Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3RedEye-Ran...on.vbs
windows7-x64
1RedEye-Ran...on.vbs
windows10-2004-x64
1RedEye-Ran...ip.vbs
windows7-x64
1RedEye-Ran...ip.vbs
windows10-2004-x64
1RedEye-Ran...ds.vbs
windows7-x64
1RedEye-Ran...ds.vbs
windows10-2004-x64
1RedEye-Ran...ad.vbs
windows7-x64
1RedEye-Ran...ad.vbs
windows10-2004-x64
1RedEye-Ran...m1.vbs
windows7-x64
1RedEye-Ran...m1.vbs
windows10-2004-x64
1RedEye-Ran...m2.vbs
windows7-x64
1RedEye-Ran...m2.vbs
windows10-2004-x64
1RedEye-Ran...m2.vbs
windows7-x64
1RedEye-Ran...m2.vbs
windows10-2004-x64
1RedEye-Ran...m3.vbs
windows7-x64
1RedEye-Ran...m3.vbs
windows10-2004-x64
1RedEye-Ran...m4.vbs
windows7-x64
1RedEye-Ran...m4.vbs
windows10-2004-x64
1RedEye-Ran...m5.vbs
windows7-x64
1RedEye-Ran...m5.vbs
windows10-2004-x64
1RedEye-Ran...m6.vbs
windows7-x64
1RedEye-Ran...m6.vbs
windows10-2004-x64
1RedEye-Ran...m6.vbs
windows7-x64
1RedEye-Ran...m6.vbs
windows10-2004-x64
1RedEye-Ran...es.vbs
windows7-x64
1RedEye-Ran...es.vbs
windows10-2004-x64
1RedEye-Ran...GE.exe
windows7-x64
1RedEye-Ran...GE.exe
windows10-2004-x64
1RedEye-Ran...ye.exe
windows7-x64
6RedEye-Ran...ye.exe
windows10-2004-x64
1RedEye-Ran...ye.exe
windows7-x64
RedEye-Ran...ye.exe
windows10-2004-x64
General
-
Target
RedEye-Ransomware-master.zip
-
Size
119.2MB
-
Sample
231011-k7tejafc89
-
MD5
1c0b18e9a72a3a103f771cb4c2bee0f4
-
SHA1
3b2aa116c952cf0a11fed36eb5a8f4368a6e1c40
-
SHA256
6053a717d2b7edc7bfd6b07512adfca204883d66f5eddb00e432a5f16cc32b28
-
SHA512
1441dde445c6437ef66a10fc10d2ec55f5222b2535e87e3acb880a23e7850dd0f16d81a71bc11984e21cd6433db257392b7c10fe7606b6e12b56680caef2db6a
-
SSDEEP
3145728:OUTtm+aY3g+wmY68+JruvNlQ63hzH/Ur4vCUmyDs6pAY0Eez:OMY+L3g+/lalQQzfBvCZ+Qh
Static task
static1
Behavioral task
behavioral1
Sample
RedEye-Ransomware-master/NewRedEye/Classes and Modules/Icon.vbs
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
RedEye-Ransomware-master/NewRedEye/Classes and Modules/Icon.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
RedEye-Ransomware-master/NewRedEye/Classes and Modules/Rar-Zip.vbs
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
RedEye-Ransomware-master/NewRedEye/Classes and Modules/Rar-Zip.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral5
Sample
RedEye-Ransomware-master/NewRedEye/Classes and Modules/payloads.vbs
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
RedEye-Ransomware-master/NewRedEye/Classes and Modules/payloads.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral7
Sample
RedEye-Ransomware-master/NewRedEye/Classes and Modules/spread.vbs
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
RedEye-Ransomware-master/NewRedEye/Classes and Modules/spread.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral9
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form1.vbs
Resource
win7-20230831-en
Behavioral task
behavioral10
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form1.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral11
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form2.vbs
Resource
win7-20230831-en
Behavioral task
behavioral12
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form2.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral13
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form2.vbs
Resource
win7-20230831-en
Behavioral task
behavioral14
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form2.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral15
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form3.vbs
Resource
win7-20230831-en
Behavioral task
behavioral16
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form3.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral17
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form4.vbs
Resource
win7-20230831-en
Behavioral task
behavioral18
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form4.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral19
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form5.vbs
Resource
win7-20230831-en
Behavioral task
behavioral20
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form5.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral21
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form6.vbs
Resource
win7-20230831-en
Behavioral task
behavioral22
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form6.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral23
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form6.vbs
Resource
win7-20230831-en
Behavioral task
behavioral24
Sample
RedEye-Ransomware-master/NewRedEye/Forms/Form6.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral25
Sample
RedEye-Ransomware-master/NewRedEye/My Project/Resources.vbs
Resource
win7-20230831-en
Behavioral task
behavioral26
Sample
RedEye-Ransomware-master/NewRedEye/My Project/Resources.vbs
Resource
win10v2004-20230915-en
Behavioral task
behavioral27
Sample
RedEye-Ransomware-master/NewRedEye/Resources/SGE.exe
Resource
win7-20230831-en
Behavioral task
behavioral28
Sample
RedEye-Ransomware-master/NewRedEye/Resources/SGE.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral29
Sample
RedEye-Ransomware-master/NewRedEye/Resources/redeye.exe
Resource
win7-20230831-en
Behavioral task
behavioral30
Sample
RedEye-Ransomware-master/NewRedEye/Resources/redeye.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral31
Sample
RedEye-Ransomware-master/NewRedEye/obj/Debug/NewRedEye.exe
Resource
win7-20230831-en
Behavioral task
behavioral32
Sample
RedEye-Ransomware-master/NewRedEye/obj/Debug/NewRedEye.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
RedEye-Ransomware-master/NewRedEye/Classes and Modules/Icon.vb
-
Size
6KB
-
MD5
0fcac3bfcbce24fdf881ada2257be7c7
-
SHA1
177f8f8992067ba3641ca018556ab5f398b8ee5d
-
SHA256
e3c4ad4e676f1e7aca6c66687b902a7c1bb603eb08548d5a57edd8aa2a0af936
-
SHA512
29ea9070820e7ef9e77b624948f4801630cfebe2eff1c2485875ac65debc5f3baaadcf3ad052ebc440f249af093e19b5b8bbf9dd2a27bfa8735e6196ae28a03e
-
SSDEEP
192:23w5GqF9y/Agch+zypW0CiQW7jqDyKyE/vqEbdOyYJj+jDmMa:N5GqFs/Aga+zypWViQW7jqDSE/vqExOv
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Classes and Modules/Rar-Zip.vb
-
Size
4KB
-
MD5
27f8f38062d1a1e8b34b37205f1f059e
-
SHA1
15b9f74f97a6eece5004a3b6514275ad790f22af
-
SHA256
925cbc7995cf2dadb1b18e6517d738ce4e560817a1b7513ccc494edbcc93df14
-
SHA512
3ebd885cf0eb27b66482210544bd571e7b800f381b78002e68e6e8184df074eeebbb0084cb4c080d6013fb1e3aad1ef33b57ea71cc05a1a85fc86fe51a425841
-
SSDEEP
96:greeguEBubU2YLSorO4heChPhYggFaQ5TklKbuxB:PSYLTr1rdgAKTk5xB
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Classes and Modules/payloads.vb
