ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 2.56.56.106:41557.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:645718
IOC: 2.56.56.106:41557
IOC Type :ip:port
Threat Type :botnet_cc
Malware: RedLine Stealer
Malware alias:RECORDSTEALER
Confidence Level : Confidence level is high (100%)
ASN:AS399471 AS-DESEQUITY
Country:- NL
First seen:2022-06-01 17:08:03 UTC
Last seen:2023-08-01 18:01:17 UTC
UUID:65fe2ece-e1cd-11ec-9c94-42010aa4000a
Reporter AndreGironda
Reward 5 credits from ThreatFox
Tags:RedLine RedLineStealer
Reference: https://tria.ge/220601-tfeazadbdp

Avatar
AndreGironda
MITRE T1566.002
Date: Wed, 1 Jun 2022 12:30-01:00 +0200
Received: from spark5.sunucupark.net (94.103.35.2)
Received: from [2.56.56.106] by spark5.sunucupark.net with esmtpa (Exim 4.94) (envelope-from <mine@minemoda.com>) id 1nwLyI-00A3PL-0I
Message-Id: <PYNVZ52X-SWKG-0LK-0CJC-E20M3MYUZE4Z@minemoda.com>
Mime-Version: 1.0
From: SharePoint <mine@minemoda.com>
Disposition-Notification-To: <mine@minemoda.com>
Subject: Two New Documents!!!
Content-type: multipart/alternative; Boundary="--=BOUNDARY_611253_BXJK_NEQO_VNMT_HGVE"
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
X-Authenticated-Id: mine@minemoda.com
Return-Path: mine@minemoda.com
Message Body URL: hXXps://boji[.]nl/wp-admin/june/NormalisedGravitated.zip
Downloaded Zipfile Name: NormalisedGravitated.zip
Zipfile SHA256: fc88610775e4181cb8623cc80a8519b6d6f73e68cf2a8fcc22b71a797da1ac14
Unzipped Executable Name: NormalisedGravitated.exe
Executable SHA256: 67ff3d057ee6962515be690ea592e84fa085302c1894c0b27f95e95ae1faa4de
RedLine Executable SHA256: 234d493d82f16989df917284f8b147798c8e72c65dddc1321b79c36e2eb76e47
RedLine DLL SHA256: 9c18d219c940a2c51bd8c9806ce0ae3000b19c2b70fe2a37ecc92d4ee73a0d61

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2022-06-01 21:41:54 67ff3d057ee6962515be690ea592e84fa085302c1894c0b27f95e95ae1faa4de