Campaigns have been observed deploying the Redaman or the RTM banking Trojan. Once a system is compromised, the malware performs regular scans for any banking software or web activity, and exﬁltrates the data to command and control (C&C) servers. Over 170 unique malicious ﬁle hashes have been found to be associated with this campaign.
The resulting C&C web traﬃc downloads additional malicious payloads on infected systems.
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)