Report - github.com/0xrose/Rose-Stealer_old/archive/refs/heads/main.zip

Report Overview

Submitted URL
github.com/0xrose/Rose-Stealer_old/archive/refs/heads/main.zip
IP
140.82.121.3
ASN
#36459 GITHUB
Submitted
2024-04-16 06:40:27
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	516 B	3.5 kB	140.82.121.3
codeload.github.com	62359	2007-10-09	2013-04-18	2024-04-15	519 B	955 kB	140.82.121.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/0xRose/Rose-Stealer_old/zip/refs/heads/main
IP
140.82.121.10
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
954 kB (953906 bytes)
Hash
2c22a33f0994faa508952bfe8332a75b
a1b7e7a8540ee667eb72497b28bc52a382a3bd4f
0f79ff7b65b9f14492d728a2964dbd9bf55ac122d3ebe5c24cdbb7533cdb2b3b

Archive (73)

Filename

Md5

File type

.bandit

80eaaa0e0619f6ef5ffc5840ab366bfd

ASCII text

.deepsource.toml

d54de45ac7659ba5742e5768485f3fb4

ASCII text

bug_report.md

e468801d29e6b66b0d496136e22e8b34

ASCII text

feature_request.md

174545e1d9daff8020525fdd1e020411

ASCII text

.gitignore

83a915b86b03f694b477f01afb8b957e

ASCII text

LICENSE

4fb7cc4b89dc59f91c7d74135834da7f

ASCII text

README.md

597769618a12a79267a23bdba8f3e1c5

HTML document, Unicode text, UTF-8 text, with very long lines (660)

build.bat

aa7d5bca3642e65ce8e0c02129d67c5d

DOS batch file, ASCII text, with CRLF line terminators

CHANGELOG.md

959d6fd8b7b5588f6a064f854e53f12d

ASCII text, with CRLF line terminators

FEATURES.md

a5e724ad9a2c53081fc212d2f0ba7ebf

ASCII text, with CRLF line terminators

KNIGHT.md

b94da643dc4485b01a30e81287dba53d

Unicode text, UTF-8 text, with very long lines (693), with CRLF line terminators

builder.png

a7c40415449e963531126f54359252f2

PNG image data, 581 x 649, 8-bit/color RGBA, non-interlaced

rose.png

851ad7c781acdfa0f456a2b5c4cfdc68

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

roseloadingscreen.mp4

fb68ba719b7b799b894835ea8286ddc3

ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]

injection.js

acdb74b377c7e2aa6c73ed9bf4f91883

JavaScript source, Unicode text, UTF-8 text, with very long lines (548), with CRLF line terminators

obf-injection.js

ec79b72c09f42e1abf4d7b1ed3a13771

JavaScript source, ASCII text, with very long lines (65536), with no line terminators

requirements.txt

40be6ed0d874708c9b6b70db4f359a62

ASCII text, with CRLF line terminators

xmri.py

8fe2be92495269869d37a3f7f521752a

Python script, ASCII text executable, with very long lines (427), with CRLF line terminators

InjectX.py

19bb7d7c8e398c0d571cfa17ddfbd3b4

Python script, ASCII text executable, with CRLF line terminators

_file.py

4d9d751babed4fcdf288d0d473e971a2

Python script, ASCII text executable, with CRLF line terminators

_random_string.py

5fe67271287081b44d90723cd2b3dd56

ASCII text, with CRLF line terminators

_roblox.py

a93f227f9518144f658d5e76d995f245

Python script, ASCII text executable, with very long lines (650), with CRLF line terminators

