Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
February 27, 2023Rewterz Threat Alert – CryptBot Trojan – Active IOCs
February 27, 2023Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
February 27, 2023Rewterz Threat Alert – CryptBot Trojan – Active IOCs
February 27, 2023Severity
High
Analysis Summary
Redline Stealer is a type of malware that is used for stealing sensitive information from victims’ computers. It is designed to be discreet and can run on the background of a computer system without being detected by the user.
Redline Stealer is often spread through phishing emails or malicious downloads, and once it has infected a computer, it can collect a wide range of information, including passwords, credit card details, and other personal information.
The malware has been known to target a variety of applications and software, including web browsers, email clients, and messaging applications. It can also capture screenshots and record keystrokes to collect additional information.
Redline Stealer has been used in several high-profile cyber attacks and is considered a significant threat to computer security. To protect against it, users are advised to keep their software up to date, avoid downloading files from untrusted sources, and use anti-virus software.
Impact
- Data Exfiltration
- Credential Theft
- Information Theft
- Financial Loss
Indicators of Compromise
MD5
- 9c55fb99fe1ebde1826527a1f6c90b34
- 4a0cc0ed48f599b03f33d96658defc63
- 2a9b7362dc42ee7b1ca537426f846381
SHA-256
- d95e87bd76687c3925bc00959d15cf2b8d7f2e8fc78bdd67fd6646063961c149
- d63641a4b97a42631d79734f6fe34058b27e84a33b1a7a6685a031d836a7711b
- 38917fa4594d6540b4e94c419e1401ef02226b3b1fd0dceee02f917f59be4ebc
SHA-1
- 73f16d77574348b0d65b975ee49bde4a20024105
- 6220c5c5bda01ef90e38eb923417475c5ec9fde3
- 2fac7077b3075c66e4def78623f4a19548d2f403
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets.