![redline download 1080p redline download 1080p](http://2.bp.blogspot.com/-ISh8vXeWJPI/UUX2T7df9nI/AAAAAAAAgQw/MWLXsztMKkE/s1600/Abstract+1080p+12.jpg)
Figure 6 shows some details about the Redline C2 panel with sensitive data redacted and the code block responsible for executing extra payloads.įigure 6: Details about the Redline C2 panel and block of code responsible for executing additional payloads.Īlthough this malware is equipped with a lot of modern features also observed on stealers of this nature, Redline doesn’t use cryptography to create a secure channel when it communicates with the C2 server, and all the packets and data can be easily identified on the network layer by security appliances by creating customized rules to detect it.įigure 7: SOAP envelope of Redline malware when a specific task is started (password stealer module). In addition, the C2 panel can execute additional payloads on the agents-side and even open specific URLs on the default web browser.
![redline download 1080p redline download 1080p](https://i.pinimg.com/originals/9a/19/3e/9a193ec6d84f5195c701edfb0986abf6.jpg)
Running tasks such as password exfiltration, FTP data, Browser details including passwords and so on.Displaying information from the infected machine.The command and control server is also written in C# and its communication is based on a WSDL with a SOAP API to interact with the malicious agents.Īs observed below, the C2 panel includes several features, including: Some details about this mechanism can be seen below.įigure 5 : Redline Telegram bot configuration.Īfter receiving a ping via a Telegram channel, criminals can interact with the Redline agent installed on the victim’s device using the C2 panel installed on a Windows machine. As observed on the clandestine Horus Eyes RAT, this stealer takes advantage of the powerful features of the Telegram API to notify criminals about new infections in an easy way. This malware is written in C# and uses a SOAP API to establish communication with its C2 server. Healthcare (taking advantage of the COVID-19 situation) and manufacturing were two industry sectors affected by this threat in the last few months.įigure 4: Email template of the Redline malware related to the COVID-19 pandemic situation. A malicious and convincing message is sent along with an URL responsible for downloading the binary file installed on the target machine. The vehicle used by criminals to disseminate the Redline stealer is the email. In the Telegram channel, the malware can be acquired and paid in Bitcoin, Ethereum, XMR, LTC and USDT.įigure 2: Redline official Telegram channel.įigure 3 below shows the features of Redline shared by criminals in a specific forum where it is distributed in the wild by its authors.įigure 3: Detailed features of Redline malware.
#REDLINE DOWNLOAD 1080P PRO#
This info stealer operates on a MaaS (malware-as-a-service) model and is distributed on underground forums according to the users’ needs $150 lite version $200 pro version $100/month subscription option.