Request a Demo
Rewterz
Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
February 27, 2023
Rewterz
Rewterz Threat Alert – CryptBot Trojan – Active IOCs
February 27, 2023

Rewterz Threat Alert – RedLine Stealer – Active IOCs

Severity

High

Analysis Summary

Redline Stealer is a type of malware that is used for stealing sensitive information from victims’ computers. It is designed to be discreet and can run on the background of a computer system without being detected by the user.

Redline Stealer is often spread through phishing emails or malicious downloads, and once it has infected a computer, it can collect a wide range of information, including passwords, credit card details, and other personal information.

The malware has been known to target a variety of applications and software, including web browsers, email clients, and messaging applications. It can also capture screenshots and record keystrokes to collect additional information.

Redline Stealer has been used in several high-profile cyber attacks and is considered a significant threat to computer security. To protect against it, users are advised to keep their software up to date, avoid downloading files from untrusted sources, and use anti-virus software.

Impact

  • Data Exfiltration
  • Credential Theft
  • Information Theft
  • Financial Loss

Indicators of Compromise

MD5

  • 9c55fb99fe1ebde1826527a1f6c90b34
  • 4a0cc0ed48f599b03f33d96658defc63
  • 2a9b7362dc42ee7b1ca537426f846381

SHA-256

  • d95e87bd76687c3925bc00959d15cf2b8d7f2e8fc78bdd67fd6646063961c149
  • d63641a4b97a42631d79734f6fe34058b27e84a33b1a7a6685a031d836a7711b
  • 38917fa4594d6540b4e94c419e1401ef02226b3b1fd0dceee02f917f59be4ebc

SHA-1

  • 73f16d77574348b0d65b975ee49bde4a20024105
  • 6220c5c5bda01ef90e38eb923417475c5ec9fde3
  • 2fac7077b3075c66e4def78623f4a19548d2f403

Remediation

  • Block all threat indicators at your respective controls.
  • Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
  • Emails from unknown senders should always be treated with caution.
  • Never trust or open ” links and attachments received from unknown sources/senders
  • Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
  • Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets.