General
-
Target
http://141.98.6.236/TPBActivetor/ZvfejoxpnTPBA-1.exe
-
Sample
220808-egqcascgdr
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://141.98.6.236/TPBActivetor/ZvfejoxpnTPBA-1.exe
Resource
win7-20220718-en
windows7-x64
14 signatures
150 seconds
Behavioral task
behavioral2
Sample
http://141.98.6.236/TPBActivetor/ZvfejoxpnTPBA-1.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
13 signatures
150 seconds
Malware Config
Extracted
Family
redline
Botnet
TPB-ACTIVATOR
C2
amrican-sport-live-stream.cc:4581
Attributes
-
auth_value
df7c91432437b11d8f25d54ba7832b8d
Targets
-
-
Target
http://141.98.6.236/TPBActivetor/ZvfejoxpnTPBA-1.exe
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-