6053a717d2b7edc7bfd6b07512adfca204883d66f5eddb00e432a5f16cc32b28

Sharing

Copy URL

Twitter E-mail

General

Target

RedEye-Ransomware-master.zip
Size

119.2MB
Sample

231011-k6tnxafc47
MD5

1c0b18e9a72a3a103f771cb4c2bee0f4
SHA1

3b2aa116c952cf0a11fed36eb5a8f4368a6e1c40
SHA256

6053a717d2b7edc7bfd6b07512adfca204883d66f5eddb00e432a5f16cc32b28
SHA512

1441dde445c6437ef66a10fc10d2ec55f5222b2535e87e3acb880a23e7850dd0f16d81a71bc11984e21cd6433db257392b7c10fe7606b6e12b56680caef2db6a
SSDEEP

3145728:OUTtm+aY3g+wmY68+JruvNlQ63hzH/Ur4vCUmyDs6pAY0Eez:OMY+L3g+/lalQQzfBvCZ+Qh

Score

10^/10

Malware Config

Targets

- Target
  
  RedEye-Ransomware-master/NewRedEye/Classes and Modules/Icon.vb
- Size
  
  6KB
- MD5
  
  0fcac3bfcbce24fdf881ada2257be7c7
- SHA1
  
  177f8f8992067ba3641ca018556ab5f398b8ee5d
- SHA256
  
  e3c4ad4e676f1e7aca6c66687b902a7c1bb603eb08548d5a57edd8aa2a0af936
- SHA512
  
  29ea9070820e7ef9e77b624948f4801630cfebe2eff1c2485875ac65debc5f3baaadcf3ad052ebc440f249af093e19b5b8bbf9dd2a27bfa8735e6196ae28a03e
- SSDEEP
  
  192:23w5GqF9y/Agch+zypW0CiQW7jqDyKyE/vqEbdOyYJj+jDmMa:N5GqFs/Aga+zypWViQW7jqDSE/vqExOv
Score

1^/10
behavioral1 behavioral2
- Target
  
  RedEye-Ransomware-master/NewRedEye/Classes and Modules/Rar-Zip.vb
- Size
  
  4KB
- MD5
  
  27f8f38062d1a1e8b34b37205f1f059e
- SHA1
  
  15b9f74f97a6eece5004a3b6514275ad790f22af
- SHA256
  
  925cbc7995cf2dadb1b18e6517d738ce4e560817a1b7513ccc494edbcc93df14
- SHA512
  
  3ebd885cf0eb27b66482210544bd571e7b800f381b78002e68e6e8184df074eeebbb0084cb4c080d6013fb1e3aad1ef33b57ea71cc05a1a85fc86fe51a425841
- SSDEEP
  
  96:greeguEBubU2YLSorO4heChPhYggFaQ5TklKbuxB:PSYLTr1rdgAKTk5xB
Score

1^/10
behavioral3 behavioral4
- Target
  
  RedEye-Ransomware-master/NewRedEye/Classes and Modules/payloads.vb
- Size
  
  34KB
- MD5
  
  a50e52e831ff01994c538cecd9b97675
- SHA1
  
  7acaac4894a4fc7f1553e94db2a43e1711b3320f
- SHA256
  
  3ff5a56f2d3f37ea16e0661730e5707242cd715979f5ca75c67aac529cd54886
- SHA512
  
  67c0b3e22965173a1f2d83acda4de6ca4cb9f62b651b536f3061a77b3d837933af0a3319df3a377d283af7a878e8bd9bc86da18b6f1216cfd28ac16ef1724af0
- SSDEEP
  
  96:KNPoT8h/4Im2ag4AdZxRBV6WpP8Vn0XkMKmP7B54If+Ome0PtwrvtQ4t3rgtWPtj:+zjx9QwFp
Score

1^/10
behavioral5 behavioral6
- Target
  
  RedEye-Ransomware-master/NewRedEye/Classes and Modules/spread.vb
- Size
  
  3KB
- MD5
  
  1a30af64bf27a5026926e13e1eafc4cd
- SHA1
  
  d05918473c257e65414d6233cc47807a3ec605b5
- SHA256
  
  f6753ff43a0ea516d19b5e994b22df39ad6e9cba68184e0b9e3986e0dceebd7b
- SHA512
  
  80c19004214a10c79b8ba0e74a25291fbadcccd26edf3d99c90d06aa2232834bc72103ee07e2ba36a33986bab08a622d78c93606ffd43ebabdeb81220af9093d
Score

1^/10
behavioral7 behavioral8
- Target
  
  RedEye-Ransomware-master/NewRedEye/Forms/Form1.resx
- Size
  
  5KB
- MD5
  
  b9719dd65f8ef403784f6784274d73b5
- SHA1
  
  f60f826ef8587099000b115bb76b7b83fdc61d17
- SHA256
  
  184cb61a47c90c91d061b91522d5a83c85bc0fea6b16ea98fd9437f4923b3f69
- SHA512
  
  19422fe8eac00c1eb5027a95c8b12fa8f9b46e165cc5f91ba4f1a1e023355ddaebbacc55cfaf2833376b8936dc9adc58a077424152b903f25fc9b3d8cbb20c4c
- SSDEEP
  
  96:ECf+lbD5X5LPXCazYV5Lv6K6uOidfaxwsxuUPFC3qxdRMvDbu8KsrbEKAy202lUL:Zf+tLPfYnLvFVOiFQaUD7UIbawwbawZ
Score

1^/10
behavioral10 behavioral9
- Target
  
  RedEye-Ransomware-master/NewRedEye/Forms/Form2.resx
- Size
  
  25KB
- MD5
  
  ae55d57cbf1c79fed084f1c44f3907a6
- SHA1
  
  7d104a4fe2a0dd87aaeedd2e37ec6971b90b1d9c
- SHA256
  
  b0d7dbeedb283133b1bd620b4915f04a806fe8b8a952cf098b3578f8c948bd1b
- SHA512
  
  96e38b6ae2ff32b6cc0dfc7d00e989693b6d655cd6e26425d51033552600608d611982201ee5d45e60b9528431830e021d45c8636f9aaa1a7fc17734dd4e3950
- SSDEEP
  
  768:ZfWMnXOiWXevsoYaZ7dBc31rLSWtj7M4sQuHH1VacAy/NfU5U:ZfIiW3p0u1rL5tcxVHLamf5
Score

1^/10
behavioral11 behavioral12
- Target
  
  RedEye-Ransomware-master/NewRedEye/Forms/Form2.vb
- Size
  
  6KB
- MD5
  
  6db771eff8adebc8548829b0c58728a3
- SHA1
  
  ad250f1e048d9f978b8b74dbec188b3fc4b477b3
- SHA256
  
  ddcf31d99b2f0c733fd2cfd82c00d08798e16c0f5d004b0dcffe6bfdb029b160
- SHA512
  
  d46a6f35f952101cd5a38029ef73e1e49d2edf5c06d3e9e48acafb8bc441407bad57e12d82b93c384a73f4d48bda2ce6f51af5d81025b8fc9fddc9c6c7b6d266
- SSDEEP
  
  96:uxqqg7l8r8qXlmVhK4k13moNHC4ZeDend8G3gUYkeLdP/:uyyobK4k1S4rP3gfP/
Score

1^/10
behavioral13 behavioral14
- Target
  
  RedEye-Ransomware-master/NewRedEye/Forms/Form3.resx
- Size
  
  175KB
- MD5
  
  3a8aa014d1f56ec9ced30d566e8cc253
- SHA1
  
  667cdce60a522ac4dbb0eafc2282913323c03762
- SHA256
  
  91995e2db5cac2b2377bbd0b4bbcafe3a8225a442c69d64cc26aeb37318a7500
- SHA512
  
  f7e65295b7a4a4ea3116dc5f052c0f3eb835862b0c6b67cfa9a0a287589cc12e251ffe004afcf23918fb680518671d8f0f6cfefd8ce6a975d78e40c31e2f844b
- SSDEEP
  
