RedLine Stealer
Description
Leverage searches that allow you to detect and investigate unusual activities that might relate to the Redline Stealer trojan, including looking for file writes associated with its payload, screencapture, registry modification, persistence and data collection..
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Endpoint, Updates
- Last Updated: 2023-04-24
- Author: Teoderick Contreras, Splunk
- ID: 12e31e8b-671b-4d6e-b362-a682812a71eb
Narrative
RedLine Stealer is a malware available on underground forum and subscription basis that are compiled or written in C#. This malware is capable of harvesting sensitive information from browsers such as saved credentials, auto file data, browser cookies and credit card information. It also gathers system information of the targeted or compromised host like username, location IP, RAM size available, hardware configuration and software installed. The current version of this malware contains features to steal wallet and crypto currency information.
Detections
Reference
- https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
- https://blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update
source | version: 1