Redaman

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Redaman, first reported as the RTM banking Trojan in 2015, is a sophisticated malware that primarily targets users conducting transactions with Russian financial institutions. Major cybersecurity vendors such as Symantec and Microsoft identified an updated version of this malicious software in 2017. The malware operates covertly, infecting systems through suspicious downloads, emails, or websites, and can steal personal information, disrupt operations, or hold data hostage for ransom. In the last quarter of 2018, there was a significant increase in Redaman activity. Our analysis found versions of Redaman being distributed through Russian language mass-distribution campaigns. It was during this period that we discovered over 100 examples of malspam carrying the malware. Detailed examination of Redaman samples, including SHA256 file hashes, archive file names, and extracted file names, were conducted from September through December 2018. The Redaman malware exhibits advanced capabilities such as application-defined hook procedures to monitor browser activity, specifically on Chrome, Firefox, and Internet Explorer. It has been found in various forms including executable files and DLL files. Our threat prevention platform effectively detects this malware, providing robust protection against it. This report provides further details on the Redaman malware discovered from September through December of 2018, offering a closer look at its distribution and behavior during that timeframe.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
RTM
1
RTM is a malicious software, first reported as the RTM banking Trojan, that was initially detected by vendors such as Symantec and Microsoft in 2017. This malware operates on Windows 7 RTM (7600) and was later updated to a variant known as Redaman. The leaked source code of RTM has been utilized to
Rtm Banking Trojan
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Windows
Malware
Chrome
Sandbox
Banking
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Redaman Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Russian Language Malspam Pushing Redaman Banking Malware