quasar | Rust_Cheat[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Rust_Cheat.exe
Size

3.1MB
MD5

490f1edaae58a7a7d90e180a29b4f476
SHA1

e28817d186f6b835de55e5f0c8614f305461df4d
SHA256

2782b81831c575738375efcfdf7a5b8585f68062335990961c93cc4e09df60ad
SHA512

246fd68124d601336014adbd37db29e52f931d162b5aa90bd3b413e6d113e5e6b3a04b93693e5bc25bfe7cffca61b314db007a63722081952a4ec0e670f91bb3
SSDEEP

49152:uvDI22SsaNYfdPBldt698dBcjHvCc1J+LoGdLr/THHB72eh2NT:uv822SsaNYfdPBldt6+dBcjHvCjb

Score

10^/10

rust_cheat quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Rust_Cheat

C2

Decievability-51624.portmap.host:51624

Mutex

551af51f-5457-4dc7-8f8a-6a2c5197599c

Attributes

encryption_key
21D46989A42BE7A28C35A98B4E514E4E4638F38F
install_name
Rust_Cheat.exe
log_directory
Logs
reconnect_delay
3000
startup_key
System
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Rust_Cheat.exe

Files

Rust_Cheat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