EvilGrab

EvilGrab is a malware family with common reconnaissance capabilities. It has been deployed by menuPass via malicious Microsoft Office documents as part of spearphishing campaigns. [1]

ID: S0152
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1123Audio CaptureEvilGrab has the capability to capture audio from a victim machine.[1]
EnterpriseT1043Commonly Used PortEvilGrab uses port 8080 for C2.[1]
EnterpriseT1056Input CaptureEvilGrab has the capability to capture keystrokes.[1]
EnterpriseT1060Registry Run Keys / Startup FolderEvilGrab adds a Registry Run key for ctfmon.exe to establish persistence.[1]
EnterpriseT1113Screen CaptureEvilGrab has the capability to capture screenshots.[1]
EnterpriseT1125Video CaptureEvilGrab has the capability to capture video from a victim machine.[1]

Groups

Groups that use this software:

menuPass

References