_startup.py

1a64ecda9c4ea92db9c057922f0e6a2a

Python script, ASCII text executable, with CRLF line terminators

_webhook.py

45e33449ea34c2c1e20c04296d3a2459

Python script, ASCII text executable, with CRLF line terminators

antivm.py

6bd8888ec26fac2f985bb449d547eead

ASCII text, with CRLF line terminators

block_sites.py

1ed5f3e539071d31d16e48bf7044c053

ASCII text, with very long lines (487), with CRLF line terminators

browser.py

47ed7f11f4d46f05abf290e5aab2250a

Python script, Unicode text, UTF-8 text executable, with very long lines (304), with CRLF line terminators

config.py

d3aa91d802d835fdf48788ef51c48865

Python script, ASCII text executable, with CRLF line terminators

discordc.py

9d4e1361bb8532aef6d8191d07ddb5a5

Python script, ASCII text executable, with CRLF line terminators

games.py

3cbd2a3798299ca82ec0d6720d08d04a

Python script, ASCII text executable, with CRLF line terminators

ipinf.py

4b49afaf8f932f59ec5480cc9af7057d

Python script, ASCII text executable, with CRLF line terminators

knight_rat.py

08544e5480f1f4f25c7e3f0833e7567a

Python script, Unicode text, UTF-8 text executable, with CRLF line terminators

main.py

ff2d0f75798837bc34533e03df988d3a

Python script, ASCII text executable, with CRLF line terminators

ransomware.py

a3c59d21028dde3060c49310f8aa3e7e

Python script, ASCII text executable, with very long lines (877), with CRLF line terminators

rose_rat.py

3d66135525220519d2881a631b06f012

Python script, Unicode text, UTF-8 text executable, with CRLF line terminators

sysinf.py

53e80dc351c7ffb621b00785639d739b

Python script, ASCII text executable, with CRLF line terminators

tbsod.py

f59d458d650584daae3ba78eae9cb4af

Python script, ASCII text executable, with CRLF line terminators

uac_bypass.py

4c19f7bc8205ae3281651db74df4d94c

ASCII text, with CRLF line terminators

webhook.py

c580594274cdda72e81d280d9161132f

Python script, ASCII text executable, with CRLF line terminators

xmr_miner.py

240ea3d0269031162ecee1691cb41799

Python script, ASCII text executable, with CRLF line terminators

rose.py

e83cdedb4bd88d8f49fa1a669ddee229

Python script, Unicode text, UTF-8 text executable, with very long lines (878)

builder.py

414223fa930a138a46fb4e7360f0c101

Python script, ASCII text executable, with very long lines (977), with CRLF line terminators

msg.txt

1e67ed971573e9221877ffc0bcd4f302

ASCII text, with CRLF line terminators

cert

b769e370f66299bca7f86932bc24925f

data

post.py

2b821c97e953a5996ca271486abb7df8

Python script, ASCII text executable, with CRLF line terminators

sigthief.py

57156b83bcfa0c8cbc0fc36aa02a1617

Python script, ASCII text executable

blankobf.py

cba22493848b4019aba07d7ae9eaf797

Python script, ASCII text executable, with very long lines (351)

obf.py

89722f3c6bbc00edbcc4d4a95cdbaf95

Python script, ASCII text executable, with CRLF line terminators

LICENSE

4ae09d45eac4aa08d013b5f2e01c67f6

ASCII text

README.md

b1a23eb865c488cdcd3d12c5b56152d6

ASCII text, with very long lines (5551), with CRLF line terminators

__init__.py

d41d8cd98f00b204e9800998ecf8427e

main.py

459dabda4ae7d59e2b3e669f954a3d9a

Python script, ASCII text executable

requirements.txt

05709cfbb873e0a0f78200f6fd97b740

ASCII text, with no line terminators

setup.py

85cc7751134b8db7876126ae5f53a393

Python script, ASCII text executable, with CRLF line terminators

in.py

a3e222dd7d893c76795599a2ad6481a2

ASCII text, with CRLF line terminators

out.py

235f90f9a5c310e9cf88be34e599674d

ASCII text, with very long lines (22052), with CRLF line terminators

rose_builder.pyw

1b4834144ef4c17fe2f6e84553482a8c

Python script, ASCII text executable, with very long lines (874), with CRLF line terminators

