S0261 Catchamas
Catchamas is a Windows Trojan that steals information from compromised systems. 1
| Item | Value |
|---|---|
| ID | S0261 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.1 |
| Created | 17 October 2018 |
| Last Modified | 09 February 2021 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1010 | Application Window Discovery | Catchamas obtains application windows titles and then determines which windows to perform Screen Capture on.1 |
| enterprise | T1115 | Clipboard Data | Catchamas steals data stored in the clipboard.1 |
| enterprise | T1543 | Create or Modify System Process | - |
| enterprise | T1543.003 | Windows Service | Catchamas adds a new service named NetAdapter to establish persistence.1 |
| enterprise | T1074 | Data Staged | - |
| enterprise | T1074.001 | Local Data Staging | Catchamas stores the gathered data from the machine in .db files and .bmp files under four separate locations.1 |
| enterprise | T1056 | Input Capture | - |
| enterprise | T1056.001 | Keylogging | Catchamas collects keystrokes from the victim’s machine.1 |
| enterprise | T1036 | Masquerading | - |
| enterprise | T1036.004 | Masquerade Task or Service | Catchamas adds a new service named NetAdapter in an apparent attempt to masquerade as a legitimate service.1 |
| enterprise | T1112 | Modify Registry | Catchamas creates three Registry keys to establish persistence by adding a Windows Service.1 |
| enterprise | T1113 | Screen Capture | Catchamas captures screenshots based on specific keywords in the window’s title.1 |
| enterprise | T1016 | System Network Configuration Discovery | Catchamas gathers the Mac address, IP address, and the network adapter information from the victim’s machine.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0076 | Thrip | 2 |