This article provides an in-depth analysis of RedLine Stealer, a notorious information-stealing malware. The research focuses on previously undocumented backend modules and the control panel used by affiliates. Key findings include the identification of over 1,000 unique IP addresses hosting RedLine panels, the use of Windows Communication Framework for component communication, and the shared origin of RedLine and META Stealer. The analysis covers authentication processes, sample creation mechanisms, and network infrastructure details. The researchers also highlight security vulnerabilities in the backend, such as storing passwords in cleartext. The article concludes by discussing the takedown of RedLine and META Stealer in Operation Magnus, emphasizing the widespread nature of these threats despite being orchestrated by a small group of actors. Author: AlienVault
Related Tags:
windows communication framework
control panel
META Stealer
Finland
Netherlands
data theft
cybercrime
Czechia
Russian Federation
Associated Indicators:
5F92DB78E43986F063632FB2CFAFDCE73E5E7E64979900783CA9A00016933375
2E4BB23A59CA6DCBAF0B53355370A0C6C881965C0F71CF8EBE8041F6D1947507
F0F66FE55B2D06CB5C6D39BEE110D87BC72D2AD4DF416BD7C1D1562947E0375D
256AE73E084B2EE120ABEBC4B69BAB7154429326DF6CFB727BDB27FD3CF8E0F4
CB19E0273F2B559B95D7C7A64053504C856BFA82
1626F2666782710FC28D4AFE607C7BE54F1FC67F
3F48CC50B64919F8796DF4B76CA59805D705ABE7
F7AB795FA12BCB2A40DEE0BD7EC3E121C69E182D
DC3A236245AE8C4D5D079E429ED6B77A5B5245C2