  768:ZfWMnXOiWXevsoYaZ7dBc31rLSWtj7M4sQuHH1VacAy/NfUlaTAoMtXJGO12n3nN:ZfIiW3p0u1rL5tcxVHLamfO6VMtXJsN
Score

1^/10
behavioral15 behavioral16
- Target
  
  RedEye-Ransomware-master/NewRedEye/Forms/Form4.resx
- Size
  
  175KB
- MD5
  
  137409a321b9844c94647a22487731f2
- SHA1
  
  a9f2cb58c7e259e85b092638d217705684995416
- SHA256
  
  2fd14a4c7937b50f7cd28a90c1f20276233c024024da8c7595ec2ed274c80d41
- SHA512
  
  7691fa06f257883276451a2258649c2201c9ef9bb34249a25d23c201af68231f62ef17ddf3bbfd7af4177ffa5f812513862538f52e4314b9ccf7c340e75e11c1
- SSDEEP
  
  768:ZfWMnXOiWXevsoYaZ7dBc31rLSWtj7M4sQuHH1VacAy/NfUpaTAoMtXJGO12n3nN:ZfIiW3p0u1rL5tcxVHLamfY6VMtXJsN
Score

1^/10
behavioral17 behavioral18
- Target
  
  RedEye-Ransomware-master/NewRedEye/Forms/Form5.resx
- Size
  
  156KB
- MD5
  
  46a3a922f99736b7e75f19bdf1f0e7a5
- SHA1
  
  75ae43baa585cff9521aacc931389366b33f7a63
- SHA256
  
  289c1c835858c699057ab7c80abd31950adad77d446110d92b5fb500c7a33e11
- SHA512
  
  e8cabc88ec346037bbb0ae687deeecd8ab2566278d1f2a24ac41a705532f850424702b4310477d3183775ab7a00d0b524929809a8b327e38db46086cdffdf36a
- SSDEEP
  
  384:Zf+tLPQnLvDOiFQXD7UAgwEvgFawtJNqTUoN2Xuvq2Inu4ztXJ/uqt/8O1trYn3N:ZfWMnXOiWDaTAoMtXJGO12n3nhimS+
Score

1^/10
behavioral19 behavioral20
- Target
  
  RedEye-Ransomware-master/NewRedEye/Forms/Form6.resx
- Size
  
  1.4MB
- MD5
  
  05afcfcc49c9dc88df8635da8b54a259
- SHA1
  
  1bcb0f4675965474a6d120fcd8aedf1c4d75ac04
- SHA256
  
  21f6878c5357a1851068be788ceaa59f73e40a24ebe63de7eec56b7a487935b9
- SHA512
  
  52be52e2267cdc2414be3fb6bbe5be8c1265979ea21132b624c4ba6b1f1f4e3aaa27f2e0a6b5ce80d4a12de96ecae21f4b8e1643ee166dc8bf9fc94e739badb8
- SSDEEP
  
  24576:HHFv6BiRsyMUq/h/bnRFGKLYgsZUzxkDeBL7utQpLg7N:HJRTOJS6xByOi
Score

1^/10
behavioral21 behavioral22
- Target
  
  RedEye-Ransomware-master/NewRedEye/Forms/Form6.vb
- Size
  
  1KB
- MD5
  
  72fb2c2b6d1acd5f1a042e21cf80c4bc
- SHA1
  
  8e9137cc8aba1c521394fdb507884a2136f0fe7f
- SHA256
  
  5f09b08751af429a6bef0a09f577a1e92a3f170e1d66969923f66b60deb42d00
- SHA512
  
  e9e2ca91cfba3ba4e5d1b694b0eca78971291ca7057fcb1c9f5f06a7948ddf54555e79531e186a223561a12d4976c14fef3b9458ddbdb36097a64a1b4a291da0
Score

