Trojan

About “Trojan:Win32/Redline.NXT!MTB” infection

Malware Removal

The Trojan:Win32/Redline.NXT!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Redline.NXT!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Korean
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family

How to determine Trojan:Win32/Redline.NXT!MTB?



File Info:

name: B421C83151510488D41A.mlw
path: /opt/CAPEv2/storage/binaries/66a70a77be49ae711d0e6b30c989defcf366de4404998a4b2043910b8a11f49e
crc32: 0FDB561C
md5: b421c83151510488d41af21dff93c318
sha1: e3ebf3292a363090dd9e8c3016252ee75b811c84
sha256: 66a70a77be49ae711d0e6b30c989defcf366de4404998a4b2043910b8a11f49e
sha512: bf69e0ca467289ae4aaa6cb673ac92f66650672a9ecc79759d133e2d098a710a822dc3a524ee80104782292c5e5a65deb81f3da37c1b0b90e232961f3f696c34
ssdeep: 12288:mECmgi9SlAEqXHAQZElJykYuOyxufy4CKCLpVtjVk:rEi9hXghqlXTkpzO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T165A4DF00FA90C039F4B766F845BA9368B93A7EA16B6411CF12D53AEA57385E1FC31707
sha3_384: 536362bc48972caf13333c1665a04977da1e8af8314ba9f7d09b9603ecc24e74958561dcc9b07ec40fb1f43c9cd069c7
ep_bytes: 8bff558bece8a6940000e8110000005d
timestamp: 2021-04-29 04:42:39


Version Info:

Translations: 0x0283 0x00aa

Trojan:Win32/Redline.NXT!MTB also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
ClamAVWin.Packed.Crypterx-9964586-0
FireEyeGeneric.mg.b421c83151510488
CylanceUnsafe
SangforTrojan.Win32.Save.a
Cybereasonmalicious.92a363
CyrenW32/Kryptik.HIO.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
APEXMalicious
CynetMalicious (score: 100)
AvastPWSX-gen [Trj]
TrendMicroRansom.Win32.STOP.SMYXBFX.hp
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
MicrosoftTrojan:Win32/Redline.NXT!MTB
GoogleDetected
McAfeePacked-GEE!B421C8315151
VBA32BScope.TrojanDownloader.Smoke
RisingTrojan.Generic@AI.100 (RDML:SmjrY9cyNT5KiDk+Jwl4mg)
IkarusTrojan-Ransom.StopCrypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HHPX!tr
AVGPWSX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan:Win32/Redline.NXT!MTB?

Trojan:Win32/Redline.NXT!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment