S0667 Chrommme
Chrommme is a backdoor tool, written using the Microsoft Foundation Class (MFC) framework, that has infrastructure overlaps with Gelsemium.1
| Item | Value |
|---|---|
| ID | S0667 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 01 December 2021 |
| Last Modified | 01 December 2021 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1105 | Ingress Tool Transfer | Chrommme can download its code from C2.1 |
| enterprise | T1027 | Obfuscated Files or Information | Chrommme can encrypt sections of its code to evade detection.1 |
| enterprise | T1113 | Screen Capture | Chrommme has the ability to capture screenshots.1 |
| enterprise | T1082 | System Information Discovery | Chrommme has the ability to list drives.1 |
| enterprise | T1016 | System Network Configuration Discovery | Chrommme can enumerate the IP address of a compromised host.1 |
| enterprise | T1033 | System Owner/User Discovery | Chrommme can retrieve the username from a targeted system.1 |
| enterprise | T1497 | Virtualization/Sandbox Evasion | - |
| enterprise | T1497.003 | Time Based Evasion | Chrommme can set itself to sleep before requesting a new command from C2.1 |