Concrete signature match: Trojan - Appears legitimate but performs malicious actions for PowerShell platform, family RedLineStealer
This is a concrete detection of Trojan:PowerShell/RedLineStealer, an advanced info-stealing malware. Executed via PowerShell, it exfiltrates sensitive user data like credentials, browser information, and crypto wallet details, likely communicating with a command-and-control server at 37.0.11.164.
Relevant strings associated with this threat: - 37.0.11.164 (PEHSTR_EXT) - InitializeComponent (PEHSTR_EXT)
398d1ecd729fde2109b3cf23c9c8360e15506a41fad4170c412eb314332d7c5d86fc9cde275dcb6c6d6f165cf563bd42e95511c8fa5dabe9104bb8a183a397b1Immediately isolate the affected system and perform a full endpoint scan to remove the threat. Force password resets for all potentially compromised accounts (including browser-saved, email, and cryptocurrency wallets). Enhance endpoint security and review network logs for C2 communication to prevent re-infection.