Software: RTM

From enterprise
Jump to: navigation, search
RTM
Software
ID S0148
Aliases RTM
Type Malware
Platform Windows

RTM is custom malware written in Delphi. It is used by the group of the same name (RTM).1

Techniques Used

  • File and Directory Discovery - RTM can scan victim drives to look for specific banking software on the machine to determine next actions. It also looks at browsing history and open tabs for specific strings.1
  • Automated Collection - RTM monitors browsing activity and automatically captures screenshots if a victim browses to a URL matching one of a list of strings.1
  • Input Capture - RTM can record keystrokes from both the keyboard and virtual keyboard.1
  • Bypass User Account Control - RTM can attempt to run the program as admin, then show a fake error message and a legitimate UAC bypass prompt to the user in an attempt to socially engineer the user into escalating privileges.1

Groups

The following groups use this software: