Details
Malware Family Greame
Date Added Nov. 26, 2018, 6:25 a.m.
MD5 d59babdda5d1cc050e8d415d0e0baf12
Sha256 948e2328d3bfab5122e8c86fa7c001961c29252afae487a9dab6775f37e49a96
Robot Robots lovingly delivered by robohash.org
Config Sections
FTP Interval 30
Startup Policies Policies
FTP Address ftp.server.com
FTP Directory ./logs/
FTP Port 21
REG Key HKLM
Mutex XxXx
P2P Spread
Install Message Title Greame RAT
USB Spread FALSE
Activate Keylogger TRUE
Hide File FALSE
Process Injection None
FTP Password +
Enable Message Box FALSE
Melt File FALSE
Change Creation Date FALSE
ServerID Server_Fire
Password 123456
REG Key HKCU
Keylogger Backspace = Delete TRUE
Google Chrome Passwords
Install Directory Large
Install Message Box Greame Remote Admin Tool Install Settings Keylogger
Message Box Icon 32
Install File Name server.exe
Keylogger Enable FTP FALSE
Install Flag TRUE
Message Box Button 0
Domain 192.168.60.130
FTP UserName ftp_user
Persistance TRUE
Active X Startup {MB3JKSW-Y883-WE0K-IY6U-SL6N6I178}
Port 999
Advertising
VirusTotal

48 out of 67 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
192.168.60.130 0
Geo Location
Yara Rules
Comments
comments powered by Disqus