behavioral4