Behavioral task
behavioral1
Sample
CsGoCheats.exe
Resource
win7-20230712-en
General
-
Target
CsGoCheats.exe
-
Size
3.3MB
-
MD5
d31c6a4a86b2c01d7c6f3bbf0f2773cb
-
SHA1
b8d2287930ff0ebfc7b857c993c1fc0102a925db
-
SHA256
417099ab2a4161b7d39e0657ea0dcd5b15e90111bedf13f3442fbb2efd708f12
-
SHA512
3481b0fc96e319e7ef431a3e161fe5e094c74e7fa31532d3fde5d581d1754796571bbc056f4ed504f5490ccde5fec333a7ed09a56be0f551369c9c1904b28962
-
SSDEEP
98304:lvg62XlaSFNWPjljiFXRoUYI/MQH+eVl:J4ZYIH+I
Malware Config
Extracted
quasar
1.4.1
Cheats
185.38.142.185:3138
27629fb0-eb8d-4d40-971d-ac7640df2bb4
-
encryption_key
87878A8B39F0E68E388682CADE478983AEB7449F
-
install_name
ModmenuCSGO.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
RamAnoT
-
subdirectory
CSGO
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource CsGoCheats.exe
Files
-
CsGoCheats.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 168KB - Virtual size: 167KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