Password Recovery Feature - Malware Gallery

Description

The Password Recovery feature in malware is engineered to retrieve stored passwords from a variety of sources on the compromised system. Unlike brute-force or dictionary attacks that attempt to guess passwords, this feature targets saved credentials in browsers, email clients, and even software applications. The malware may scan cookies, encrypted password vaults, and even specific registry entries to recover these hidden gems of authentication data. Once harvested, the credentials can be used for privilege escalation, unauthorized access to sensitive accounts, or even financial fraud. The Password Recovery feature thus serves a critical role in the malware's arsenal, enabling the attacker to extend their reach within the compromised system and across linked networks or accounts, all while bypassing traditional methods of authentication.

Categories	Lateral Movements, Credentials, Privilege Escalation
Dangerousness	High

Existing Techniques

Name	Associated Feature(s)	Has Snippet	Matching Sample
Clipboard Content Reading	Clipboard Manager, Password Recovery		0
Process Dump	Process Manager, Password Recovery		0

Associated with Releases

Version	Origins	Authors	Languages	Release Date
CIA 1.3	England 🏴󠁧󠁢󠁥󠁮󠁧󠁿	Alchemist	Visual Basic 6 (VB6)	Dec, 2004
ProAgent 2.0	Turkey 🇹🇷	ATmaCA	Borland C++	Mar, 2005
ProRat 1.9	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Mar, 2005
Y3K rat 2k5 RC 1.0	Austria 🇦🇹	SHA	Delphi	Jun, 2005
DARKMOON 4.11 / 4.11 Private Edition	Spain 🇪🇸	shukisnike	Delphi	Jun, 2005
Turkojan 3.0	Turkey 🇹🇷	Fungus	Delphi	Sep, 2006
Bifrost 1.2.1	Sweden 🇸🇪	ksv	C++	Jan, 2007
Bandook 1.35	Lebanon 🇱🇧	PrinceAli	Delphi, C++	Apr, 2007
Poison Ivy 2.3.0	Sweden 🇸🇪	Shapeless	Delphi, MASM	Jun, 2007
Hav-Rat 1.3.2	Sweden 🇸🇪	Havalito	Delphi	Jul, 2007
sharK 2.4.0 Fwb+	Germany 🇩🇪	sNiper109 , rockZ	Visual Basic 6 (VB6)	Aug, 2007
Poison Ivy 2.3.2	Sweden 🇸🇪	Shapeless	Delphi, MASM	Jan, 2008
Turkojan 4	Turkey 🇹🇷	FµNGµ§	Delphi	Feb, 2008
Turkojan 4.0	Turkey 🇹🇷	Fungus	Delphi	Mar, 2008
Lost Door 3.0 Stable	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Mar, 2009
SynRAT 4.0.1	France 🇫🇷	DarkCoderSc	Delphi	May, 2009
Cerberus 1.0 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
Cerberus 1.01 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
Cerberus 1.02 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
SynRAT 4.3.1-A-1	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Aug, 2009
Apocalypse RAT 1.4	Turkey 🇹🇷	ap0calypse	Delphi	Aug, 2009
Cerberus 1.03.4	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Sep, 2009
Spy-Net 2.6	Brazil 🇧🇷	Raphael	Delphi	Oct, 2009
DarkComet RAT 1.3	France 🇫🇷	DarkCoderSc		Nov, 2009
Cerberus 1.03.5 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Dec, 2009
DarkComet RAT 2.0 RC4	France 🇫🇷	DarkCoderSc	Delphi	Mar, 2010
CyberGate 1.04.8	United States 🇺🇸	johnyk	Delphi	Apr, 2010
Lost Door 4.3.1	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Apr, 2010
DarkComet RAT 2.0 RC7	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Jun, 2010
Schwarze Sonne 1.0	Unknown 🏴‍☠️, Germany 🇩🇪, Turkey 🇹🇷	ap0calypse , Slayer616 , Counterstrikewi	Delphi	Jun, 2010
Lost Door 5.1	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Oct, 2010
Xtreme RAT 2.9	Brazil 🇧🇷	Raphael	Delphi	Jul, 2011
DarkComet RAT 5.3	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Jun, 2012
DarkComet RAT 5.3.1	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Jun, 2012
NjRat 0.7d	Kuwait 🇰🇼	njq8	VB .net	Dec, 2013
Quasar 1.0	Unknown 🏴‍☠️	MaxXor	C#	Aug, 2015