Overview
overview
10Static
static
1RoseCheats...ot.dll
windows7-x64
1RoseCheats...ot.dll
windows10-2004-x64
1RoseCheats...V1.bat
windows7-x64
1RoseCheats...V1.bat
windows10-2004-x64
10RoseCheats...bot.py
windows7-x64
3RoseCheats...bot.py
windows10-2004-x64
3RoseCheats...ner.py
windows7-x64
3RoseCheats...ner.py
windows10-2004-x64
3RoseCheats...er2.py
windows7-x64
3RoseCheats...er2.py
windows10-2004-x64
3RoseCheats...er3.py
windows7-x64
3RoseCheats...er3.py
windows10-2004-x64
3General
-
Target
RoseCheatsV4.rar
-
Size
6KB
-
Sample
231119-wt2drsbh4y
-
MD5
2f017c769c39fef1c8e8d4a2041ffc65
-
SHA1
ee4d54f3909c07a3bf0ed34daa682ca4c008c6a6
-
SHA256
bdc69cac3dd5b6a68961435eb7379adea6936893d3debae53cfc36e0668de079
-
SHA512
be84b9cf2f3fbb3ae099b0e28d981c33a3ec145422909ea413b706e585b9f2acf788c844a13a0781267e263f2b37f6b73b4165701d3e1c21aae32fd884d38a00
-
SSDEEP
192:ekQ79H66CpkyD44aT5k1766kuYEKpGQRMO:a7gpROR6kuNK0QKO
Static task
static1
Behavioral task
behavioral1
Sample
RoseCheatsV4/AimBot.dll
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
RoseCheatsV4/AimBot.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
RoseCheatsV4/OBF20x-startV1.bat
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
RoseCheatsV4/OBF20x-startV1.bat
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
RoseCheatsV4/data/bot.py
Resource
win7-20231023-en
Behavioral task
behavioral6
Sample
RoseCheatsV4/data/bot.py
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
RoseCheatsV4/data/portscanner.py
Resource
win7-20231020-en
Behavioral task
behavioral8
Sample
RoseCheatsV4/data/portscanner.py
Resource
win10v2004-20231025-en
Behavioral task
behavioral9
Sample
RoseCheatsV4/data/portscanner2.py
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
RoseCheatsV4/data/portscanner2.py
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
RoseCheatsV4/data/portscanner3.py
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
RoseCheatsV4/data/portscanner3.py
Resource
win10v2004-20231020-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
LaraLoveU-44526.portmap.host:44526
QSR_MUTEX_FzYyCES1fI0geSNN76
-
encryption_key
DhxP4RRoJUjNRd1gIFU8
-
install_name
Windows TCP .exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows HD Driver
-
subdirectory
Windows
Targets
-
-
Target
RoseCheatsV4/AimBot.dll
-
Size
122B
-
MD5
aa9bf6a15157e18543f5457ac557d3d2
-
SHA1
f6dd2e67eb65ce0aed1559ca58655f7bb900b90e
-
SHA256
43879afd5af1d5b226629778d64e448a0b092352a0e7ddfd7ae7082daa7f5c3f
-
SHA512
3c432dfc0f5ada690a16e4b440e20578354ddc15aaf6f8bdb6eb659904b378b5fc0471df74bad49d9ea986f2e734c130e5f084ac9fdfa4be4f755af36685783c
Score1/10 -
-
-
Target
RoseCheatsV4/OBF20x-startV1.bat
-
Size
17KB
-
MD5
411be5b301d07890e23ed69bf221d995
-
SHA1
cb099ca6075e1c7e7837f42021a808cbaf191aa9
-
SHA256
58e3d5b71e5cca265feafc3be93df55ea6b9d12d6f150cac953b8e91a451c9e3
-
SHA512
eea35274ee204c4fe778c3e78646e9ad63e5b5aa16f3d3fe52bd1753d5f5b68c98281a2a8fdbe723db0428498e64a2dae4d943cb5257388db87b63d5184a9c54
-
SSDEEP
192:U/5mkQJ3Hj/BTfgcJ5KBKUuGSjjzoCDinBZNsbXfxENKDZa/41qHpmX:wSgRudjz4zNsbvxKKDZa/41QgX
-
Quasar payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
RoseCheatsV4/data/bot.py
-
Size
91B
-
MD5
8c0a898281baf82b1fd39079201fbcc0
-
SHA1
5afcb1904e9ceb4c6673573e7aa31e4effdce208
-
SHA256
d5f6a781626ad9e84bd8690bd35503f818957720cde5ad55369478b3c844d002
-
SHA512
6f9a316e05607bb7fbf019d44feb43cbc6eaa76cd5b4ba10573a9aae0b07187b931482c612a2e53dd3e61a32440f62565927ad0cde05241deabd69d04e4bdfa4
Score3/10 -
-
-
Target
RoseCheatsV4/data/portscanner.py
-
Size
427B
-
MD5
5b18828a41fa1f93b56354de0fb0e157
-
SHA1
b3cfdfb88a48ae5bd423e05dbfc9fc316e5615a5
-
SHA256
7586add73f4d919d25c62e093cd700d0712a17982c0f7d72a82b360fb6443005
-
SHA512
0825236f8648929d04663b32263d8c75718c443981fbe86b529be98d78a349932f9d03bad6585f56ac35cb54578224a285b774cd854e09e0cd05f301ed3f2c68
Score3/10 -
-
-
Target
RoseCheatsV4/data/portscanner2.py
-
Size
1KB
-
MD5
d9b7026810324a4b14b826f62e7ffc44
-
SHA1
31600e6e59a87cec0b1aed6ae3fa1003131c3ec5
-
SHA256
25bf231d473acb14f02f6dc0774317c9cd315cf4acd7b2e0a30759ce1809cf4e
-
SHA512
5ca11365790bf3bc7b06ac61d583c482131350056e1c753adf380a7d128edb86ef03e6867073cde1c3f6b7c5eaa5ffa1c76a912e247b855800a4ec79875e77d8
Score3/10 -
-
-
Target
RoseCheatsV4/data/portscanner3.py
-
Size
2KB
-
MD5
f3546098103d32d641b142773a9f0bee
-
SHA1
a0e2a2178dd5acfa9c8f9ec70362d894a9288135
-
SHA256
2c7d60fa30831a38d1a5fb8ade5af48431c006056aee3c45cebd0353b0737e7d
-
SHA512
afec372e9e185d95fed42cbaa5c09dc75e8498be2d430ded9865125725b5cee5f54344ec8965c1ebe623c095f46267cbc92ade78807b8fe998edd29fb4cbbb39
Score3/10 -