Investigation of malware redline stealer using static and dynamic analysis method forensic

Widiyasono, Nur and Rizal, Randi and Selamat, Siti Rahayu and Sinjaya, Angga and Rianto and Praseptiawan, Mugi (2025) Investigation of malware redline stealer using static and dynamic analysis method forensic. Journal of Advanced Research in Applied Sciences and Engineering Technology, 48 (2). pp. 49-62. ISSN 2462-1943

[img] Text
0101723082024104132.pdf

Download (2MB)

Abstract

Redline Stealer is a malware variant discovered in early March 2020 by proof point analyst. Redline is famous for its ability to bypass the antivirus scan. Redline Stealer was created by hacker with the purpose to steal victim's information such as login data, password and credit card information from the browser application that used in infected computer. This research uses static and dynamic methods to analyze redline stealers. The process of static analysis is carried out by observing the malware's sample file, while dynamic analysis is carried out by monitoring malware's activity when the malware is running on the system. This research show that Redline Stealer uses the obfuscation feature based on .net, which can run only when there is an internet connection, stealing sensitive information, especially in a browser application. The conclusion of this research is Redline Stealer can be classified as a stealer malware that can steal important data on the infected system. The result of the analysis using the strings extract and decompile did not find any information because this malware uses the obfuscation feature, so the static analysis did find fewer information than the dynamic method.

Item Type: Article
Uncontrolled Keywords: Forensic, Malware investigation, Obfuscation, Redline stealer, Static and dynamic analysis
Divisions: Faculty of Information and Communication Technology
Depositing User: Sabariah Ismail
Date Deposited: 09 Oct 2024 16:55
Last Modified: 09 Oct 2024 16:55
URI: http://eprints.utem.edu.my/id/eprint/28117
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item