Details
Malware Family Greame
Date Added Jan. 30, 2016, 3 a.m.
MD5 e57f229fc9a6d589745858abe54fc144
Sha256 435c284c0778e6fe7c734472f90e7471ec4919e336bd5cdb0cc5cfd7d90681bb
Robot Robots lovingly delivered by robohash.org
Config Sections
FTP Interval 30
Startup Policies Policies
FTP Address ftp.server.com
FTP Directory ./logs/
FTP Port 21
REG Key HKLM HKLM
Mutex XxXx
P2P Spread
Install Message Title Greame RAT
USB Spread FALSE
Activate Keylogger TRUE
Hide File TRUE
Process Injection None
FTP Password +
Enable Message Box TRUE
Melt File FALSE
Change Creation Date TRUE
ServerID Server_Fire
Password 123456
REG Key HKCU HKCM
Keylogger Backspace = Delete TRUE
Google Chrome Passwords
Install Directory Large
Install Message Box Greame Remote Admin Tool Install Settings Keylogger
Message Box Icon 16
Install File Name server.exe
Keylogger Enable FTP FALSE
Install Flag TRUE
Message Box Button 0
Domain 127.0.0.1
FTP UserName ftp_user
Persistance TRUE
Active X Startup {HBMRK0H8-355I-2NPQ-EU0Q-WSBOKI82R354ASDF}
Port 21
Advertising
VirusTotal

39 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus