SYMBOLCOMMON_NAMEaka. SYNONYMS
win.redline_stealer (Back to overview)

RedLine Stealer

aka: RECORDSTEALER

RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.

References
2024-07-24Check Point ResearchAntonis Terefos
Stargazers Ghost Network
Atlantida Lumma Stealer RedLine Stealer Rhadamanthys RisePro Stargazer Goblin
2024-07-09SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update January to June 2024
Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver
2024-07-02SekoiaQuentin Bourgue
Exposing FakeBat loader: distribution methods and adversary infrastructure
BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar
2024-06-10MandiantMandiant
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
Lumma Stealer MetaStealer Raccoon RedLine Stealer RisePro Vidar UNC5537
2024-04-17McAfeeMohansundaram M, Neil Tyagi
Redline Stealer: A Novel Approach
RedLine Stealer SmartLoader
2024-01-30ANY.RUNLena (LambdaMamba)
CrackedCantil: A Malware Symphony Breakdown - PrivateLoader, Smoke, Lumma, RedLine, RisePro, Amadey, Stealc, Socks5Systemz, STOP
Amadey CrackedCantil Lumma Stealer PrivateLoader RedLine Stealer RisePro SmokeLoader Socks5 Systemz Stealc STOP
2024-01-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q4 2023
FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver
2024-01-08YouTube (Embee Research)Embee_research
Malware Analysis - Simple Javascript Decoding and C2 Extraction (Redline Stealer)
RedLine Stealer
2023-11-22Twitter (@embee_research)Embee_research
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos
2023-11-20Russian Panda Research BlogRussianPanda
MetaStealer - Redline's Doppelgänger
MetaStealer RedLine Stealer
2023-11-19Twitter (@embee_research)Embee_research
Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike
Amadey Cobalt Strike RedLine Stealer SmokeLoader
2023-11-15Twitter (@embee_research)Embee_research
Identifying Simple Pivot Points in Malware Infrastructure - RisePro Stealer
RedLine Stealer RisePro
2023-11-01Idan Malihi
RedLine Stealer Malware Analysis
RedLine Stealer
2023-10-26Fourcoreparth gol
Threat Hunting: Detecting Browser Credential Stealing [T1555.003]
LaZagne RedLine Stealer
2023-10-23SarlackLabJohn Faria
Advice For Catching a RedLine Stealer
RedLine Stealer
2023-10-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2023
FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar
2023-10-10Twitter (@embee_research)Embee_research
How To Develop Yara Rules for .NET Malware Using IL ByteCodes
RedLine Stealer
2023-09-18The RecordJonathan Greig
"Scattered Spider" group launches ransomware attacks while expanding targets in hospitality, retail
RedLine Stealer
2023-09-13KrebsOnSecurityBrian Krebs
FBI Hacker Dropped Stolen Airbus Data on 9/11
RedLine Stealer USDoD
2023-08-23EclecticIQAleksander W. Jarosz
Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat
RedLine Stealer
2023-07-11SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee
2023-06-06Apophis133Michelle Khalil
RedLine Technical Analysis Report
RedLine Stealer
2023-05-16SecureworksCounter Threat Unit ResearchTeam
The Growing Threat from Infostealers
Graphiron GraphSteel Raccoon RedLine Stealer Rhadamanthys Taurus Stealer Vidar
2023-04-16OALabsSergei Frankoff
XORStringsNet
Agent Tesla RedLine Stealer
2023-04-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar
2023-04-10Twitter (@embee_research)Matthew
Redline Stealer - Static Analysis and C2 Extraction
Amadey RedLine Stealer
2023-03-30loginsoftSaharsh Agrawal
From Innocence to Malice: The OneNote Malware Campaign Uncovered
Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm
2023-03-26Luca Mella
Updates from the MaaS: new threats delivered through NullMixer
Fabookie Koi Loader Koi Stealer Nullmixer PseudoManuscrypt Raccoon RedLine Stealer
2023-03-16Trend MicroCedric Pernet, Jaromír Hořejší, Loseway Lu
IPFS: A New Data Frontier or a New Cybercriminal Hideout?
Agent Tesla Formbook RedLine Stealer Remcos
2023-03-15AvastLUIS CORRONS
(Ab)using Adobe Acrobat Sign to distribute malware
RedLine Stealer
2023-03-09KasperskyHaim Zigel, Ilya Tyunkin, Victoria Vlasova
Malvertising through search engines
RedLine Stealer
2023-03-01ZscalerMeghraj Nandanwar, Shatak Jain
OneNote: A Growing Threat for Malware Distribution
AsyncRAT Cobalt Strike IcedID QakBot RedLine Stealer
2023-02-27PRODAFT Threat IntelligencePRODAFT
RIG Exploit Kit: In-Depth Analysis
Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader
2023-02-26ProofpointAndrew Northern
TA569: SocGholish and Beyond
FAKEUPDATES RedLine Stealer solarmarker
2023-02-08NTT SecurityRyu Hiyoshi
SteelClover Attacks Distributing Malware Via Google Ads Increased
BATLOADER ISFB RedLine Stealer
2023-02-03CloudsekDeepanjli Paulraj, Pavan Karthick M
Threat Actors Abuse AI-Generated Youtube Videos to Spread Stealer Malware
Alfonso Stealer Bandit Stealer Cameleon Fabookie Lumma Stealer Nanocore RAT Panda Stealer RecordBreaker RedLine Stealer Stealc STOP Vidar zgRAT
2023-02-02YouTube (SLEUTHCON)Christopher Glyer, Microsoft Threat Intelligence Center (MSTIC)
Lions, Tigers, and Infostealers - Oh my!
RecordBreaker RedLine Stealer Vidar
2023-01-04dr4k0nia
Unpacking RedLine Stealer
RedLine Stealer
2022-10-13SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm
2022-10-05FortinetXiaopeng Zhang
Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II
Formbook RedLine Stealer
2022-09-29Team CymruS2 Research Team
Seychelles, Seychelles, on the C(2) Shore: An overview of a bulletproof hosting provider named ELITETEAM.
Amadey Raccoon RedLine Stealer SmokeLoader STOP
2022-09-26KasperskyArtem Ushkov, Haim Zigel, Oleg Kupreev
NullMixer: oodles of Trojans in a single dropper
ColdStealer DanaBot GCleaner Nullmixer PrivateLoader PseudoManuscrypt RedLine Stealer SmokeLoader Vidar
2022-09-19FortinetXiaopeng Zhang
Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I
Formbook RedLine Stealer
2022-09-15KasperskyOleg Kupreev
Self-spreading stealer attacks gamers via YouTube
RedLine Stealer
2022-09-15SekoiaThreat & Detection Research Team
PrivateLoader: the loader of the prevalent ruzki PPI service
Agent Tesla Coinminer DanaBot DCRat Eternity Stealer Glupteba Mars Stealer NetSupportManager RAT Nymaim Nymaim2 Phoenix Keylogger PrivateLoader Raccoon RedLine Stealer SmokeLoader Socelars STOP Vidar YTStealer
2022-08-31BitSightAndré Tavares
Tracking PrivateLoader: Malware Distribution Service
PrivateLoader RedLine Stealer SmokeLoader
2022-08-30CiscoVanja Svajcer
ModernLoader delivers multiple stealers, cryptominers and RATs
Coinminer DCRat ModernLoader RedLine Stealer SapphireMiner SystemBC
2022-08-29360 netlabwanghao
PureCrypter Loader continues to be active and has spread to more than 10 other families
404 Keylogger Agent Tesla AsyncRAT Formbook RedLine Stealer
2022-08-29360 netlabwanghao
PureCrypter is busy pumping out various malicious malware families
Agent Tesla PureCrypter RedLine Stealer
2022-08-29SekoiaLivia Tibirna, Quentin Bourgue, Threat & Detection Research Team
Traffers: a deep dive into the information stealer ecosystem
MetaStealer PrivateLoader Raccoon RedLine Stealer Vidar
2022-08-23ZscalerKaivalya Khursale, Mitesh Wani
Making victims pay, infostealer malwares mimick pirated-software download sites
RedLine Stealer
2022-08-17SecureworksCounter Threat Unit ResearchTeam
DarkTortilla Malware Analysis
Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer
2022-08-10Palo Alto Networks Unit 42Lee Wei, Muhammad Umer Khan, Wenjun Hu, Yang Ji
BlueSky Ransomware: Fast Encryption via Multithreading
