Redaman

Redaman, first reported as the RTM banking Trojan in 2015, is a sophisticated malware that primarily targets users conducting transactions with Russian financial institutions. Major cybersecurity vendors such as Symantec and Microsoft identified an updated version of this malicious software in 2017. The malware operates covertly, infecting systems through suspicious downloads, emails, or websites, and can steal personal information, disrupt operations, or hold data hostage for ransom. In the last quarter of 2018, there was a significant increase in Redaman activity. Our analysis found versions of Redaman being distributed through Russian language mass-distribution campaigns. It was during this period that we discovered over 100 examples of malspam carrying the malware. Detailed examination of Redaman samples, including SHA256 file hashes, archive file names, and extracted file names, were conducted from September through December 2018. The Redaman malware exhibits advanced capabilities such as application-defined hook procedures to monitor browser activity, specifically on Chrome, Firefox, and Internet Explorer. It has been found in various forms including executable files and DLL files. Our threat prevention platform effectively detects this malware, providing robust protection against it. This report provides further details on the Redaman malware discovered from September through December of 2018, offering a closer look at its distribution and behavior during that timeframe.