-
Size
34KB
-
MD5
a50e52e831ff01994c538cecd9b97675
-
SHA1
7acaac4894a4fc7f1553e94db2a43e1711b3320f
-
SHA256
3ff5a56f2d3f37ea16e0661730e5707242cd715979f5ca75c67aac529cd54886
-
SHA512
67c0b3e22965173a1f2d83acda4de6ca4cb9f62b651b536f3061a77b3d837933af0a3319df3a377d283af7a878e8bd9bc86da18b6f1216cfd28ac16ef1724af0
-
SSDEEP
96:KNPoT8h/4Im2ag4AdZxRBV6WpP8Vn0XkMKmP7B54If+Ome0PtwrvtQ4t3rgtWPtj:+zjx9QwFp
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Classes and Modules/spread.vb
-
Size
3KB
-
MD5
1a30af64bf27a5026926e13e1eafc4cd
-
SHA1
d05918473c257e65414d6233cc47807a3ec605b5
-
SHA256
f6753ff43a0ea516d19b5e994b22df39ad6e9cba68184e0b9e3986e0dceebd7b
-
SHA512
80c19004214a10c79b8ba0e74a25291fbadcccd26edf3d99c90d06aa2232834bc72103ee07e2ba36a33986bab08a622d78c93606ffd43ebabdeb81220af9093d
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Forms/Form1.resx
-
Size
5KB
-
MD5
b9719dd65f8ef403784f6784274d73b5
-
SHA1
f60f826ef8587099000b115bb76b7b83fdc61d17
-
SHA256
184cb61a47c90c91d061b91522d5a83c85bc0fea6b16ea98fd9437f4923b3f69
-
SHA512
19422fe8eac00c1eb5027a95c8b12fa8f9b46e165cc5f91ba4f1a1e023355ddaebbacc55cfaf2833376b8936dc9adc58a077424152b903f25fc9b3d8cbb20c4c
-
SSDEEP
96:ECf+lbD5X5LPXCazYV5Lv6K6uOidfaxwsxuUPFC3qxdRMvDbu8KsrbEKAy202lUL:Zf+tLPfYnLvFVOiFQaUD7UIbawwbawZ
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Forms/Form2.resx
-
Size
25KB
-
MD5
ae55d57cbf1c79fed084f1c44f3907a6
-
SHA1
7d104a4fe2a0dd87aaeedd2e37ec6971b90b1d9c
-
SHA256
b0d7dbeedb283133b1bd620b4915f04a806fe8b8a952cf098b3578f8c948bd1b
-
SHA512
96e38b6ae2ff32b6cc0dfc7d00e989693b6d655cd6e26425d51033552600608d611982201ee5d45e60b9528431830e021d45c8636f9aaa1a7fc17734dd4e3950
-
SSDEEP
768:ZfWMnXOiWXevsoYaZ7dBc31rLSWtj7M4sQuHH1VacAy/NfU5U:ZfIiW3p0u1rL5tcxVHLamf5
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Forms/Form2.vb
-
Size
6KB
-
MD5
6db771eff8adebc8548829b0c58728a3
-
SHA1
ad250f1e048d9f978b8b74dbec188b3fc4b477b3
-
SHA256
ddcf31d99b2f0c733fd2cfd82c00d08798e16c0f5d004b0dcffe6bfdb029b160
-
SHA512
d46a6f35f952101cd5a38029ef73e1e49d2edf5c06d3e9e48acafb8bc441407bad57e12d82b93c384a73f4d48bda2ce6f51af5d81025b8fc9fddc9c6c7b6d266
-
SSDEEP
96:uxqqg7l8r8qXlmVhK4k13moNHC4ZeDend8G3gUYkeLdP/:uyyobK4k1S4rP3gfP/
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Forms/Form3.resx
-
Size
175KB
-
MD5
3a8aa014d1f56ec9ced30d566e8cc253
-
SHA1
667cdce60a522ac4dbb0eafc2282913323c03762
-
SHA256
91995e2db5cac2b2377bbd0b4bbcafe3a8225a442c69d64cc26aeb37318a7500
-
SHA512
f7e65295b7a4a4ea3116dc5f052c0f3eb835862b0c6b67cfa9a0a287589cc12e251ffe004afcf23918fb680518671d8f0f6cfefd8ce6a975d78e40c31e2f844b
-
SSDEEP
768:ZfWMnXOiWXevsoYaZ7dBc31rLSWtj7M4sQuHH1VacAy/NfUlaTAoMtXJGO12n3nN:ZfIiW3p0u1rL5tcxVHLamfO6VMtXJsN
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Forms/Form4.resx
-
Size
175KB
-
MD5
137409a321b9844c94647a22487731f2
-
SHA1
a9f2cb58c7e259e85b092638d217705684995416
-
SHA256
2fd14a4c7937b50f7cd28a90c1f20276233c024024da8c7595ec2ed274c80d41
-
SHA512
7691fa06f257883276451a2258649c2201c9ef9bb34249a25d23c201af68231f62ef17ddf3bbfd7af4177ffa5f812513862538f52e4314b9ccf7c340e75e11c1
-
SSDEEP
768:ZfWMnXOiWXevsoYaZ7dBc31rLSWtj7M4sQuHH1VacAy/NfUpaTAoMtXJGO12n3nN:ZfIiW3p0u1rL5tcxVHLamfY6VMtXJsN
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Forms/Form5.resx
