Rewterz Threat Alert – RedLine Stealer

Rewterz Threat Alert – SNAKE Ransomware – Active IOCs

January 28, 2022

Rewterz Threat Update – Largest DDoS Attack in History – Microsoft Reports

January 28, 2022

Rewterz Threat Alert – RedLine Stealer – Active IOCs

Severity

High

Analysis Summary

Redline malware aka Redline stealer steals users’ confidential information from web browsers and by installing malicious software this redline stealer can harm the operating systems. The malware appeared in March 2020 according to the Proofpoint investigation. During the COVID-19 pandemic, redline spread across many countries and it is still active to achieve its purpose by stealing passwords, credit card information, username, location, autofill data, cookies, software set, and even hardware configuration like keyboard layout, UAC settings, etc. This is an active campaign and is targeting different organizations in the Asian region.

Impact

Credential Theft
Exposure of Sensitive Data
Unauthorized Access

Indicators of Compromise

MD5

9f48b19687f400691e12aa339d052201
451dff36acd7410c285b73baf5946183
57d5ff3df107c648b937d9a9f2b2913a
70e4553631953f15af207289e576c1a3
5589c17b3d2853bfa42f87211fe37481
97db02564dfc6ce64a0b9a63f8533146
8e1604bf9845d1744f3d7d2ab27ef852
c49d12ebbad75fb8081f4b5d5ea70868
9cd380a9da02c943de7c5245367f3827
75a0cc2b5c81a721c8901bdb1fc36629
1d59bfea67b1f79b00e7222d7b0a16f2
d5b217dbf2de0a1254eb639cde3f246d

SHA-256

6c427661c04c9f129cd6ecf314709473d27594e69f4659ec38ff7537f1467bf9
c0edb14c6a8417fe1eb17829d2838e9fad1b3cc3e748d585029f4a9c1c3c1551
e3871e9a277309f048ba1683a7d5b6cbac3a367febf8a87ad03a6c244d899149
d85efe4d5ec3ee174413354ee3c6186b1fdaaea3974d162f01dac4c3351d9b8a
d3e1bb9669524ea3f7682ea4edc840302bd8660443c975ac5c1d9dfe7d967073
01d9dd974fa4c4ddc4042186918881ad36c9dadcfa6d3d52a3da30db0c1219af
a35c57c48ea797dc9f1a891aed4b2cef9f4bbacbf24fe317164dbaa02c43bcb8
d53a4263678ce8df2bda382d8a583a7f6eb17c9d1a7062a0a2fa88a1d854ad1f
e78ac5a9d7180ee40143025efed602f143fc7f566b1fb6e654cc05a680a8b333
11d42e1e9c185143fc47e71c999b6c663ab165a82efb3444222447d91273e4b5
f65ab869bcd690a28307ae03eff421e0eef20b4c72f95a8ec75d0e232d624ea7
9760d9e914209b0ee1b44ac47162282be879d5b1e3c867d200d94f53b13b85f7

SHA-1

a5775f2f2612588957ba54ca5cadc5efcb0b3570
9f558e45a492185c7ed7ebfffe9cbcffc69383de
976981fdecd8a4eba69470e48515e1dfb8183d19
59f9384b66cb7f04f85996003acc89a28bc7a7b7
435c7391f0a41c1d2b3704b8b1324a044b1fc6ea
4d8a0fd67af6dfd07ba7abfd5ed0671af82bd539
40e4b078d6076fecd364a3bfdbbf954d26319a56
975b999508ebafc16506162aeee4324f19193cc1
d074745b651cd581c4ef9672efc297e12311a0a8
39a0b6b02c79e9d596e76635904a6caae45eb5a0
7902c2dc02a16ce20265cce8247f0ef91ca8cfe6
166f764d80a3819074affbcf26ae8abd97862272

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.
Always be suspicious about emails sent by unknown senders.
Never click on links sent by unknown senders.