Details
Malware Family Greame
Date Added Jan. 7, 2016, 11:37 p.m.
MD5 8c472468ff4ba0ca85cb3b0376a99e8c
Sha256 55b991c792ce6349c6c02146a2a576a77e7217c7b941445ab5de39d548648618
Robot Robots lovingly delivered by robohash.org
Config Sections
FTP Interval 30
Startup Policies Policies
FTP Address ftp.server.com
FTP Directory ./logs/
FTP Port 21
REG Key HKLM HKLM
Mutex XxXx
P2P Spread
Install Message Title Greame RAT
USB Spread FALSE
Activate Keylogger FALSE
Hide File TRUE
Process Injection None
FTP Password +
Enable Message Box FALSE
Melt File FALSE
Change Creation Date FALSE
ServerID Server_Fire
Password 123456
REG Key HKCU HKCM
Keylogger Backspace = Delete FALSE
Google Chrome Passwords http://www.server.com/XXXX.dll
Install Directory Large
Install Message Box Greame Remote Admin Tool Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger
Message Box Icon 32
Install File Name server.exe
Keylogger Enable FTP FALSE
Install Flag FALSE
Message Box Button 0
Domain 127.0.0.1
FTP UserName ftp_user
Persistance FALSE
Active X Startup {MB3JKSW-Y883-WE0K-IY6U-SL6N6I178}
Port 999
Advertising
VirusTotal

40 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus