Redline Stealer is .NET-based information stealing trojan sold through a number of hacking forums.
At the time of publication, Redline Stealer has been delivered exclusively through spam campaigns. These campaigns attempt to spoof emails sent by the [email protected] distributed computing project regarding Covid-19.
Once installed, Redline Stealer will collect user and system information before connecting to a command and control server. It will then attempt to extract the following information:
- Web browser data (Chromium- and Gecko-based browsers only):
- login credentials
- auto-complete fields
- payment information
- IM conversation histories
- FTP client credentials
- Cryptocurrency wallet credentials
Indicators of Compromise
- [email protected][.]com
MD5 File Hashes
SHA256 File Hashes