Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Roblox Exe...nu.dll

windows7-x64

1

Roblox Exe...nu.dll

windows10-2004-x64

1

Roblox Exe...nk.dll

windows7-x64

1

Roblox Exe...nk.dll

windows10-2004-x64

1

Roblox Exe...or.exe

windows7-x64

10

Roblox Exe...or.exe

windows10-2004-x64

10

Roblox Exe...up.dll

windows7-x64

1

Roblox Exe...up.dll

windows10-2004-x64

1

Roblox Exe...her.js

windows7-x64

1

Roblox Exe...her.js

windows10-2004-x64

1

Roblox Exe...x.html

windows7-x64

1

Roblox Exe...x.html

windows10-2004-x64

1

Roblox Exe...ent.js

windows7-x64

1

Roblox Exe...ent.js

windows10-2004-x64

1

Roblox Exe...ent.js

windows7-x64

1

Roblox Exe...ent.js

windows10-2004-x64

1

Roblox Exe...ris.js

windows7-x64

1

Roblox Exe...ris.js

windows10-2004-x64

1

Roblox Exe...x.html

windows7-x64

1

Roblox Exe...x.html

windows10-2004-x64

1

Roblox Exe...nit.js

windows7-x64

1

Roblox Exe...nit.js

windows10-2004-x64

1

Roblox Exe...ins.js

windows7-x64

1

Roblox Exe...ins.js

windows10-2004-x64

1

Roblox Exe...ant.js

windows7-x64

1

Roblox Exe...ant.js

windows10-2004-x64

1

Roblox Exe...ion.js

windows7-x64

1

Roblox Exe...ion.js

windows10-2004-x64

1

Roblox Exe...s.json

windows7-x64

3

Roblox Exe...s.json

windows10-2004-x64

3

Roblox Exe...ic.cfg

windows7-x64

3

Roblox Exe...ic.cfg

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Roblox Executor.zip

  • Size

    23.8MB

  • Sample

    221011-zvgyasechp

  • MD5

    1be6f00159f288b158e8f18bf8640800

  • SHA1

    23e03e8aebff0978ff0b7ed6b18697893eb22873

  • SHA256

    57433b36d4a258d2b0453d79c682478a2a4eb602df25227d878ebe52a7ad8765

  • SHA512

    bffc3c84b0e21e6b70d74f1d0a8f875c627e1d98e898c2ec458742ebe0567185f304fa4a1d6f0a67c9c0c6ef47da00893d09f0ffd8e71129e3d55e86fc585cab

  • SSDEEP

    393216:1djXMiOZb2G1BxVOuLJe9LxNYWrOGFCuIhhUiKl6G79dfqGD/fmA14SNX++hRL:nMi6bjaSKLxNYWrOsC7hhdU794QHX+M1

Score
10/10
redline@watashiwokoroseinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@watashiwokorose

C2

77.73.133.19:31892

Attributes
  • auth_value

    45f131fc4fd6dd7d4b2f3e957f83960d

Targets

    • Target

      Roblox Executor/Colorful.Menu.dll

    • Size

      6.7MB

    • MD5

      376c23547c4bc35c9b9ae015cb16f368

    • SHA1

      418b83cd910cc3399847d978e6536da8eacacc6c

    • SHA256

      d3c8c838f7757536cefc36f03f0bb37fd63f1f12a673015d2abd704d77c90caa

    • SHA512

      7ebfb5c663c16bd641216f68d1955a53cad62b3c5e76ca86b6f514a25f91120105ab5e825a63b801858547476292c3a7939a4129f8e346f88a17911dd7cf818b

    • SSDEEP

      98304:dpmljOztPrpFa8oUCITCgJJyzXU73NMl0LrUAakOomrRpqqq8A8s0sL7gKI6C/P:Wja1AVJYCzXU7d/clo6jqqq8A/kKUP

