Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Redline Stealer is a well-supported malware-as-a-service product that attackers can license and deploy with minimal expertise. Through a persistent C&C channel, an attacker can scan and exfiltrate credentials that can be leveraged to launch additional attacks on the network.
Kill Chain
Risk Score
83
In Redline Stealer attacks, an attacker tricks the victim into downloading the Redline malware, typically through phishing or social engineering. Once deployed, Redline Stealer scans for credentials throughout the network including web browsers and browser caches, VPNs, cryptocurrency wallets, and other applications. Additionally, Redline collects information related to operating systems, hardware, IP addresses, and other system characteristics. Redline collects credentials and sends logs to the C&C server in SOAP messages. The server then generates an XML file known as a Stealer log. The Stealer log can be sold on darknet marketplaces, or the attacker can exploit the log for future attacks on the network.
