Investigation of Malware Redline Stealer Using Static and Dynamic Analysis Method Forensic

Authors

  • Nur Widiyasono Department of Informatics, Faculty of Engineering, Siliwangi University, Tasikmalaya, 46115 Indonesia
  • Siti Rahayu Selamat Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka 76100, Malaysia
  • Angga Sinjaya Department of Informatics, Faculty of Engineering, Siliwangi University, Tasikmalaya, 46115 Indonesia
  • Rianto Department of Informatics, Faculty of Engineering, Siliwangi University, Tasikmalaya, 46115 Indonesia
  • Randi Rizal Department of Informatics, Faculty of Engineering, Siliwangi University, Tasikmalaya, 46115 Indonesia
  • Mugi Praseptiawan Department of Informatics, Institute of Technology Sumatera, ITERA, 35365 Indonesia

DOI:

https://doi.org/10.37934/araset.48.2.4962

Keywords:

Malware Investigation, Redline Stealer, Obfuscation, Static and Dynamic Analysis, Forensic

Abstract

Redline Stealer is a malware variant discovered in early March 2020 by proof point analyst. Redline is famous for its ability to bypass the antivirus scan. Redline Stealer was created by hacker with the purpose to steal victim’s information such as login data, password and credit card information from the browser application that used in infected computer. This research uses static and dynamic method to analyze redline stealer. The process of static analysis is carried out by observing the malware’s sample file, while dynamic analysis is carried out by monitoring malware’s activity when the malware is running on the system. In this research show that Redline Stealer is uses the obfuscation feature, based on .net, can run only when there is internet connection, stealing sensitive information especially in browser application. The conclusion of this research is Redline Stealer can be classified as a stealer malware that can steal important data on the infected system. The result of the analysis using the strings extract and decompile did not find any information because this malware uses the obfuscation feature, so the static analysis did find fewer information than the dynamic method.

Downloads

Download data is not yet available.

Author Biographies

Nur Widiyasono, Department of Informatics, Faculty of Engineering, Siliwangi University, Tasikmalaya, 46115 Indonesia

nur.widiyasono@unsil.ac.id

Siti Rahayu Selamat, Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka 76100, Malaysia

sitirahayu@utem.edu.my

Angga Sinjaya, Department of Informatics, Faculty of Engineering, Siliwangi University, Tasikmalaya, 46115 Indonesia

angga@unsil.ac.id

Rianto, Department of Informatics, Faculty of Engineering, Siliwangi University, Tasikmalaya, 46115 Indonesia

rianto@unsil.ac.id

Randi Rizal, Department of Informatics, Faculty of Engineering, Siliwangi University, Tasikmalaya, 46115 Indonesia

randirizal@unsil.ac.id

Mugi Praseptiawan, Department of Informatics, Institute of Technology Sumatera, ITERA, 35365 Indonesia

mugi@itera.ac.id

Published

2024-07-18

Issue

Section

Articles