Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

RedEngine_...FX.dll

windows11-21h2-x64

1

RedEngine_...PI.dll

windows11-21h2-x64

1

RedEngine_...ck.exe

windows11-21h2-x64

9

RedEngine_...on.dll

windows11-21h2-x64

1

Resubmissions

09/08/2024, 08:07

240809-jz4pvsscld 9

09/08/2024, 08:05

240809-jza3jsybkl 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RedEngine_Cracked_V5_1.rar

  • Size

    1.4MB

  • Sample

    240809-jz4pvsscld

  • MD5

    134689ca0917e44a74d51a1a3c2a89f2

  • SHA1

    43538701963c2366b7de676b1a13ea3580517a3c

  • SHA256

    1dfe3f83136031270e0d10047557c532b49a874b77bc455d6c93d356349545c7

  • SHA512

    4cfd9f93f64d93df43e15e5d0d47ac0f42c0ce832fe1745c7ad0e60809b39cb532040ffd19dd1fdb772fcb9147d8f2f215233ab1fe88c9608314c2d1131fc6a9

  • SSDEEP

    24576:+KC9fMa6jR1ENRM9gzLxJKojLOVHbe+Aw7Oev+PKSXUMI+aWFNF2/f+tNy:+KCaDORX336VHbuqvxSpayF2/f+tg

Score
9/10
discoverypersistencespywarestealervmprotect

Malware Config

Targets

    • Target

      RedEngine_Cracked_V5_1/RedEngine Cracked/Fivem.CFX.dll

    • Size

      415KB

    • MD5

      360b5cec575080f52030bdcd8d02a5a3

    • SHA1

      c7b1dc893b82433e2990a623897baaecab394360

    • SHA256

      99265d78c4e55267ed476a9861c226d5471cef29ffce6b00e1bcf5544073670b

    • SHA512

      47b0384e05293746c6d1a59d7b26bd2d56a8720aa8b1b93035b763fcae30a91ae43b3198d5140cd983f72a133303b732ebb5e440e568c6a939c60c663a5a50e8

    • SSDEEP

      6144:TewKp22JCoB4Tlt8KpeybiXn8CJhAPwa9EjVG3:TejQX70Z8zPrajA3

    Score
    1/10
    behavioral1

    • Target

      RedEngine_Cracked_V5_1/RedEngine Cracked/InjectAPI.dll

    • Size

      164KB

    • MD5

      cb32f0166833761b9009c32dc122964e

    • SHA1

      1235f72d83e8e6638ecabb84d7b55e2cbfde68aa

    • SHA256

      f3c37c3d71573368f463f053e6b5a90c5073dce79559c8975e12e010e1fb5836

    • SHA512

      eefc1e0455c71672990cf5a5934490816a0cf3c1a272dc7da298bd9ae4dd2bda10669c1ca8b3e06320fadbdd12eeb4c99241dac7b751c220c8d405dfb8bdabac

    • SSDEEP

      3072:HV6z1Q7Dp8CaQ5ENuT+bdf6MaSEUqh6D:HV6hQ7DCHQeFbd6SEUqh6

    Score
    1/10
    behavioral2

    • Target

      RedEngine_Cracked_V5_1/RedEngine Cracked/RedEngine Crack.exe

    • Size

      1.4MB

    • MD5

      d1d591c35fd846f1387db4898f230163

    • SHA1

      02ac17ca638a53e95e48ae02699453ae0e6d9040

    • SHA256

      ac05991c970b324fc2922fd9318f6d16a4b6793570ab04bc9caf886fb7711dc6

    • SHA512

      6eeddfa48e39d57164ee149421e5c235a9fdfaf5fbf1c37a05dcbb0bd703e66621acc76b6f00344c4b1378881c59c9d71fbc061d78ede3d788e3b8e1f1433d25

    • SSDEEP

      24576:JNUjfcXaCZoFAaPv2CR1W/lpAOfGpckI7kIKlm0pRNvtuCWGxHhLGgLPkPHc:HU4IAaH2Ce/75ucpTa7bpGgDkPH

    Score
    9/10
    discoverypersistencespywarestealervmprotect

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence
    behavioral3

    • Target

      RedEngine_Cracked_V5_1/RedEngine Cracked/WebSocket.2.1.version.dll

    • Size

      119KB

    • MD5

      d00fe9035e5936a65ad44d819ca7b392

    • SHA1

      2dcb764a59909008617f7cee40ab632e3e44bac8

    • SHA256

      f812a1da84b579be1032acb06f13546220e1d26b79d9008659b5b4694353045d

    • SHA512

      7cd92ffad5d70a9a7d0750e586d6718b6d631ea7c23437e323b5ffe588f856c43e06088f779b291cfb1d4474c85c03356298c0af54fdd90687936766f707e6f1

    • SSDEEP

      1536:KT5tXDWj7Y8D6hKvKbrIueQEc3ncl5Jr9aIs/VhKSXS6MmQRJt2+pQc9dYjb2oja:+3ncl5OuSXWms/Qc9dYjbBjVcJ3

    Score
    1/10
    behavioral4

MITRE ATT&CK Enterprise v15

Tasks