SYMBOLCOMMON_NAMEaka. SYNONYMS
win.redosdru (Back to overview)

Redosdru

Redosdru is a malware family that primarily acts as a downloader. Upon execution, it may drop downloaded DLLs in the "%ProgramFiles%\AppPatch" directory. The malware modifies the Windows registry to ensure its persistence, adding entries to run automatically at system startup.

References
2024-06-17medium Andrew PetusAndrew Petus
Reverse Engineering Redosdru String Decryption
Redosdru
2021-08-06SonicWallSonicWall
Redosdru.v Malware that hides in encrypted DLL Files to avoid Detection by Firewalls
Redosdru

There is no Yara-Signature yet.