Overview

overview

10

Static

static

1

CheatEngin...41.exe

windows10-1703-x64

10

CheatEngin...41.exe

windows10-2004-x64

8

CheatEngin...41.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CheatEngineUnpacker3.41.exe

  • Size

    61.5MB

  • Sample

    240715-2wtdtstckk

  • MD5

    aae4cc6e0c6a69647c6329ef0182dc33

  • SHA1

    eeaea31356db3ea20224f121f9fbba22a3258186

  • SHA256

    029802d89e8f57492d477c07a680e700c88d62a2f2fc175b7bfcd1d93620bffe

  • SHA512

    b4a9cf2b7ec19ac632bc5858f315113b0c2370aa42aac9ce57159d190c9a42a5cd073b2233afaf30aeba43ee1438f1a477dcb30f69f616ff595adc3fa6f95475

  • SSDEEP

    1572864:n2SpimMZrPE+yqPONDf3/1FGipBeowfrnjD62hHLCd/5HY:3iZzE2OZv1FGiDerTXF9O3Y

Score
10/10
rhadamanthysexecutionstealer

Malware Config

Targets

    • Target

      CheatEngineUnpacker3.41.exe

    • Size

      61.5MB

    • MD5

      aae4cc6e0c6a69647c6329ef0182dc33

    • SHA1

      eeaea31356db3ea20224f121f9fbba22a3258186

    • SHA256

      029802d89e8f57492d477c07a680e700c88d62a2f2fc175b7bfcd1d93620bffe

    • SHA512

      b4a9cf2b7ec19ac632bc5858f315113b0c2370aa42aac9ce57159d190c9a42a5cd073b2233afaf30aeba43ee1438f1a477dcb30f69f616ff595adc3fa6f95475

    • SSDEEP

      1572864:n2SpimMZrPE+yqPONDf3/1FGipBeowfrnjD62hHLCd/5HY:3iZzE2OZv1FGiDerTXF9O3Y

    Score
    10/10
    rhadamanthysexecutionstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks