Catchamas
ID: S0261
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 17 October 2018
Last Modified: 09 February 2021
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1036 | .004 | 伪装: Masquerade Task or Service |
Catchamas adds a new service named NetAdapter in an apparent attempt to masquerade as a legitimate service.[1] |
| Enterprise | T1112 | 修改注册表 |
Catchamas creates three Registry keys to establish persistence by adding a Windows Service.[1] |
|
| Enterprise | T1543 | .003 | 创建或修改系统进程: Windows Service |
Catchamas adds a new service named NetAdapter to establish persistence.[1] |
| Enterprise | T1115 | 剪贴板数据 | ||
| Enterprise | T1113 | 屏幕捕获 |
Catchamas captures screenshots based on specific keywords in the window’s title.[1] |
|
| Enterprise | T1010 | 应用窗口发现 |
Catchamas obtains application windows titles and then determines which windows to perform Screen Capture on.[1] |
|
| Enterprise | T1074 | .001 | 数据分段: Local Data Staging |
Catchamas stores the gathered data from the machine in .db files and .bmp files under four separate locations.[1] |
| Enterprise | T1016 | 系统网络配置发现 |
Catchamas gathers the Mac address, IP address, and the network adapter information from the victim’s machine.[1] |
|
| Enterprise | T1056 | .001 | 输入捕获: Keylogging | |