In addition, the C2 panel can execute additional payloads on the agents-side and even open specific URLs on the default web browser. Running tasks such as password exfiltration, FTP data, Browser details including passwords and so on.Displaying information from the infected machine.The command and control server is also written in C# and its communication is based on a WSDL with a SOAP API to interact with the malicious agents.Īs observed below, the C2 panel includes several features, including: Some details about this mechanism can be seen below.įigure 5 : Redline Telegram bot configuration.Īfter receiving a ping via a Telegram channel, criminals can interact with the Redline agent installed on the victim’s device using the C2 panel installed on a Windows machine.
As observed on the clandestine Horus Eyes RAT, this stealer takes advantage of the powerful features of the Telegram API to notify criminals about new infections in an easy way. This malware is written in C# and uses a SOAP API to establish communication with its C2 server. Healthcare (taking advantage of the COVID-19 situation) and manufacturing were two industry sectors affected by this threat in the last few months.įigure 4: Email template of the Redline malware related to the COVID-19 pandemic situation. A malicious and convincing message is sent along with an URL responsible for downloading the binary file installed on the target machine. The vehicle used by criminals to disseminate the Redline stealer is the email. In the Telegram channel, the malware can be acquired and paid in Bitcoin, Ethereum, XMR, LTC and USDT.įigure 2: Redline official Telegram channel.įigure 3 below shows the features of Redline shared by criminals in a specific forum where it is distributed in the wild by its authors.įigure 3: Detailed features of Redline malware.
This info stealer operates on a MaaS (malware-as-a-service) model and is distributed on underground forums according to the users’ needs $150 lite version $200 pro version $100/month subscription option.
0 kommentar(er)
