Easy.red.2.update.v1.4.5-tenoke.rar ((full)) Instant

Keep a full system snapshot before and after execution. This enables a quick diff of changes and helps in creating YARA rules later.

strings: $rar_name = "Easy.Red.2.Update.v1.4.5-TENOKE.rar" $exe_name = "update.exe" $run_key = "Software\\Microsoft\\Windows\\CurrentVersion\\Run" $url = /https?:\/\/[a-z0-9.-]+\/updates?\/[a-z0-9_-]+\.bin/i $xor_string = 6A 40 68 ?? ?? ?? ?? 6A 00 6A 00 68 ?? ?? ?? ?? Easy.Red.2.Update.v1.4.5-TENOKE.rar

meta: description = "Detects Easy.Red.2.Update.v1.4.5‑TENOKE ransomware/loader pattern" author = "Analyst (ChatGPT) – 2026" reference = "Based on observed filenames and typical payload behavior" date = "2026-04-16" tlp = "GREEN" Keep a full system snapshot before and after execution

condition: any of ($rar_name, $exe_name) and ( $run_key or $url or $xor_string ) 6A 00 6A 00 68

Easy Red 2 stands out by placing players in the role of an average soldier rather than a "super soldier". Easy Red 2 on Steam