RedLine Stealer
RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.
Building features:
- 1) Collects from browsers:
- a) Login and passwords
- b) Cookies
- c) Autocomplete fields
- d) Credit cards
- 2) Supported browsers:
- a) All Chromium-based browsers ( Even Chrome latest version )
- b) All browsers based on Gecko (Mozilla, etc.)
- 3) Data collection from FTP clients, IM clients
- 4) Customizable file-grabber according to the criteria Path, Extension, Search in subfolders (you can configure for the necessary cold wallets, steam, etc.)
- 5) Sample by country. Setting up a blacklist of countries where the build will not work
- 6) Setting up anti-duplicate logs in the panel
- 7) Collects information about the victim's system:
- IP
- Country
- City
- Current user name
- HWID
- Keyboard layouts
- Screenshot
- Screen resolution
- Operating system
- UAC Settings
- is the current build running with administrator privileges
- User-Agent
- Information about component PCs ( video cards, processors )
- Installed antiviruses
