rust-stealer-xss[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

rust-stealer-xss.exe
Size

5.4MB
MD5

757220d2a9fbe32c7478f27ecbdae5ae
SHA1

e9a6822c498731831da6938c25b15a131bf67dfb
SHA256

f4f5790a9be596d88822e54ed04b257c529955bd71b49e2e1381b6f0bd8acf57
SHA512

fef6d21056aaa768a7ad3558d04d3df9bdcd8dc6911fb397ddc87c4c9a5e756584e8f8d81a19b911440ebfec5b34ca4d57715f559007b4ba9d1b62006a654b94
SSDEEP

49152:zTLzKrjyznOLlalYWvQhzQk5GwRgEgfTmcD8LneUqm/G7T251qpbWGAxVRwyjSMH:zjykYWQQfwRYC37Vq2NJsSPPDHn+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rust-stealer-xss.exe

Files

rust-stealer-xss.exe
.exe windows:6 windows x64 arch:x64

1511e0b58f9fe8cc14e93b7bae59cc23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rust_stealer_xss.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WakeByAddressSingle
WaitOnAddress

ws2_32

WSACreateEvent
WSACloseEvent
shutdown
WSASend
send
recv
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
setsockopt
bind
WSASocketW
getsockopt
connect
ioctlsocket
closesocket
WSAIoctl
getsockname
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
ntohs
WSASetLastError
getpeername
accept
htons
socket
__WSAFDIsSet
select
htonl
WSAResetEvent
listen
WSAEnumNetworkEvents

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertOpenStore
CryptUnprotectData

secur32

QueryContextAttributesW
AcquireCredentialsHandleA
FreeCredentialsHandle
DecryptMessage
ApplyControlToken
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
EncryptMessage
DeleteSecurityContext
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

advapi32

RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
GetUserNameW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
SystemFunction036
RegQueryValueExW

kernel32

SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetFileSize
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
ReadFile
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentVariableA
MoveFileExA
Sleep
GetTickCount
SleepEx
GetSystemDirectoryA
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
HeapSize
FindClose
CloseHandle
GetLastError
GetUserPreferredUILanguages
GetTickCount64
GetLogicalDrives
GetFileInformationByHandleEx
SetFileInformationByHandle
SwitchToThread
DeleteFileW
GetComputerNameExW
LoadLibraryExW
GetProcAddress
FreeLibrary
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
GetProcessHeap
HeapFree
HeapReAlloc
CreateDirectoryW
GetModuleHandleW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
SetHandleInformation
SetLastError
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
lstrlenW
ReleaseMutex
WideCharToMultiByte
RtlVirtualUnwind
GetStdHandle
GetConsoleMode
GetConsoleOutputCP
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetEnvironmentVariableW
GetModuleHandleA
QueryPerformanceFrequency
FormatMessageW
GetSystemInfo
GetTempPathW
GetFullPathNameW
CreateFileW
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
FindFirstFileExW
CreateThread
QueryPerformanceCounter
GetSystemTimePreciseAsFileTime
HeapAlloc
CopyFileExW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
ReadProcessMemory
VirtualQueryEx
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
OpenProcess
GlobalMemoryStatusEx
PostQueuedCompletionStatus
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection

oleaut32

SysFreeString
VariantClear
SysAllocString
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayGetUBound

iphlpapi

GetIfTable2
GetIfEntry2
FreeMibTable

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserEnum

ntdll

NtReadFile
NtQueryInformationProcess
RtlGetVersion
NtWriteFile
NtDeviceIoControlFile
NtCreateFile
NtOpenFile
RtlNtStatusToDosError
NtQuerySystemInformation
NtCancelIoFileEx

user32

EnumDisplayMonitors
EnumDisplaySettingsExW
GetMonitorInfoW

gdi32

DeleteDC
CreateDCW
GetDIBits
CreateCompatibleBitmap
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
GetDeviceCaps
SetStretchBltMode
StretchBlt

ole32

CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree

shell32

SHGetKnownFolderPath
CommandLineToArgvW

bcrypt

BCryptGenRandom

psapi

GetPerformanceInfo
GetModuleFileNameExW

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhRemoveCounter

powrprof

CallNtPowerInformation

vcruntime140

__current_exception
__C_specific_handler
strstr
memchr
strrchr
strchr
memcmp
memmove
memcpy
__CxxFrameHandler3
memset
__current_exception_context

api-ms-win-crt-string-l1-1-0

wcscpy
strcmp
wcslen
strcspn
strcpy
strlen
wcsncmp
strpbrk
_strdup
wcsncpy
strncmp
strspn
strncpy

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow
_dclass
log
_fdopen

api-ms-win-crt-heap-l1-1-0

free
_msize
realloc
calloc
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_errno
_beginthreadex
_endthreadex
__sys_errlist
_get_initial_narrow_environment
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_initterm
_initterm_e
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit
_exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
__sys_nerr

api-ms-win-crt-convert-l1-1-0

mbstowcs
strtoll
wcstombs
atoi
strtoul
strtol

api-ms-win-crt-stdio-l1-1-0

fputs
_lseeki64
_read
__p__commode
_write
_fileno
_close
feof
fgets
fclose
_fseeki64
fwrite
fflush
fseek
__stdio_common_vsprintf
fputc
fopen
fread
_open
_set_fmode
__acrt_iob_func
ftell

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_unlink
_fstat64
_fullpath
_stat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1511e0b58f9fe8cc14e93b7bae59cc23

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ws2_32

crypt32

secur32

advapi32

kernel32

oleaut32

iphlpapi

netapi32

ntdll

user32

gdi32

ole32

shell32

bcrypt

psapi

pdh

powrprof

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 27KB - Virtual size: 31KB

.pdata Size: 107KB - Virtual size: 106KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 27KB - Virtual size: 31KB

.pdata
Size: 107KB - Virtual size: 106KB

.reloc
Size: 42KB - Virtual size: 41KB