user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:MSIL/Redline.CBYZ!MTB
Trojan:MSIL/Redline.CBYZ!MTB - Windows Defender threat signature analysis

Trojan:MSIL/Redline.CBYZ!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:MSIL/Redline.CBYZ!MTB
Classification:
Type:Trojan
Platform:MSIL
Family:Redline
Detection Type:Concrete
Known malware family with identified signatures
Variant:CBYZ
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for .NET (Microsoft Intermediate Language) platform, family Redline

Summary:

This is a concrete detection for Trojan:MSIL/Redline.CBYZ, a highly potent info-stealer designed to exfiltrate a vast array of sensitive data. It targets browser credentials, cookies, cryptocurrency wallets, gaming platform data (Steam), VPN configurations, and communication platform data (Discord, Telegram), alongside general system information.

Severity:
Critical
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Trojan_MSIL_Redline_CBYZ_2147851882_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:MSIL/Redline.CBYZ!MTB"
        threat_id = "2147851882"
        type = "Trojan"
        platform = "MSIL: .NET intermediate language scripts"
        family = "Redline"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "17"
        strings_accuracy = "High"
    strings:
        $x_1_1 = "get_BrowserName" ascii //weight: 1
        $x_1_2 = "get_BrowserProfile" ascii //weight: 1
        $x_1_3 = "get_Logins" ascii //weight: 1
        $x_1_4 = "get_Autofills" ascii //weight: 1
        $x_1_5 = "get_Cookies" ascii //weight: 1
        $x_1_6 = "get_Location" ascii //weight: 1
        $x_1_7 = "get_Processes" ascii //weight: 1
        $x_1_8 = "get_SystemHardwares" ascii //weight: 1
        $x_1_9 = "get_FtpConnections" ascii //weight: 1
        $x_1_10 = "get_GameLauncherFiles" ascii //weight: 1
        $x_1_11 = "get_ScannedWallets" ascii //weight: 1
        $x_1_12 = "get_ScanTelegram" ascii //weight: 1
        $x_1_13 = "get_ScanVPN" ascii //weight: 1
        $x_1_14 = "get_ScanSteam" ascii //weight: 1
        $x_1_15 = "get_ScanDiscord" ascii //weight: 1
        $x_1_16 = "get_MachineName" ascii //weight: 1
        $x_1_17 = "get_OSVersion" ascii //weight: 1
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
Known malware which is associated with this threat:
Filename: exe.exe
d8703f3ae5d5d14e99ee750ec4da64a4c4ffbf242355e2c526285673c3caffcc
04/01/2026
VirusTotalDownload Sample
Remediation Steps:
Isolate the infected system, remove the malware, and immediately reset all potentially compromised credentials (browser logins, crypto wallets, and all affected online accounts). Enable multi-factor authentication on all critical accounts, conduct a thorough system scan, and review network logs for any signs of data exfiltration.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 04/01/2026. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$