1^/10
behavioral23 behavioral24
- Target
  
  RedEye-Ransomware-master/NewRedEye/My Project/Resources.resx
- Size
  
  6KB
- MD5
  
  8ad91921e3941d256667bc861cae996e
- SHA1
  
  eed8b792eda6b161cd45d80fa41f52752de8d886
- SHA256
  
  7265687fa48e628da7f37f563544e9948ccbfa3e95775c0f04b25b9d49846906
- SHA512
  
  cf35d67803420a8f02456c8ca4563c6d18ca0e18e257c0cefb770b78e1a3af8d87e972171b85e044799222af43921b07f17ef04de2943202aae84c72c0a763ff
- SSDEEP
  
  192:Zf+tLPfYnLvFVOiFQaUD7Ug6dGhQAh/4hCujhyGh+:Zf+tLPQnLvDOiFQXD7UgjhXhAhCchVh+
Score

1^/10
behavioral25 behavioral26
- Target
  
  RedEye-Ransomware-master/NewRedEye/Resources/SGE.exe
- Size
  
  41KB
- MD5
  
  c8118b7067f9708ad0cb8d545a24407f
- SHA1
  
  6361e5b8152c8040ba7a186c3ed003b0469bea51
- SHA256
  
  48f926ca260c58a865b74f59e8239f7e20bdc2a2c8963b3b6fa8c7bf0d130086
- SHA512
  
  e11b197b04e5e19a36df0e5905e7a5505ba2e44204f2994f97ddd706721bc9fce7aba11df785078620a65501a969d8249ac7c61e5da176bbfc5e5986b701f030
- SSDEEP
  
  768:/5C5Y8Q1sn2c/JLsPBx/v8s3i6E5nXfUWPYfIc/Qi3qEBQp:/5COC2KJLsPbR3i6EBXlLOUp
Score

1^/10
behavioral27 behavioral28
- Target
  
  RedEye-Ransomware-master/NewRedEye/Resources/redeye.exe
- Size
  
  44KB
- MD5
  
  362b4b7dd0051edc4650967c3c4de898
- SHA1
  
  83a047f8601239e30c3e57147903fa0e183e64aa
- SHA256
  
  43c4067c969e5dc0f8fe6b44a78df071323a5cac049e1fb63f5b3e54a0f7eed4
- SHA512
  
  b3b0f1057c0da8145dce37a2eed7066f573c6782a4c0adca67b354650a494b2ea65d05e59c34d73a430a23006d19c40297340c8dc3b01147d03bcf71921f6925
- SSDEEP
  
  768:ccqSwYqVQuw+qdWSMu8ydPfx9L19bBzwnjL3hYG44t9nhoqY/i8xC:cc9ZqVQcZz81xBohNjhRcLxC
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral29 behavioral30
- Target
  
  RedEye-Ransomware-master/NewRedEye/obj/Debug/NewRedEye.exe
- Size
  
  34.6MB
- MD5
  
  a16493f64983e95b47f4c23a43b54015
- SHA1
  
  fa596483355bb89e1c767cf33ea2911633daa574
- SHA256
  
  8b69a3aa3d2dc1eff7cce69cbd0d7bb8d3c178e218a80f3eae36ea7868ce8892
- SHA512
  
  7396c831bbe70eba699af2ba749bc428a6fc143d4a27cc547213925514653a152947c70dc161e3f19422094a186ff74a6c04a20f11a164418d42d1ee47fa3938
- SSDEEP
  
  786432:Zg1mbZFph3NKjsqydxM0Xb96BxTRZSvmrIXAphIh0vxwTjFxOfZdac:ZumbJesqyd+0Xb6xTRUvmkXAfIh3nFkN
Score

10^/10

evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Modifies Windows Firewall
  evasion
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral31 behavioral32