Rewterz Threat Alert – RedLine Malware

Rewterz Threat Advisory – CVE-2021-41079 – Apache Tomcat Vulnerability

September 16, 2021

Rewterz Threat Alert – SNAKE Ransomware – Active IOCs

September 17, 2021

Rewterz Threat Alert – RedLine Malware – Active IOCs

Severity

High

Analysis Summary

Redline the data burglar of users’ confidential information from web browsers and by installing malicious software this redline stealer can harm the operating systems. The malware appeared in March 2020 according to the Proofpoint investigation. During the COVID-19 pandemic, redline spread across many countries and it is still active to achieve its purpose by stealing passwords, credit card information, username, location, autofill data, cookies, software set, and even hardware configuration like keyboard layout, UAC settings, etc.

Impact

Credential Theft
Unauthorized Access

Indicators of Compromise

MD5

c30c8d82b37794b228ae5659f92af417
3363f7cdf387c46a8acc21f6f106f7fb
a48a650456edc94b9cc8e5dfaeb3c669
1e1fe2660355a893ed58a03381f479d0
693b398f13f1ffd324805ed4e1e66607
65b21b608ce0bcde1da32e3036e35b10
49689d499e14d32cc93499203882ff61
c740605dbdb73f5b940ff5efa79ae2e3
8ef368005c958aa0702c42d1138172e3
9313fa63db26acca36a64459cec2f5f9
93cd7989417554091af6828ecfa6fda5

SHA-256

857c5e7d6a33d89af8d24b218512661bcaac1f66929a242b2de0d6860cb1d07b
2facc80b9d0a9c396faf53d48e5a0793b2aa5697fba31e1a4148996e6b49343f
169ff3a1a1a5c55617ad540e3baac3589d607c65e6e8f6ece2b388f728022120
9917794c524b57593f2bcd0b8fca162d2b1a63f7ce4e0997c9540428fb4a34f2
d1e7208de1d5f7f248c9bde9971f17f3e221acdb430a4aaf9e65904eaa70227a
89801429572aec994155dc76b8ffad60b8500a60f35602a1ab39e461753171de
946bf7b20b10f5841a2b98aca1d12b4214b7b1961863a6dc4078740e236715c0
329f593e40eaecedb0e932644d7ae1151bd7a1f892bbf9a94c8f5e49b4d9fa12
103593087542fd054a226b5f16ed28ea1419f68fc9d0bbd4f74e9aed6315eb6d
bd171795235f341692e083fef4a9747330eddfa2ca130a59f0848db8a27e71ac
ef9a8998c8171a26ac269ab92c51b970bf10969417c2a7c67cdd8fbe66ada98e

SHA-1

698ab2e1c04aaaa6d154fdc69981e875fadcd287
e12e4b7a8d0d15e92af0d8799420708339eb76d0
edcbf2071adf130c0063df7614bd47df2bd43f34
b3fe08ecba769f47d1349c77105ef64e6e45428d
37e46579221376072910a010d1bae2718635f318
5cc380ba30ae62db6d0af43743a3273626e9ff74
8e31925367bb40083193242d64349fc1566a8042
647abb0ee6228aadc047614fc15e8602e354f17f
45706604bed21390387cf97ba362179b4c3fc24f

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.