redline | hxxp://141[.]98[.]6[.]236/TPBActivetor/ZvfejoxpnTPBA-1[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

1

http://141.98.6.236/...

windows7-x64

http://141.98.6.236/...

windows10-2004-x64

Sharing

General

Target

http://141.98.6.236/TPBActivetor/ZvfejoxpnTPBA-1.exe
Sample

220808-egqcascgdr

Score

10^/10

redline tpb-activator infostealer

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

http://141.98.6.236/TPBActivetor/ZvfejoxpnTPBA-1.exe

Resource

win7-20220718-en

redline tpb-activator infostealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

http://141.98.6.236/TPBActivetor/ZvfejoxpnTPBA-1.exe

Resource

win10v2004-20220721-en

redline tpb-activator infostealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

TPB-ACTIVATOR

C2

amrican-sport-live-stream.cc:4581

Attributes

auth_value
df7c91432437b11d8f25d54ba7832b8d

Targets

- Target
  
  http://141.98.6.236/TPBActivetor/ZvfejoxpnTPBA-1.exe
Score

10^/10

redline tpb-activator infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

redlinetpb-activatorinfostealer

behavioral2

redlinetpb-activatorinfostealer

© 2018-2024

Terms | Privacy