05-26-2023, 04:54 AM
Remote command execution
Silent background process
Download and run file (Hidden)
Safe Mode startup
UAC Bypass
Will automatically connect to the server
Data sent and received is encrypted (substitution cipher)
Files are hidden
File Infector
Symmetric Cryptography
Hijack Execution Flow: DLL Side-Loading
Deobfuscate/Decode Files or Information
Input Capture Keylogging
Command and Scripting Interpreter
Installed Antivirus shown to server
Indicator Removal: Clear Windows Event Logs
Indicator Removal: File Deletion
Easily spread malware through download feature
Startup info doesn't show in msconfig or other startup checking programs like CCleaner
Disable Task Manager
TCP Connections
Non-Application Layer Protocol
ActiveWindows
StartupManager
Registry Editor
Process Manager
Clipboard Manager
Shell
Installed Programs
DDos Attack
VB Net Compiler
Location Manager [GPS - IP]
File Manager
Client [Restart - Close - Uninstall - Update - Block - Note]
Power [Shutdown - Restart - Logoff]
Silent background process
Download and run file (Hidden)
Safe Mode startup
UAC Bypass
Will automatically connect to the server
Data sent and received is encrypted (substitution cipher)
Files are hidden
File Infector
Symmetric Cryptography
Hijack Execution Flow: DLL Side-Loading
Deobfuscate/Decode Files or Information
Input Capture Keylogging
Command and Scripting Interpreter
Installed Antivirus shown to server
Indicator Removal: Clear Windows Event Logs
Indicator Removal: File Deletion
Easily spread malware through download feature
Startup info doesn't show in msconfig or other startup checking programs like CCleaner
Disable Task Manager
TCP Connections
Non-Application Layer Protocol
ActiveWindows
StartupManager
Registry Editor
Process Manager
Clipboard Manager
Shell
Installed Programs
DDos Attack
VB Net Compiler
Location Manager [GPS - IP]
File Manager
Client [Restart - Close - Uninstall - Update - Block - Note]
Power [Shutdown - Restart - Logoff]