Redline Stealer Trojan
Redline Stealer is .NET-based information stealing trojan sold through a number of hacking forums.
At the time of publication, Redline Stealer has been delivered exclusively through spam campaigns. These campaigns attempt to spoof emails sent by the Folding@Home distributed computing project regarding Covid-19.
Once installed, Redline Stealer will collect user and system information before connecting to a command and control server. It will then attempt to extract the following information:
- Web browser data (Chromium- and Gecko-based browsers only):
- login credentials
- cookies
- auto-complete fields
- payment information
- IM conversation histories
- FTP client credentials
- Cryptocurrency wallet credentials
Indicators of Compromise
IP Addresses
- 66.206.18[.]186
URLs
- bitbucket[.]org/example123321/download/downloads/foldingathomeapp.exe
Email Addresses
- shannon@litegait[.]com
MD5 File Hashes
- 1ca9805cc22ed04125ae836f1ad23c16
SHA256 File Hashes
- 0ddd7d646dfb1a2220c5b3827c8190f7ab8d7398bbc2c612a34846a0d38fb32b
- 5df956f08d6ad0559efcdb7b7a59b2f3b95dee9e2aa6b76602c46e2aba855eff
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.