Details
Malware Family Greame
Date Added Jan. 7, 2016, 11:40 p.m.
MD5 bed02c62ec05f4093c218bb810497c1c
Sha256 58c17b23b8ee1a8afd4c8ab2230c8a004aa8a109c1195fae176ac45e4381505e
Robot Robots lovingly delivered by robohash.org
Config Sections
FTP Interval 30
Startup Policies Policies
FTP Address ftp.server.com
FTP Directory ./logs/
FTP Port 21
REG Key HKLM
Mutex B6F8
P2P Spread
Install Message Title Greame RAT
USB Spread TRUE
Activate Keylogger TRUE
Hide File FALSE
Process Injection None
FTP Password +
Enable Message Box FALSE
Melt File FALSE
Change Creation Date FALSE
ServerID
Password 123456
REG Key HKCU
Keylogger Backspace = Delete TRUE
Google Chrome Passwords http://www.server.com/XXXX.dll
Install Directory Large
Install Message Box Greame Remote Admin Tool Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger Install Settings Keylogger
Message Box Icon 32
Install File Name Google.exe
Keylogger Enable FTP FALSE
Install Flag TRUE
Message Box Button 0
Domain aliqq123.no-ip.biz
FTP UserName ftp_user
Persistance TRUE
Active X Startup {XA8HSKU6-G47K-S6J7-V1N3-0JKJ6703EE2L}
Port 999
Advertising
VirusTotal

30 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
aliqq123.no-ip.biz 37.237.204.21 IQ
Geo Location
Yara Rules
Comments
comments powered by Disqus