Malware
GRIMAGENT
GRIMAGENT is a backdoor that can execute arbitrary commands, download files, create and delete scheduled tasks, and execute programs via scheduled tasks or via the ShellExecute API.
GRIMAGENT is a Windows malware family operated by UNC1878.
Background
GRIMAGENT is a backdoor capable of running arbitrary commands, downloading files, creating and removing scheduled tasks, and launching programs either through scheduled tasks or the ShellExecute API. It maintains persistence using a randomly named scheduled task together with a registry Run key. The implant reaches hard-coded C&C servers over HTTP, encrypting parts of its network traffic with both asymmetric and symmetric cryptography. GRIMAGENT was observed in several Ryuk Ransomware intrusions during 2020.
Source: Malpedia (Fraunhofer FKIE).