    Score
    1/10
    behavioral1behavioral2

    • Target

      Roblox Executor/DirectInk.dll

    • Size

      158KB

    • MD5

      3b07d9d84170b84221e767bb8e0d25f1

    • SHA1

      38b94df5ac561d094599bebe212449bf76297634

    • SHA256

      7dc1bd1186ad5833093c330339ca242f578c8eb1a83fb12f7f656b91f40f5fee

    • SHA512

      0600d38f9495a145d4d7805630a10678a7e13a799835f9c1159e5388237aad654f5c36cc945adb6b71801133cf8ef4e15847510da251a00cb6ff325ee88ad9cd

    • SSDEEP

      3072:9uU/yqDKcelwIgSJbaTCi4C+YGZiKSME9gFZmK/Q:AUNilzba14Lgg1Q

    Score
    1/10
    behavioral3behavioral4

    • Target

      Roblox Executor/Injector.exe

    • Size

      2.6MB

    • MD5

      0c94ffa43eda8dbb9d4213d63f96dec9

    • SHA1

      8b4c7361470e331a3edf9ef94aff20facff342c2

    • SHA256

      6686e809c825c1f19b849e66e542f673c477832f2ab37b033d840e44ac82277a

    • SHA512

      2909a71b1cf2eb8df9d094067829b1b5910a5deb6c97bddfbc84b32be8f16b4a8e49560487cbaeaf29b4c078a6c28302a6518b23d08f1835d832854162d8ca15

    • SSDEEP

      49152:FEbIpbiqzH1bjD0nSRtcqCygeAVfyJ3il30:FMIpbiqzJjeSI5ZrfyJ3X

    Score
    10/10
    redline@watashiwokoroseinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      Roblox Executor/Setup.dll

    • Size

      13.4MB

    • MD5

      6733520ca298755f5b3fa4ba82d53f97

    • SHA1

      6d6b3b852654e80eb0295a20dd073af70adb83b5

    • SHA256

      d11d58f0ecda8162c5f8bded2c30c8e59f4ad6bd91a1b318a6f4ba859f7662d9

    • SHA512

      18834e336167710c67cffc7f552897276fd39daebb90db3b1fb6e1f4e5d0ef4e1bcab9990d0d0980c4f4d34b7d510085c75fa63ce893a66c4ddddb70c8e91e86

    • SSDEEP

      196608:Wja1AVJYCzXU7d/clo6jqqq8A/kKU+ja1AVJYCzXU7d/clo6jqqq8A/kKUP:W+1E3U7dv60Tn+1E3U7dv60Tg

    Score
    1/10
    behavioral7behavioral8

    • Target

      Roblox Executor/WebResources/Resource0/app1/dc-app-launcher.js

    • Size

      264KB

    • MD5

      3b7dfe9956103743fb3b5f372694a3bf

    • SHA1

      201eb2fa8c40b98a1ecb392b163b20568cf4e448

    • SHA256

      007d6ad1c7e18ea4d8481feda64ccd6a15e1b9c6969918a3bdfc16b1e87dadba

    • SHA512

      1bdc0f8448c3d0f572ad89c964bb98f88049e22db7b5cfa02ce442d92daf4bc4f613f47c8d832a5fee881a8080f52fac5afb8f2db869e058ac1a5d8b5fc23236

    • SSDEEP

      1536:CEDsQ2fPHr170nL1wPvvk9mQhlquCaqDa+5sDa+5RDa+58Da+5ZDa+5hr/Da+5dd:CEIQ2B3Pkg4qM7czhrJPz3nflJb3pB

    Score
    1/10
    behavioral9behavioral10

    • Target

      Roblox Executor/WebResources/Resource0/app1/index.html

    • Size

      3KB

    • MD5

      0b31851506ed8c5919d9252172b78cf0

    • SHA1

      1d791bd5fd1717197ffbfa50620eb0affd3f03cb

    • SHA256

      efbc2f1ea39a9e840c755820be8b50ee6a78ed604514980b984b9ab1ae18a97f

    • SHA512

      8b33cfe591d23c2bbea14cc54bcddbd8f25833a23ecbfbb2ef85f1a6757d15f93bba99f357d31306732e2b32dec7d01068bb3f0f814dd727b6797f5e60f8c9d8