BlueSky RedLine Stealer
2022-08-08N1ght-W0lf BlogAbdallah Elshinbary
YARA for config extraction
RedLine Stealer
2022-08-08Medium CSIS TechblogBenoît Ancel
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader
2022-08-02Recorded FutureInsikt Group
Initial Access Brokers Are Key to Rise in Ransomware Attacks
Azorult BlackMatter Conti Mars Stealer Raccoon RedLine Stealer Taurus Stealer Vidar
2022-08-01SecurityScorecardVlad Pasca
A Detailed Analysis of the RedLine Stealer
RedLine Stealer
2022-08-01SecurityScorecardVlad Pasca
A Detailed Analysis of the RedLine Stealer
RedLine Stealer
2022-07-27K7 SecurityVigneshwaran P
Credential Stealer RedLine Reemerges
RedLine Stealer
2022-07-13KELAKELA Cyber Intelligence Center
The Next Generation of Info Stealers
Arkei Stealer Azorult BlackGuard Eternity Stealer Ginzo Stealer Mars Stealer MetaStealer Raccoon RedLine Stealer Vidar
2022-06-28AhnLabASEC
New Info-stealer Disguised as Crack Being Distributed
ClipBanker CryptBot Raccoon RedLine Stealer
2022-06-15QualysAkshat Pradhan
Fake Cracked Software Caught Peddling Redline Stealers
RedLine Stealer
2022-05-25Team CymruS2 Research Team
Bablosoft; Lowering the Barrier of Entry for Malicious Actors
BlackGuard BumbleBee RedLine Stealer
2022-05-19BlackberryThe BlackBerry Research & Intelligence Team
.NET Stubs: Sowing the Seeds of Discord (PureCrypter)
Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate
2022-05-17Microsoft SecurityBerman Enconado, Laurie Kirk
In hot pursuit of ‘cryware’: Defending hot wallets from attacks
Mars Stealer RedLine Stealer
2022-05-12NetskopeGustavo Palazolo
RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload
RedLine Stealer
2022-05-12MorphisecHido Cohen
New SYK Crypter Distributed Via Discord
AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer
2022-05-10eSentireeSentire Threat Response Unit (TRU)
Redline Stealer Masquerades as Photo Editing Software
RedLine Stealer
2022-04-27BitdefenderMihai Neagu
RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign
RedLine Stealer
2022-04-25muha2xmadMuhammad Hasan Ali
Full RedLine malware analysis | IoCs | Stealing information
RedLine Stealer
2022-04-18BitdefenderMihai Neagu
RedLine Stealer Analysis
RedLine Stealer
2022-04-14Cisco TalosEdmund Brumaghin, Michael Chen, Vanja Svajcer
Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
RedLine Stealer
2022-03-24paloalto Netoworks: Unit42Unit42
Threat Brief: Lapsus$ Group
RedLine Stealer
2022-03-23KrebsOnSecurityBrian Krebs
A Closer Look at the LAPSUS$ Data Extortion Group
RedLine Stealer
2022-03-23SecurityAffairsPierluigi Paganini
It’s official, Lapsus$ gang compromised a Microsoft employee’s account
RedLine Stealer
2022-03-22Bleeping ComputerLawrence Abrams
Microsoft confirms they were hacked by Lapsus$ extortion group
RedLine Stealer
2022-03-22The Hacker NewsRavie Lakshmanan
Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group
RedLine Stealer
2022-03-22MicrosoftDetection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-13Bleeping ComputerBill Toulas
Fake Valorant cheats on YouTube infect you with RedLine stealer
RedLine Stealer
2022-03-03Medium s2wlabJiho Kim
Deep Analysis of Redline Stealer: Leaked Credential with WCF
RedLine Stealer
2022-02-09BleepingComputerBill Toulas
Fake Windows 11 upgrade installers infect you with RedLine malware
RedLine Stealer
2022-02-08HPPatrick Schläpfer
Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
RedLine Stealer
2022-02-08Intel 471Intel 471
PrivateLoader: The first step in many malware schemes
Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar
2022-02-07TrellixTaylor Mullins
Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer
RedLine Stealer
2022-01-20SANS ISC InfoSec ForumsXavier Mertens
RedLine Stealer Delivered Through FTP
RedLine Stealer
2022-01-20blog.rootshell.beXavier Mertens
[SANS ISC] RedLine Stealer Delivered Through FTP
RedLine Stealer
2022-01-19ChainanalysisChainalysis Team
Meet the Malware Families Helping Hackers Steal and Mine Millions in Cryptocurrency
Glupteba RedLine Stealer
2022-01-10FortinetFred Gutierrez, Shunichi Imano
COVID Omicron Variant Lure Used to Distribute RedLine Stealer
RedLine Stealer
2022-01-03AhnLabASEC Analysis Team
Distribution of Redline Stealer Disguised as Software Crack
DanaBot RedLine Stealer Vidar
2022-01-02Atomic Matryoshkaz3r0day_504
"Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer
RedLine Stealer
2021-12-02CiscoTiago Pereira
Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension
Azorult RedLine Stealer
2021-11-29Trend MicroJaromír Hořejší
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos
2021-11-02MinervaNatalie Zargarov
Underminer Exploit Kit: The More You Check The More Evasive You Become
Amadey Oski Stealer RedLine Stealer UnderminerEK
2021-10-21Bleeping ComputerLawrence Abrams
Massive campaign uses YouTube to push password-stealing malware
Raccoon RedLine Stealer
2021-10-14Recorded FutureInsikt Group®
RedLine Stealer Is Key Source of Identity Data for Criminal Shops
RedLine Stealer
2021-09-27Trend MicroArianne Dela Cruz, Gilbert Sison, Joelson Soares, Ryan Maglaque, Warren Sto.Tomas
Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
RedLine Stealer Socelars Vidar
2021-09-27Cyber-AnubisNidal Fikri
RedLine Infostealer | Detailed Reverse Engineering
RedLine Stealer
2021-08-26Minerva LabsMinerva Labs
Become A VIP Victim With New Discord Distributed Malware
BlackNET RAT RedLine Stealer
2021-08-04ASECASEC
S/W Download Camouflage, Spreading Various Kinds of Malware
Raccoon RedLine Stealer Remcos Vidar
2021-07-12IBMClaire Zaboeva, Dan Dash, Melissa Frydrych
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-12Cipher Tech SolutionsClaire Zaboeva, Dan Dash, Melissa Frydrych
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-08BlackberryThe BlackBerry Research and Intelligence Team
Threat Thursday: Redline Infostealer
RedLine Stealer
2021-06-14Blaze's Security BlogBartBlaze
Digital artists targeted in RedLine infostealer campaign
RedLine Stealer
2021-06-02MorphisecMichael Gorelik
Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers
RedLine Stealer Taurus Stealer
2021-04-27Minerva LabsMinerva Labs
RedLine Stealer Masquerades as Telegram Installer
RedLine Stealer
2021-01-18Medium csis-techblogBenoît Ancel
GCleaner — Garbage Provider Since 2019
Amadey Ficker Stealer Raccoon RedLine Stealer SmokeLoader STOP
2020-10-05JuniperPaul Kimayong
New pastebin-like service used in multiple malware campaigns
Agent Tesla LimeRAT RedLine Stealer
2020-09-07Github (StrangerealIntel)StrangerealIntel
Time to take the bull by the horns
RedLine Stealer Taurus Stealer
2020-07-30SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader
2020-07-02ZscalerMohd Sadique
CyberGate RAT and RedLine Stealer Delivered in Ongoing AutoIt Malware Campaigns
CyberGate RedLine Stealer
2020-03-19Bleeping ComputerLawrence Abrams
RedLine Info-Stealing Malware Spread by Folding@home Phishing
RedLine Stealer
2020-03-16ProofpointAxel F, Jeremy H, Proofpoint Threat Insight Team
New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign
RedLine Stealer
2020-03-16ProofpointSherrod DeGrippo
TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years
RedLine Stealer

There is no Yara-Signature yet.