Description
The Password Recovery feature in malware is engineered to retrieve stored passwords from a variety of sources on the compromised system. Unlike brute-force or dictionary attacks that attempt to guess passwords, this feature targets saved credentials in browsers, email clients, and even software applications. The malware may scan cookies, encrypted password vaults, and even specific registry entries to recover these hidden gems of authentication data. Once harvested, the credentials can be used for privilege escalation, unauthorized access to sensitive accounts, or even financial fraud. The Password Recovery feature thus serves a critical role in the malware's arsenal, enabling the attacker to extend their reach within the compromised system and across linked networks or accounts, all while bypassing traditional methods of authentication.
| Categories | Lateral Movements, Credentials, Privilege Escalation |
| Dangerousness | High |
Existing Techniques
| Name | Associated Feature(s) | Has Snippet | Matching Sample |
|---|---|---|---|
 Clipboard Content Reading
|
Clipboard Manager, Password Recovery | 0 | |
 Process Dump
|
Process Manager, Password Recovery | 0 |
Back Orifice 1.20
SubSeven 1.1
SubSeven 1.2
SubSeven 1.3
SubSeven 1.4
SubSeven 1.5
SubSeven 1.6
SubSeven 1.7
SubSeven 1.8
SubSeven 1.9
Back Orifice 2000 (BO2K) 1.0
SubSeven 1.9 Apocalypse
SubSeven 2.0
SchoolBus 2.0
SubSeven 2.1
Brutus AET2
Hack a Tack 2000
SubSeven 2.1.1 GOLD edition
SubSeven 2.1.2 M.U.I.E
Y3K rat 1.0
SubSeven 2.1.3 BONUS
SubSeven 2.1.4 DEFCON 8
Y3K rat 1.5
SubSeven 2.2
Y3K rat 1.6 MS
Optix Pro 1.0
Net-Devil 1.5
MoSucker 3.0b
Turkojan 1.0
SubSeven 2.1.5 Legends
CIA 1.0
CIA 1.1
Beast 2.01
LanFiltrator 1.1 Fix 1
Optix Pro 1.32
CIA 1.2
Beast 2.05
Beast 2.02
ProRat 1.1
ProRat 1.2
ProRat 1.3
Nuclear RAT 1.0 Beta 5
Beast 2.06
ProRat 1.4
ProRat 1.6
ProRat 1.8
Infector NG 2004 2.1.0
Optix Pro 1.33
Beast 2.07
Flux 1.0