RedLine Stealer
MITREOther
Unknown
Unknown
[RedLine Stealer](https://attack.mitre.org/software/S1240) is an information-stealer malware variant first identified in 2020.(Citation: ESET RedLine Stealer November 2024)(Citation: Proofpoint RedLine Stealer March 2020)(Citation: Splunk RedLine Stealer June 2023) [RedLine Stealer](https://attack.mitre.org/software/S1240) is a Malware as a Service (MaaS) and was reportedly sold as either a one-time purchase or a monthly subscription service.(Citation: ESET RedLine Stealer November 2024)(Citation: Veriti RedLine Stealer MAAS April 2023) Information obtained from [RedLine Stealer](https://attack.mitre.org/software/S1240) has been known to be sold on the deep and dark web to Initial Access Brokers (IABs), who use or resell the stolen credentials for further intrusions.(Citation: Kroll RedLine Stealer August 2024)(Citation: Veriti RedLine Stealer MAAS April 2023)
Associated Techniques (35)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1012 | Query Registry | - |
| T1016 | System Network Configuration Discovery | - |
| T1027.002 | Software Packing | - |
| T1027.010 | Command Obfuscation | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1033 | System Owner/User Discovery | - |
| T1036 | Masquerading | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1053.005 | Scheduled Task | - |
| T1059.003 | Windows Command Shell | - |
| T1059.011 | Lua | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1087.001 | Local Account | - |
Metadata
| ID: | 395 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |