Skip to content

S0667 Chrommme

Chrommme is a backdoor tool, written using the Microsoft Foundation Class (MFC) framework, that has infrastructure overlaps with Gelsemium.1

Item Value
ID S0667
Associated Names
Version 1.0
Created 01 December 2021
Last Modified 01 December 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1105 Ingress Tool Transfer Chrommme can download its code from C2.1
enterprise T1027 Obfuscated Files or Information Chrommme can encrypt sections of its code to evade detection.1
enterprise T1113 Screen Capture Chrommme has the ability to capture screenshots.1
enterprise T1082 System Information Discovery Chrommme has the ability to list drives.1
enterprise T1016 System Network Configuration Discovery Chrommme can enumerate the IP address of a compromised host.1
enterprise T1033 System Owner/User Discovery Chrommme can retrieve the username from a targeted system.1
enterprise T1497 Virtualization/Sandbox Evasion -
enterprise T1497.003 Time Based Evasion Chrommme can set itself to sleep before requesting a new command from C2.1


Back to top