Description
The File Manager feature in malware serves as a Swiss Army knife for cybercriminals, enabling them to list, download, upload, or delete files on a compromised system. Acting as an illicit file explorer, this feature provides comprehensive access to the victim's stored data, whether it's sensitive personal information, valuable intellectual property, or configuration files that can be manipulated for further compromise. The ability to upload files also means the attacker can place additional malicious payloads or tools on the system, facilitating a deeper level of exploitation. Likewise, the download function allows for easy exfiltration of valuable or sensitive data. Deleting files can either be used to cover tracks or cause harm, making the File Manager feature a versatile tool in the arsenal of a cybercriminal.
| Categories | File System, Alteration, Disruption, Exfiltration |
| Dangerousness | High |
Existing Techniques
| Name | Associated Feature(s) | Has Snippet | Matching Sample |
|---|---|---|---|
 Execute Programs
|
File Manager, Shell Access | 0 | |
 File Search
|
File Manager | 0 | |
 File System Enumeration
|
File Manager | 0 | |
 Network Shares Enumeration
|
File Manager, Network Manager | 0 |
Associated with Releases
| Version | Origins | Authors | Languages | Release Date |
|---|---|---|---|---|
 Schwarze Sonne 1.0
|
Unknown 🏴☠️, Germany 🇩🇪, Turkey 🇹🇷 | ap0calypse , Slayer616 , Counterstrikewi | Delphi | Jun, 2010 |
 Lost Door 5.1
|
Tunisia 🇹🇳 | OussamiO | Visual Basic 6 (VB6) | Oct, 2010 |
 Coolvibes 1 Update 8
|
Spain 🇪🇸 | Thor | Delphi | May, 2011 |
 Xtreme RAT 2.9
|
Brazil 🇧🇷 | Raphael | Delphi | Jul, 2011 |
 DarkComet RAT 5.3
|
France 🇫🇷 | DarkCoderSc | Assembly, Delphi | Jun, 2012 |
 DarkComet RAT 5.3.1
|
France 🇫🇷 | DarkCoderSc | Assembly, Delphi | Jun, 2012 |
 NjRat 0.7d
|
Kuwait 🇰🇼 | njq8 | VB .net | Dec, 2013 |
 Quasar 1.0
|
Unknown 🏴☠️ | MaxXor | C# | Aug, 2015 |
 Lost Door 9.2 Aws
|
Tunisia 🇹🇳 | OussamiO | Visual Basic 6 (VB6) | Jan, 2022 |