    Score
    1/10
    behavioral11behavioral12

    • Target

      Roblox Executor/WebResources/Resource0/appmeasurement/prod/appmeasurement.js

    • Size

      63KB

    • MD5

      c5e93a5eb1ab10949d31bb5f80f95809

    • SHA1

      d180d65e1319d55e122a59cb75379902612005a8

    • SHA256

      92a4d2c711a9afb4a041255b6923d4d75a0ca8c292d582a72399416bba73ed38

    • SHA512

      d0835be6c987644fd1d3ed02ce965166196c54f329ee05499ad9002f36f368b6533d82ac2d70302c40fe403e3281926ee3982863ff03000a2984c5189d8a6e81

    • SSDEEP

      768:t8GmzOmjiXyJpDFhEBs3bojmI9iJRKyyNRM/8xaGvjjTEMFkc0HI/0z0YJAojzJ8:uDji4DFhEBsKiJEf6223AyDzJJwH

    Score
    1/10
    behavioral13behavioral14

    • Target

      Roblox Executor/WebResources/Resource0/appmeasurement/stage/appmeasurement.js

    • Size

      64KB

    • MD5

      5b138ea720b0276b00eca90f5d581768

    • SHA1

      569dc66647a384bbc3439e7f15e82cfdba353770

    • SHA256

      d2e99f204e8d86f3bbf34e0239d4ed3aead088ee930614bdaa8d7480edd50ab5

    • SHA512

      c261d0a3df412a0a395408b0ed5b3961eb1f14939e9594e9409a224b4f4dd82ae03eecbdaaff5e64b5b9389c6b6a3e85effab9df3de1c4427c1b30031cb09502

    • SSDEEP

      1536:4gqbt5rOLWUSlZSANE1Pcl9MBN666qtxNf92:4bngY9MVtx2

    Score
    1/10
    behavioral15behavioral16

    • Target

      Roblox Executor/WebResources/Resource0/base_uris.js

    • Size

      5KB

    • MD5

      001ec2c7b9a24fb99a7728d25f96191e

    • SHA1

      27c9890698b098e25c5a58b09294759112fb188c

    • SHA256

      c2cf0161fb2bfb426c736ee457cc365a9ba52a9b3d01d1801bacf4713415e649

    • SHA512

      deb8b577a081b851925a008ed703fe16af42d803e1608e3a3a4e91cc000ea571401bd2e94b5f25bf767517cef74ff0d0f239834a25925c5d63f521638e0949e8

    • SSDEEP

      96:GDfoX6ECy6hkreVF3FCIwfXDFSIAJJaDt:GDfoXfCy6hkMhFCIwfTFSIAJJax

    Score
    1/10
    behavioral17behavioral18

    • Target

      Roblox Executor/WebResources/Resource0/index.html

    • Size

      3KB

    • MD5

      b497fa31315258244c91634b4e002098

    • SHA1

      c5eaef2948415dfa872885c10a205833d1b01814

    • SHA256

      bd50e83afd31dfd5f9810d389236ac00dc9f5b93f5000121022d8d56166d4c06

    • SHA512

      bbb7303d69669a743a4978c69db559654ff4b80bbda4964f68d248ee82e015eedfc7177fc20b85ea82fde9ed82b3dd24032dc218b368deb2278ad76d4c3608f6

    Score
    1/10
    behavioral19behavioral20

    • Target

      Roblox Executor/WebResources/Resource0/init.js

    • Size

      7KB

    • MD5

      d2050a17401cabe7ad9490e3be993609

    • SHA1

      2221cb3ed990a86a11111905a8866efe9c87301c

    • SHA256

      2a474fa03e9e77fa0b2692482f25c48880f52502b322f7ab09d76f23bfcf812d

    • SHA512

      b2475d422123533a670d157c16b9ab206d1fed48d471c31b1de51c75d0a6dcef6a880ae5a88d3368c4ec605fe5d659cf4f6a30fe407e98fd4e94ea21df2f91bf

    • SSDEEP

      192:aDfjikWCX1AsuqDxSPmsoDIkCy6hv6nGinCbIyWkVlmAdFjWSeCI81b7dc88X5:aXiiX1AsuqTsxlv6HYc981bz8X5