README.md

235ff02635228bff362958c37e45f2d7

ASCII text, with no line terminators

decrequirements.txt

d4e80f4ec08e965d2a15418d630b5ec9

ASCII text, with CRLF line terminators

decrypter.bat

6e1e3622edd2ef18148e9e6ffb24a4d9

DOS batch file, ASCII text, with CRLF line terminators

rose-decrypter.py

7056873acc60b970f0e08fd1eb9788cc

Python script, Unicode text, UTF-8 text executable, with CRLF line terminators

unblock_sites.py

5b895cf1fbf83492c851f9ed51761e20

ASCII text, with very long lines (482), with CRLF line terminators

COPYING

ffa10f40b98be2c2bc9608f56827ed23

ASCII text, with CRLF line terminators

LICENSE

65278e1fbeb33a2cf4bbbe2b675eb724

PGP signed message

NEWS

3e223860fc132df57bfbbeb2f2569c24

Unicode text, UTF-8 text, with CRLF line terminators

README

ce86e2393bd62f6e24ed8545c6c58d6c

ASCII text, with CRLF line terminators

THANKS.txt

16438bcb4ff85fcc96ea0552a844d1cf

ASCII text, with CRLF line terminators

upx-doc.html

478359884f5cd4a977f7d48f34317d1d

XML 1.0 document, ASCII text, with very long lines (542), with CRLF line terminators

upx-doc.txt

ea38ac818a6b24362dccbf5a78c4f242

ASCII text, with CRLF line terminators

upx.1

101f7462d780148577caabb639778e02

troff or preprocessor input, ASCII text, with CRLF line terminators

upx.exe

655a20ead9bec35f9fea0c8bf4c8a560

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 3 sections

setup.cfg

f7714d2b02f861a5d8a5079d4970cadc

ASCII text

tox.ini

f7714d2b02f861a5d8a5079d4970cadc

ASCII text

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Public Nextron YARA rules	malware	Detects helper script used in a crypto miner campaign
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
VirusTotal	malicious	VirusTotal - Scan result 24/63

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/0xrose/Rose-Stealer_old/archive/refs/heads/main.zip

140.82.121.3

302 Found

0 B

URL User Request GET HTTP/2
github.com/0xrose/Rose-Stealer_old/archive/refs/heads/main.zip
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /0xrose/Rose-Stealer_old/archive/refs/heads/main.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Tue, 16 Apr 2024 06:40:00 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://codeload.github.com/0xRose/Rose-Stealer_old/zip/refs/heads/main
cache-control: max-age=0, private
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: EB5C:1F24EC:4759A77:480CD94:661E1D40
X-Firefox-Spdy: h2

codeload.github.com/0xRose/Rose-Stealer_old/zip/refs/heads/main

140.82.121.10

200 OK

954 kB

URL User Request GET HTTP/2
codeload.github.com/0xRose/Rose-Stealer_old/zip/refs/heads/main
IP
140.82.121.10:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subject*.github.com
Fingerprint0D:F6:EC:50:FA:ED:AE:6E:13:AF:82:94:52:F7:11:1B:0A:CF:7C:20
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
954 kB (953906 bytes)
Hash
2c22a33f0994faa508952bfe8332a75b
a1b7e7a8540ee667eb72497b28bc52a382a3bd4f
0f79ff7b65b9f14492d728a2964dbd9bf55ac122d3ebe5c24cdbb7533cdb2b3b

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 24/63

HTTP Headers

GET /0xRose/Rose-Stealer_old/zip/refs/heads/main HTTP/1.1
Host: codeload.github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=Rose-Stealer_old-main.zip
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
cross-origin-resource-policy: cross-origin
etag: W/"9ad47a56630bac2adf7c2688280cba6ef79ce3aab71940eacf4d0fbafd905117"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
date: Tue, 16 Apr 2024 06:40:00 GMT
x-github-request-id: A6B6:2C089F:448041:58DE62:661E1D40
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (73)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers