Redline Stealer Trojan

Redline Stealer is .NET-based information stealing trojan sold through a number of hacking forums.

At the time of publication, Redline Stealer has been delivered exclusively through spam campaigns. These campaigns attempt to spoof emails sent by the [email protected] distributed computing project regarding Covid-19.

Once installed, Redline Stealer will collect user and system information before connecting to a command and control server. It will then attempt to extract the following information:

  • Web browser data (Chromium- and Gecko-based browsers only):
    • login credentials
    • cookies
    • auto-complete fields
    • payment information
  • IM conversation histories
  • FTP client credentials
  • Cryptocurrency wallet credentials

Indicators of Compromise

IP Addresses

  • 66.206.18[.]186

URLs

  • bitbucket[.]org/example123321/download/downloads/foldingathomeapp.exe

Email Addresses

MD5 File Hashes

  • 1ca9805cc22ed04125ae836f1ad23c16

SHA256 File Hashes

  • 0ddd7d646dfb1a2220c5b3827c8190f7ab8d7398bbc2c612a34846a0d38fb32b
  • 5df956f08d6ad0559efcdb7b7a59b2f3b95dee9e2aa6b76602c46e2aba855eff

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: