General

  • Target

    CheatEngine75.exe

  • Size

    28.5MB

  • Sample

    241113-kx1qvssjhk

  • MD5

    647a2177841aebe2f1bb1b3767f41287

  • SHA1

    446575615e7fcc9c58fb04cad12909a183a2eb15

  • SHA256

    07c1abb57c4498748c4f1344a786c2c136b82651786ed005d999ecbf6054fb2c

  • SHA512

    f3165aec7a4b7adb7e6ffca56812f769b7b085000d50bf235ca1c7e74d76dfb5549de9561e281623c734c2dec9fc37b54af572c3e97fcb9fb1411102ae3da0c0

  • SSDEEP

    786432:5l3LNCxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFHi6t:5l3LMEXFhV0KAcNjxAItjFt

Malware Config

Targets

    • Target

      CheatEngine75.exe

    • Size

      28.5MB

    • MD5

      647a2177841aebe2f1bb1b3767f41287

    • SHA1

      446575615e7fcc9c58fb04cad12909a183a2eb15

    • SHA256

      07c1abb57c4498748c4f1344a786c2c136b82651786ed005d999ecbf6054fb2c

    • SHA512

      f3165aec7a4b7adb7e6ffca56812f769b7b085000d50bf235ca1c7e74d76dfb5549de9561e281623c734c2dec9fc37b54af572c3e97fcb9fb1411102ae3da0c0

    • SSDEEP

      786432:5l3LNCxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFHi6t:5l3LMEXFhV0KAcNjxAItjFt

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Stops running service(s)

    • Modifies file permissions

    • Checks for any installed AV software in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks