Description
The Password Recovery feature in malware is engineered to retrieve stored passwords from a variety of sources on the compromised system. Unlike brute-force or dictionary attacks that attempt to guess passwords, this feature targets saved credentials in browsers, email clients, and even software applications. The malware may scan cookies, encrypted password vaults, and even specific registry entries to recover these hidden gems of authentication data. Once harvested, the credentials can be used for privilege escalation, unauthorized access to sensitive accounts, or even financial fraud. The Password Recovery feature thus serves a critical role in the malware's arsenal, enabling the attacker to extend their reach within the compromised system and across linked networks or accounts, all while bypassing traditional methods of authentication.
| Categories | Lateral Movements, Privilege Escalation, Credentials |
| Dangerousness | High |
Existing Techniques
| Name | Associated Feature(s) | Has Snippet | Matching Sample |
|---|---|---|---|
 Clipboard Content Reading
|
Clipboard Manager, Password Recovery | 0 | |
 Process Dump
|
Process Manager, Password Recovery | 0 |
acid Drop 1.5
Infector NG 2004 2.1.0
Optix Pro 1.33
Beast 2.07
Flux 1.0
CIA 1.3
ProAgent 2.0
ProRat 1.9
Y3K rat 2k5 RC 1.0
Y3K rat 2k5 RC 1.1
Turkojan 3.0
Bifrost 1.2.1
Bandook 1.35
Poison Ivy 2.3.0
Hav-Rat 1.3.2
sharK 2.4.0 Fwb+
DARKMOON 4.11 Private Edition
Bump-Rat 1.2 Beta
Universal1337 V2
Poison Ivy 2.3.2
Lost Door 1.0
ZombieRat 1.2
Lost Door 2.0
Turkojan 4
Turkojan 4.0
Lost Door 2.2
Aero 2
Lost Door 3.0 Stable
SynRAT 4.0.1
Cerberus 1.0 Beta
Cerberus 1.01 Beta
Cerberus 1.02 Beta
SynRAT 4.3.1-A-1
Apocalypse RAT 1.4
Cerberus 1.03.4
Spy-Net 2.6
DarkComet RAT 1.3
Cerberus 1.03.5 Beta
DarkComet RAT 2.0 RC4
CyberGate 1.04.8
Lost Door 4.3.1
DarkComet RAT 2.0 RC7
Schwarze Sonne 1.0
Lost Door 5.1
Xtreme RAT 2.9
DarkComet RAT 5.3
DarkComet RAT 5.3.1
Bozok 1.4
NjRat 0.7d
Quasar 1.0