Skip to main content
Skip to main content
Microsoft Security Intelligence
Published Jun 20, 2022 | Updated Mar 19, 2024


Detected by Microsoft Defender Antivirus

Aliases: No associated aliases


This is a generic detection for RedLine packer. The final payload of it is a MSIL file.

First observed in 2020 and advertised on various cybercriminal forums as a malware-as-a-service (MaaS), RedLine is an information stealer mainly targeting Windows user credentials and cryptocurrency wallets, as well as browser information, FTP connections, game chat launchers, and OS information like system hardware, processes names, time zone, IP address, geolocation information, OS version, and default language.

For information about RedLine and other human-operated malware campaigns, read these blog posts: 

Users can take the following steps to mitigate the threat:

  • Isolate the infected system from the network.
  • Look for compromised accounts in the network.
  • Change credentials for compromised accounts.
  • Clear the applicable run entries, scheduled tasks, and files with uncommon name found in %temp% or %appdata% locations.

Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Devices infected by this trojan might be severely compromised and require complete restoration. Consider restoring your device. When restoring data, ensure that it is a clean, uninfected copy.

Follow us