This page lists the most recent RedLine Stealer malware samples collected from MalwareBazaar. Each entry includes the SHA256 hash (linked to the MalwareBazaar sample page), original file name, file type, size, and VirusTotal detection rate where available. Samples are updated daily and retained for a rolling 30-day window.

How to Use This Data

Security teams can use these hashes in several ways. Import them into your SIEM or EDR platform to detect known RedLine Stealer variants in your environment. Cross-reference file names against your email gateway logs to identify phishing campaigns delivering this family. The file type distribution reveals which delivery formats are currently in use - a shift from .exe to .msi or .js may indicate the operators are adapting to your defenses. Samples with low or missing VirusTotal detection rates are the most dangerous - these are fresh variants that may bypass signature-based protection.

About the Data

All samples are sourced from MalwareBazaar, a free malware sample sharing platform operated by abuse.ch. Detection rates come from VirusTotal. This data is provided for defensive purposes only. For the latest RedLine Stealer indicators of compromise including C2 servers and domains, see the IOC page.

RedLine Stealer - Malware Samples

How to Use This Data

About the Data

Related