1. Remote Access and Control
- Remote Desktop: Grants attackers full control of the victim’s desktop, enabling mouse and keyboard manipulation. A GUI interface displays system details (IP address, OS, username) for real-time management.
- Remote Shell: Executes command-line instructions on the infected system, allowing attackers to run scripts or commands (e.g., via cmd.exe). Supports asynchronous input/output streams for seamless interaction.
- Process Manager: Monitors and manipulates running processes, with options to kill, delete, or restart processes to maintain persistence or disable security software.
- 2025 Enhancements: Likely includes remote control over touch-based interfaces (e.g., Windows tablets) and integration with remote desktop protocols for low-latency access over 5G networks.
- Keylogger: Captures keystrokes to steal passwords, cryptocurrency wallet keys, and other sensitive data. Uses GetAsyncKeyState to monitor key presses/releases, with support for Shift and Caps Lock handling. Logs are saved locally or sent to the C2 server.
- Screen Capture: Takes screenshots of the victim’s desktop to gather visual data, such as open applications or login screens.
- Webcam and Microphone Access: Activates the victim’s camera and microphone for real-time surveillance. Historical issues with missing DLLs (e.g., NAudio.dll, Pepsi.dll) for audio functionality have been noted, but a 2025 version would likely resolve these for stable operation.
- Credential Stealing: Extracts saved credentials from browsers (Chrome, Firefox, Edge) and applications like Discord, Steam, and Telegram.
- File Manager: Allows attackers to upload, download, delete, or manipulate files on the infected system. Supports directory navigation and file execution (e.g., via URLs).