-
Size
156KB
-
MD5
46a3a922f99736b7e75f19bdf1f0e7a5
-
SHA1
75ae43baa585cff9521aacc931389366b33f7a63
-
SHA256
289c1c835858c699057ab7c80abd31950adad77d446110d92b5fb500c7a33e11
-
SHA512
e8cabc88ec346037bbb0ae687deeecd8ab2566278d1f2a24ac41a705532f850424702b4310477d3183775ab7a00d0b524929809a8b327e38db46086cdffdf36a
-
SSDEEP
384:Zf+tLPQnLvDOiFQXD7UAgwEvgFawtJNqTUoN2Xuvq2Inu4ztXJ/uqt/8O1trYn3N:ZfWMnXOiWDaTAoMtXJGO12n3nhimS+
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Forms/Form6.resx
-
Size
1.4MB
-
MD5
05afcfcc49c9dc88df8635da8b54a259
-
SHA1
1bcb0f4675965474a6d120fcd8aedf1c4d75ac04
-
SHA256
21f6878c5357a1851068be788ceaa59f73e40a24ebe63de7eec56b7a487935b9
-
SHA512
52be52e2267cdc2414be3fb6bbe5be8c1265979ea21132b624c4ba6b1f1f4e3aaa27f2e0a6b5ce80d4a12de96ecae21f4b8e1643ee166dc8bf9fc94e739badb8
-
SSDEEP
24576:HHFv6BiRsyMUq/h/bnRFGKLYgsZUzxkDeBL7utQpLg7N:HJRTOJS6xByOi
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Forms/Form6.vb
-
Size
1KB
-
MD5
72fb2c2b6d1acd5f1a042e21cf80c4bc
-
SHA1
8e9137cc8aba1c521394fdb507884a2136f0fe7f
-
SHA256
5f09b08751af429a6bef0a09f577a1e92a3f170e1d66969923f66b60deb42d00
-
SHA512
e9e2ca91cfba3ba4e5d1b694b0eca78971291ca7057fcb1c9f5f06a7948ddf54555e79531e186a223561a12d4976c14fef3b9458ddbdb36097a64a1b4a291da0
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/My Project/Resources.resx
-
Size
6KB
-
MD5
8ad91921e3941d256667bc861cae996e
-
SHA1
eed8b792eda6b161cd45d80fa41f52752de8d886
-
SHA256
7265687fa48e628da7f37f563544e9948ccbfa3e95775c0f04b25b9d49846906
-
SHA512
cf35d67803420a8f02456c8ca4563c6d18ca0e18e257c0cefb770b78e1a3af8d87e972171b85e044799222af43921b07f17ef04de2943202aae84c72c0a763ff
-
SSDEEP
192:Zf+tLPfYnLvFVOiFQaUD7Ug6dGhQAh/4hCujhyGh+:Zf+tLPQnLvDOiFQXD7UgjhXhAhCchVh+
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Resources/SGE.exe
-
Size
41KB
-
MD5
c8118b7067f9708ad0cb8d545a24407f
-
SHA1
6361e5b8152c8040ba7a186c3ed003b0469bea51
-
SHA256
48f926ca260c58a865b74f59e8239f7e20bdc2a2c8963b3b6fa8c7bf0d130086
-
SHA512
e11b197b04e5e19a36df0e5905e7a5505ba2e44204f2994f97ddd706721bc9fce7aba11df785078620a65501a969d8249ac7c61e5da176bbfc5e5986b701f030
-
SSDEEP
768:/5C5Y8Q1sn2c/JLsPBx/v8s3i6E5nXfUWPYfIc/Qi3qEBQp:/5COC2KJLsPbR3i6EBXlLOUp
Score1/10 -
-
-
Target
RedEye-Ransomware-master/NewRedEye/Resources/redeye.exe
-
Size
44KB
-
MD5
362b4b7dd0051edc4650967c3c4de898
-
SHA1
83a047f8601239e30c3e57147903fa0e183e64aa
-
SHA256
43c4067c969e5dc0f8fe6b44a78df071323a5cac049e1fb63f5b3e54a0f7eed4
-
SHA512
b3b0f1057c0da8145dce37a2eed7066f573c6782a4c0adca67b354650a494b2ea65d05e59c34d73a430a23006d19c40297340c8dc3b01147d03bcf71921f6925
-
SSDEEP
768:ccqSwYqVQuw+qdWSMu8ydPfx9L19bBzwnjL3hYG44t9nhoqY/i8xC:cc9ZqVQcZz81xBohNjhRcLxC
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
RedEye-Ransomware-master/NewRedEye/obj/Debug/NewRedEye.exe
-
Size
34.6MB
-
MD5
a16493f64983e95b47f4c23a43b54015
-
SHA1
fa596483355bb89e1c767cf33ea2911633daa574
-
SHA256
8b69a3aa3d2dc1eff7cce69cbd0d7bb8d3c178e218a80f3eae36ea7868ce8892
-
SHA512
7396c831bbe70eba699af2ba749bc428a6fc143d4a27cc547213925514653a152947c70dc161e3f19422094a186ff74a6c04a20f11a164418d42d1ee47fa3938
-
SSDEEP
786432:Zg1mbZFph3NKjsqydxM0Xb96BxTRZSvmrIXAphIh0vxwTjFxOfZdac:ZumbJesqyd+0Xb6xTRUvmkXAfIh3nFkN
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2