Software: RTM

From enterprise
Jump to: navigation, search
ID S0148
Aliases RTM
Type Malware
Platform Windows

RTM is custom malware written in Delphi. It is used by the group of the same name (RTM).1

Techniques Used

  • File and Directory Discovery - RTM can scan victim drives to look for specific banking software on the machine to determine next actions. It also looks at browsing history and open tabs for specific strings.1
  • Automated Collection - RTM monitors browsing activity and automatically captures screenshots if a victim browses to a URL matching one of a list of strings.1
  • Input Capture - RTM can record keystrokes from both the keyboard and virtual keyboard.1
  • Bypass User Account Control - RTM can attempt to run the program as admin, then show a fake error message and a legitimate UAC bypass prompt to the user in an attempt to socially engineer the user into escalating privileges.1


The following groups use this software: