ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 79.110.52.59:1801.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 250622 |
|---|---|
| IOC: | 79.110.52.59:1801 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | RedLine Stealer |
| Malware alias: | RECORDSTEALER |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS9009 M247 |
| Country: |  RO |
| First seen: | 2021-11-18 02:16:52 UTC |
| Last seen: | 2023-08-01 18:04:49 UTC |
| UUID: | 9855e71b-4815-11ec-8ab6-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | RedLineStealer |
| Reference: | https://tria.ge/211118-cjb7caeed2 |
AndreGironda
MITRE T1566.001Date: Thu, 18 Nov 2021 02:30-03:00 +0100
Received: from [181.58.177.248] ([181.58.177.248]) by web-mail.mail.com
MIME-Version: 1.0
Message-ID: <trinity-d207be21-3d96-4e92-bbdd-5ca55f668c3f-1637200485711@3c-app-mailcom-lxa14>
From: Irina <fibfibrig@mail.com>
Subject: Fascinating memories!
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Return-Path: fibfibrig@mail.com
Message URL: hXXps://teamgood[.]site/1979650898.exe
Stage Executable SHA256: 023e7c9e73b997a33476a2d958fb237395b098872854ce2e92af2b89cd87ca7d
Unpacked Executable SHA256: b3369789c692b6a286fc30de9a1a08f8c684ab89fa1e910200474e2d51223471
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2021-11-18 02:21:09 | 023e7c9e73b997a33476a2d958fb237395b098872854ce2e92af2b89cd87ca7d |