    Score
    1/10
    behavioral21behavioral22

    • Target

      Roblox Executor/WebResources/Resource0/plugins.js

    • Size

      30KB

    • MD5

      65b922f8273d662c21a78710a9971a45

    • SHA1

      f2d959466ba2d6a6852aff141566d93fd6dbcfde

    • SHA256

      6f61feb0bbf1ee38b9ad118d3b203b71f4384fbf336a184ee55da6748a2e0d21

    • SHA512

      1ed6aa3739f63c895ede0fd2dc81a2f4354411a94909d8aa93a0aa1a997d1f4cad493bac4e4902b9b46bb9b8b56fa2720597ce6a9be6601952dc3e0d9c69bba5

    • SSDEEP

      768:a7aQ8ovfxUvNZUzLdtfx06FPExdEZk+Enk9PEZk+rnlVKfXGh0cGh0wdh3U78V9l:aO5iGMBtfx06FPExdOk+ak9POk+DlVKz

    Score
    1/10
    behavioral23behavioral24

    • Target

      Roblox Executor/WebResources/Resource0/variant.js

    • Size

      268B

    • MD5

      243c7e5e12458bf5312653892d5d59bf

    • SHA1

      2178f717d5f59df70ee6d1999792847ef686f68b

    • SHA256

      49090f650668507294012663db5648e28e7e20e1eee4df6cd5c4493330ba5994

    • SHA512

      26d7113f7ee309454dbcdd8ea55416a8b76184fab9dcb9e74d7de9704cdd11858fa95d84780e45299cc3c417d5385dfcd735da9149f756f6a93c719ec680b9f6

    Score
    1/10
    behavioral25behavioral26

    • Target

      Roblox Executor/WebResources/Resource0/version.js

    • Size

      2KB

    • MD5

      2f6342f2f52ae86321ed33c891887e99

    • SHA1

      0138ec0e8b1418464d61f0cdc3cddf3812c29393

    • SHA256

      029a3ec8b4cd2b5205c3ea398777c9a6bd14c97db05f6861727eff9544d22571

    • SHA512

      6f9fefec2ead24529076cc1a5481ef52b03d3c0dede578fce302961ee6d2d486d8b97d44c7be5d0f5fa23ad58cded3a286ab41c4b7ae85555d34b85811d6c07d

    Score
    1/10
    behavioral27behavioral28

    • Target

      Roblox Executor/config/oreexcavation_shapes.json

    • Size

      566B

    • MD5

      a614a41eae4d83b3b488244a3f524445

    • SHA1

      3ccebf4a4a61e5272a86574c2e5b1f41b2d59ef4

    • SHA256

      9c53b3dd12efdfb46e8a6d82af6d218a6f975ad40015213da3f6aa7fec7eb377

    • SHA512

      b6bd94674366d50d94b912c5da4b8720bad2a889b758f26e3c372e9b7e19901a08a684fdad78b9a24314b17b706d8117f4a9129d8d523a7015b6a6021655e28a

    Score
    3/10
    behavioral29behavioral30

    • Target

      Roblox Executor/config/rustic.cfg

    • Size

      7KB

    • MD5

      2c6ab957b1b26188c8c5e061b47b1efd

    • SHA1

      62abf98d86280029905fe83a23e03065cfb301d5

    • SHA256

      9eaf4f0dea3c7a03cf75e480f2e96836ac29e1b70f960cd469012d6818ceb3de

    • SHA512

      4fa1f6dd4f4e83aada1838897276da200a8276d9768a10ff42280ad94f51c46553e665d493246a86634cbce45663ba99cc75065aa556e10ef0d95acfd561c150

    • SSDEEP

      192:lzQISsbfPhb8Z36IWPJz2p/anWZWZASOvaaA:lzQIlb3h4J6PPJz2p/q2o

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

redline@watashiwokoroseinfostealerspyware
Score
10/10

behavioral6

redline@watashiwokoroseinfostealerspyware
Score
10/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10