216.73.217.139

Life on a crooked RedLine: Analyzing the infamous infostealer's backend

· Published 17/11/2024 00:25 · Modified 18/11/2024 16:38

Export JSON

Essential information

Published
17/11/2024 00:25
Modified
18/11/2024 16:38
Tags
2024-11-17 backend analysis control panel cybercrime data theft infostealer malware-as-a-service meta stealer redline stealer windows communication framework
Related entities
1 intrusion sets (apt), 2 malware, 7 others

Description

This article provides an in-depth analysis of , a notorious information-stealing malware. The research focuses on previously undocumented backend modules and the used by affiliates. Key findings include the identification of over 1,000 unique IP addresses hosting RedLine panels, the use of for component communication, and the shared origin of RedLine and . The analysis covers authentication processes, sample creation mechanisms, and network infrastructure details. The researchers also highlight security vulnerabilities in the backend, such as storing passwords in cleartext. The article concludes by discussing the takedown of RedLine and in Operation Magnus, emphasizing the widespread nature of these threats despite being orchestrated by a small group of actors.

External references