Skip to content

S0261 Catchamas

Catchamas is a Windows Trojan that steals information from compromised systems. 1

Item Value
ID S0261
Associated Names
Version 1.1
Created 17 October 2018
Last Modified 09 February 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1010 Application Window Discovery Catchamas obtains application windows titles and then determines which windows to perform Screen Capture on.1
enterprise T1115 Clipboard Data Catchamas steals data stored in the clipboard.1
enterprise T1543 Create or Modify System Process -
enterprise T1543.003 Windows Service Catchamas adds a new service named NetAdapter to establish persistence.1
enterprise T1074 Data Staged -
enterprise T1074.001 Local Data Staging Catchamas stores the gathered data from the machine in .db files and .bmp files under four separate locations.1
enterprise T1056 Input Capture -
enterprise T1056.001 Keylogging Catchamas collects keystrokes from the victim’s machine.1
enterprise T1036 Masquerading -
enterprise T1036.004 Masquerade Task or Service Catchamas adds a new service named NetAdapter in an apparent attempt to masquerade as a legitimate service.1
enterprise T1112 Modify Registry Catchamas creates three Registry keys to establish persistence by adding a Windows Service.1
enterprise T1113 Screen Capture Catchamas captures screenshots based on specific keywords in the window’s title.1
enterprise T1016 System Network Configuration Discovery Catchamas gathers the Mac address, IP address, and the network adapter information from the victim’s machine.1

Groups That Use This Software

ID Name References
G0076 Thrip 2