Overview

overview

10

Static

static

10

RobloxShad...up.exe

windows7-x64

10

RobloxShad...up.exe

windows10-2004-x64

10

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

10

LICENSES.c...m.html

windows10-2004-x64

10

RblxShdrSetup.exe

windows7-x64

1

RblxShdrSetup.exe

windows10-2004-x64

6

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/...dex.js

windows7-x64

3

resources/...dex.js

windows10-2004-x64

3

resources/...pi.dll

windows7-x64

1

resources/...pi.dll

windows10-2004-x64

1

resources/...e3.dll

windows7-x64

1

resources/...e3.dll

windows10-2004-x64

1

resources/...act.js

windows7-x64

3

resources/...act.js

windows10-2004-x64

3

sqlite-aut...llback

ubuntu-18.04-amd64

1

sqlite-aut...llback

debian-9-armhf

1

sqlite-aut...llback

debian-9-mips

1

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2025 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LICENSES.chromium.html

  • Size

    8.7MB

  • MD5

    1ca87d8ee3ce9e9682547c4d9c9cb581

  • SHA1

    d25b5b82c0b225719cc4ee318f776169b7f9af7a

  • SHA256

    000ae5775ffa701d57afe7ac3831b76799e8250a2d0c328d1785cba935aab38d

  • SHA512

    ec07b958b4122f0776a6bded741df43f87ba0503b6a3b9cc9cbe6188756dcde740122314e0578175123aaa61381809b382e7e676815c20c3e671a098f0f39810

  • SSDEEP

    24576:ZQQa6Ne6P5d2WSmwRFXe1vmfpV6k626D6b62vSuSpZ:ZMfTVQ

Score
10/10
redtigerdiscoverystealer

Malware Config

Signatures

  • Detects RedTiger Stealer 14 IoCs
    stealer
  • Redtiger family
    redtiger
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    753c228baab89694cd8bdc01f501a043

    SHA1

    be16d72e1b1ce1b9af559822d7649e943e86d062

    SHA256

    24af26b52e83adcc8947d9e985f05a713f765b8e5b9c4b3f2b00ff298fec40f5

    SHA512

    f4dce89447a4518413b54de3b2b6b612dc2f41a15c35dddff5507fed67b82067b8b7da9527621ddbe2ba66112358660475f61f8b50689fa22753780947fb6ded

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca9a9024e9d07278ffd3e1d7918da422

    SHA1

    f25865eba2232e797285319e8b4fc20dd1a26b2f

    SHA256

    2773a54eeff113d729e21cb8dc2eacd6633328376a28fe8fde76429f54df5721

    SHA512

    63f4756657a9dddfe33b1d05191e496a82da73601b71cee1faf3be7d94cd05246b5a87e3fea9d4d8ddde103cc4ec46ffc7b24fd928c02dc862bdd817a20527dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4644193012e24e0a76ca9c0ef873834

    SHA1

    6987f9ac3e08d9e94754839930c377a3cdcb456c

    SHA256

    93dbf9e505c0adc92ff0ee43d04c7c74bcdca5e2cb7970926944da2633afe74d

    SHA512

    0106a2608eec1335da52fca8bc87beddc0823f7d0a7209262f3428df7176c85217e2fffc8508eecfa95d9df964f69fa0bb5c44ca1c6065a067e4dc1063f83abd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e78ff4b0e323b58ec9b36f9c99fe8bb3

    SHA1

    4d0cfb46bada00ee10652a764f01a6f28298c737

    SHA256

    36cdcb310198f7f19620fbb257b9a7e9b8e96b760129e4d27838a4c8b2ff20ff

    SHA512

    0d345bb6cd4d78b75b7df088b87d60d150875ffb9fd140d038910532e300feae9c09d076eb05ac2de14fddea8bc28d8ded5f726536349095bc382f3c2e6f45bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20ea85b2a0153383844d961bbe2ab146

    SHA1

    e82082ff2d0684140124c4b372f40fd5bd385527

    SHA256

    001de567ee29334114aebdf89fe5e97e235d48e611d5a79cd15ba971d7dbdf3f

    SHA512

    ef2c23c4be3d76755edbcacedb4fc836f0fabd90478b86e5931fa45396a1ea74c702076998cf2e36d7309a92f2db024dedf23eccbaad4c068d8f4f321c45ea09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    edc288788e5ad18b63eb74f531c0fb99

    SHA1

    21a8fe864bd969b5f6a2f27b2943bf837c30f57c

    SHA256

    4da14b391522b2f6f4dc19e71bd3c7998b09c139e2632a80c11c32be30534a68

    SHA512

    685155985e3f82e2e68eacd0bef721d081c73bc01d50f73377d649d745828841aa3be1337ce33ea60ebfbb00d55dec1c090545a94f6f9e0f4b097fe347c59ab9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f7d72a3c5870200522a70e711121989

    SHA1

    a9bb17c51f2914df8c29012a033bd2c7d284ee17

    SHA256

    b8b1e7aa582b75e223e06ee078db2bb4b9c2f1c0cab9b4def2f5c5d332b94162

    SHA512

    d7e9a06e237f2f96faf12935b3f4ad0152e0f3001f88bb865fb991099605ae1d9619e58eefaf115df4e2060991fb6f7e2497d0f98948e6e7aab5b5f566e13f09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b21a14be8f8c3db975b36fe29f98ee6c

    SHA1

    0a043f0f297740639e3291847e0376dcd5bad88c

    SHA256

    09c1b0b08c6f3ebb8381727bb3cdd89635cb94e78d95262f1ed8786288c87f74

    SHA512

    e3c2b8abe7f43de0dc5986205c75c106303a1441ec2190089afcabd83f6c1afaef886d6b1be453105e597b3647e28c92d91d0b0c956db80f0b2645079be7dba0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e3bcfbf8fecfc6db35b4013f85633b1

    SHA1

    6d4b51aae47d8169c5caafc8e04e1362973d8f97

    SHA256

    67cd39e555227aef2333e99c6b084551cf43a2001a044a2400a44d63a685b38c

    SHA512

    dd6cff64ef23d8d55a6086f52603feb731e15c7ba84182353285b3b9910bcd388d92ed0d64d0075984ea0860e12633fedb715e0a71e63237f0cbcbc906fa710b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f03364e1dce313c8ba3a614a4c09d8d

    SHA1

    7de20a9fb96d54a129559bd49798c6e6d723d14a

    SHA256

    ccbf10b275cdc7560b0349b2b4bfb343142f6b49435c20d74881a612abb75db8

    SHA512

    278700e29adb77e9b2d5e5fc7a4bdd28907dd9005b0f581c63d0a61a5e2d74674f6ade27df1c4f7e804253951e66361064fce105d67b4fa72ed88bb367a7f7b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d747b7ba9d72607c6b5d8a0cc1d9e67b

    SHA1

    d7f6f75411775e4009656b09940070fa741bb3dd

    SHA256

    3a09fa8e7516b1583af83a584dea656e4a6b972b0e73634d226c35d31a0a7828

    SHA512

    7b2fff56e9fbdb40ceb5cdacadd18f9bbcab5c78f0aacaea04f3a17e3082116f7f890bee72ecd6171c0436f1927032eb94907e576f46d3ed3506634216078a6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b46d97368c047ad6a88e69697ee7f5dd

    SHA1

    4c791290c572c7772447482ba028cb60575cfff8

    SHA256

    4f38536878413ed010a02211365fd18a8d3c9ac24e795bf5215deadee2b97e15

    SHA512

    901e25fa57820b87b4609e14507830b6725ab05385a4ff6914fa899949df68417a77f45fba0e9d9c8db26a32cbe0317ebe11e2354e2f81d3bf31ccc20d38f63a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7084a5656290f56638c050566322354

    SHA1

    4fdfcdd364fba11d545fe3c682d2432e5936c520

    SHA256

    bb1bf62b93ae141249c912c1f8aab40da3d90265fda2fc6ad591e22b228605a6

    SHA512

    733a9f36592cf8a45eddb2f20124c68ab348d55edae1c98bcd8f0a1d54915956169ff5f06812ea25a701734691a8c0e260562b78580ea49a0602043169d4790b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    154f173fdbe5c2b658f22b1d7354166e

    SHA1

    ad70afee07915c8d02aa6d63a28d6bb6c5b922ae

    SHA256

    e1095f9692d73bcd3d75bb15530ad21c4a3238682ae33223418d878367bb8f50

    SHA512

    f1665bb8a8a46992ec73eb7a07bc1db9b20c7a30085203bfb0a1b4447f011ebfa58b075733cabf4d2c21b5430013f77105b4d90728087340686eab555773cdac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44df8593524cf00285c5fd07e95d0456

    SHA1

    60abf573b945aec0ac24da6f6e1acc4ee25391b9

    SHA256

    017782ef123b28b8946867e8dd53cf6ae79a141eb650b8cd280e68e9eeca96a0

    SHA512

    795282c370134577eb5f3f71a73abcab221f6a05354f7d1dbced1c23579c6cbf8907d5f7240dc14ca96070ab207b92da07a2ac00a2337ded80eac4633a2c8281

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca4444e65502aa32fd05178014c196ea

    SHA1

    2b9ee16cdd0f6589ed5340b9a48811214ddd84be

    SHA256

    09878cdce5cc1d7cca00265d2000e737c9ef48c8a1b42be19a51fe538672b9d1

    SHA512

    3ea9e28d6fb1174c5fe59b6326f065f768d5a5b12f47900f050dbe7e538d9542ad46f799fa260c3495db89147bc5ad66b150ed3e8e062f056974f232e72731e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72ed793f7b7a3b6b897a010a8fa9ac71

    SHA1

    b5c232578ad1b632921ebb9c83ea73cf273a9818

    SHA256

    99ec11285bfb2c09d1603cc67d4bd83596faa184f43413bf88bcd200a33d7136

    SHA512

    82067290d39d79c1fb5b327463d81a7acee52ca5baae95ccfbc8f96e430230b7051226b62074199348b389ce74ff20f09b962846f4b7ba9d2667e3592f7d63af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    056fa7deabfdeefd1ed86696ea86cb65

    SHA1

    bfdfaa4153c33ea4122322ada4cd27614770ea83

    SHA256

    99f6ffaae8345ce683029fbbef48186775710f71e76afa3211a6b1325622aa7d

    SHA512

    15e40a329c23e9840a3f80165d09d440268717dd0b62d8b7d31736ffbdb730aadc0c5cf0dfacf9e48432b26d89cb0133d932b5236131847fe2b15aeb031a4e0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab68D4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6983.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit