TrojanSpy.Win32.REDLINE.YXDEFZ

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Verbindet sich mit einer Website, um Daten zu versenden und zu empfangen. However, as of this writing, the said sites are inaccessible.

Übertragungsdetails

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Backdoor-Routine

Verbindet sich mit den folgenden Websites, um Daten zu versenden und zu empfangen.

• https://{BLOCKED}jobs.ru/frank.jpg
• http://{BLOCKED}.{BLOCKED}.{BLOCKED}.125:43393

However, as of this writing, the said sites are inaccessible.

Datendiebstahl

Folgende Daten werden gesammelt:

• CPU
• Domain Name
• GPU
• Installed Anti-virus Products
• OS Name and Version
• Running Processes
• Screen Resolution
• Serial Numbers of Disk Drives
• Username
• Windows Serial Number
• Installed Software

Andere Details

Es macht Folgendes:

• It steals wallet information from:
  • Binance Wallet
  • BitApp Wallet
  • BOLT X
  • Brave Wallet
  • Coin98
  • Coinbase Wallet
  • Equal Wallet
  • EVER Wallet
  • Guarda
  • GuildWallet
  • Harmony
  • iWallet
  • Jaxx Liberty
  • KardiaChain Wallet
  • Liquality Wallet
  • Math Wallet
  • MetaMask
  • MEW CX
  • MultiversX
  • Nami
  • Nifty Wallet
  • Oxygen - Atomic Crypto Wallet
  • Pali Wallet
  • Phantom
  • Ronin Wallet
  • Saturn Wallet
  • Station Wallet
  • TronLink
  • Wombat Wallet
  • XDEFI
  • Yoroi
• It steals browser data from:
  • 360Browser
  • 7Star Amigo
  • Atom
  • Brave Browser
  • Cent Browser
  • Chedot
  • Chrome Plus
  • Chromium
  • Chromodo
  • Citrio
  • CocCoc
  • Coinomi
  • Comodo
  • Coowon
  • CryptoTab Browser
  • Elements Browser
  • Epic Privacy Browser
  • Google Chrome
  • Iridium
  • K-Melon
  • Kometa
  • Maxthon3
  • Microsoft Edge
  • Mozilla Firefox
  • Sleipnir5
• It steals account information from:
  • Adobe
  • Battle.net