General
-
Target
Rose-Stealer_old-main.zip
-
Size
931KB
-
MD5
2c22a33f0994faa508952bfe8332a75b
-
SHA1
a1b7e7a8540ee667eb72497b28bc52a382a3bd4f
-
SHA256
0f79ff7b65b9f14492d728a2964dbd9bf55ac122d3ebe5c24cdbb7533cdb2b3b
-
SHA512
540d322205df94fac6e25c52dc287d9f9937b825b95e05740fddad494fd97e2022be0c59847138d0afbd83764723b3cb72c6a4b91abeef7fb22b1916d72b5f44
-
SSDEEP
12288:alABu9rpFvtglu49E2U2pz7/0Er06PlLUj+/xDryJQzElz1j3VD9bLPWBJQsGrYX:W+GpFV6u4nzNPGSRWaAh5D9bLW37Gr9Y
Malware Config
Signatures
-
XMRig Miner payload 1 IoCs
resource yara_rule static1/unpack001/Rose-Stealer_old-main/resources/source/old/xmr_miner.py family_xmrig_powershell_dropper -
Xmrig family
-
Patched UPX-packed file 1 IoCs
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
resource yara_rule static1/unpack002/out.upx patched_upx -
resource yara_rule static1/unpack001/Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/upx.exe upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/upx.exe unpack002/out.upx
Files
-
Rose-Stealer_old-main.zip.zip
-
Rose-Stealer_old-main/.bandit
-
Rose-Stealer_old-main/.deepsource.toml
-
Rose-Stealer_old-main/.github/ISSUE_TEMPLATE/bug_report.md
-
Rose-Stealer_old-main/.github/ISSUE_TEMPLATE/feature_request.md
-
Rose-Stealer_old-main/.gitignore
-
Rose-Stealer_old-main/LICENSE
-
Rose-Stealer_old-main/README.md
-
Rose-Stealer_old-main/build.bat
-
Rose-Stealer_old-main/docs/CHANGELOG.md
-
Rose-Stealer_old-main/docs/FEATURES.md
-
Rose-Stealer_old-main/docs/KNIGHT.md
-
Rose-Stealer_old-main/resources/assets/builder.png.png
-
Rose-Stealer_old-main/resources/assets/rose.png.png
-
Rose-Stealer_old-main/resources/assets/roseloadingscreen.mp4
-
Rose-Stealer_old-main/resources/data/injection.js.js
-
Rose-Stealer_old-main/resources/data/obf-injection.js.js
-
Rose-Stealer_old-main/resources/data/requirements.txt
-
Rose-Stealer_old-main/resources/source/dev/xmri.py
-
Rose-Stealer_old-main/resources/source/old/InjectX.py
-
Rose-Stealer_old-main/resources/source/old/_file.py
-
Rose-Stealer_old-main/resources/source/old/_random_string.py
-
Rose-Stealer_old-main/resources/source/old/_roblox.py
-
Rose-Stealer_old-main/resources/source/old/_startup.py
-
Rose-Stealer_old-main/resources/source/old/_webhook.py
-
Rose-Stealer_old-main/resources/source/old/antivm.py
-
Rose-Stealer_old-main/resources/source/old/block_sites.py
-
Rose-Stealer_old-main/resources/source/old/browser.py
-
Rose-Stealer_old-main/resources/source/old/config.py
-
Rose-Stealer_old-main/resources/source/old/discordc.py
-
Rose-Stealer_old-main/resources/source/old/games.py
-
Rose-Stealer_old-main/resources/source/old/ipinf.py
-
Rose-Stealer_old-main/resources/source/old/knight_rat.py
-
Rose-Stealer_old-main/resources/source/old/main.py
-
Rose-Stealer_old-main/resources/source/old/ransomware.py
-
Rose-Stealer_old-main/resources/source/old/rose_rat.py
-
Rose-Stealer_old-main/resources/source/old/sysinf.py
-
Rose-Stealer_old-main/resources/source/old/tbsod.py
-
Rose-Stealer_old-main/resources/source/old/uac_bypass.py
-
Rose-Stealer_old-main/resources/source/old/webhook.py
-
Rose-Stealer_old-main/resources/source/old/xmr_miner.py.py .vbs
-
Rose-Stealer_old-main/resources/source/rose.py
-
Rose-Stealer_old-main/resources/ui/builder.py
-
Rose-Stealer_old-main/resources/ui/msg.txt
-
Rose-Stealer_old-main/resources/utils/comp/cert
-
Rose-Stealer_old-main/resources/utils/comp/post.py
-
Rose-Stealer_old-main/resources/utils/comp/sigthief.py.py .sh linux
-
Rose-Stealer_old-main/resources/utils/obfuscation/blankobf.py
-
Rose-Stealer_old-main/resources/utils/obfuscation/obf.py
-
Rose-Stealer_old-main/resources/utils/obfuscation/pycloak-main/LICENSE
-
Rose-Stealer_old-main/resources/utils/obfuscation/pycloak-main/README.md
-
Rose-Stealer_old-main/resources/utils/obfuscation/pycloak-main/pycloak/main.py
-
Rose-Stealer_old-main/resources/utils/obfuscation/pycloak-main/requirements.txt
-
Rose-Stealer_old-main/resources/utils/obfuscation/pycloak-main/setup.py
-
Rose-Stealer_old-main/resources/utils/obfuscation/pycloak-main/tests/in.py
-
Rose-Stealer_old-main/resources/utils/obfuscation/pycloak-main/tests/out.py
-
Rose-Stealer_old-main/resources/utils/old_build/rose_builder.pyw
-
Rose-Stealer_old-main/resources/utils/rosedec/README.md
-
Rose-Stealer_old-main/resources/utils/rosedec/decrequirements.txt
-
Rose-Stealer_old-main/resources/utils/rosedec/decrypter.bat
-
Rose-Stealer_old-main/resources/utils/rosedec/rose-decrypter.py
-
Rose-Stealer_old-main/resources/utils/unblocker/unblock_sites.py
-
Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/COPYING
-
Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/LICENSE
-
Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/NEWS
-
Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/README
-
Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/THANKS.txt
-
Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/upx-doc.html.html .vbs polyglot
-
Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/upx-doc.txt.vbs
-
Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/upx.1.vbs
-
Rose-Stealer_old-main/resources/utils/upx-4.1.0-win64/upx.exe.exe windows:4 windows x64 arch:x64
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 542KB - Virtual size: 544KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x64 arch:x64
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 885KB - Virtual size: 885KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 12KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Rose-Stealer_old-main/setup.cfg
-
Rose-Stealer_old-main/tox.ini