- See below for each modules documentation
- To get to modules right click a call back and you will see the following options
| Surveillance |
|---|
| Remote Shell |
| Remote Screen |
| Remote Camera |
| Remote Regedit |
| File Manager |
| Process Manager |
| Netstat |
| Record |
| Program Notifications (Start | Stop) |
- Exactly what it sounds like
- Click on the module wait for below to appear
Microsoft Windows [Version 10.0.20348.1787]
(c) Microsoft Corporation. All rights reserved.
- This is a
cmd.exeprompt not a powershell prompt! - Use the white bar at the bottom to execute commands
-
Also exactly what it sounds like
-
View the remote screen of the remote system
-
It can take a second to load, please be patient.
-
Screen sharing can be controlled (off/on) with the
Startbutton at the top left -
Option to
View onlyor control the remote machine via yourmouseandkeyboard -
To turn either on press the respective button at the top
-
Can also take auto screenshots with the
Camerabutton also at the top- By default it will capture the screen every ~3 seconds
- IMO that is far too fast, I am working on tuning it to roughly every 30 seconds to drop the amount of network traffic that is required with the screenshots.
- View the remote systems webcam
- Requires loading
RemoteCamera.dllinto memory which will happen automatically - If no camera if found the pop up will exit automatically
- Remotely view the registry in addition to creation of new keys or modification of existing keys
- To create a new key click on
Editat the top and follow the prompts - It is nearly identical to the normal
Regeditprogram on Windows
- File manager for remote upload, download, compressing and general file manager options
- Just point and click
- To move up a directory after traversing down the file system ensure you
Right Click --> Back- That took me longer to figure out than I care to admit pubically
- When you download a file a
ClientsFolderwill get created, you can find your exfil'ed file there
DcRat\Binaries\Debug\ClientsFolder\1427F5A9B444217138E1 #String is client id
- Exactly like it sounds
- View running process
- Right Click to
RefreshorKilla specific process - Refreshes pulls a up to date process list
- It is better opsec to not constantly upload as that can greatly increate the amount of network traffic
- Exactly like it sounds
- View network connection on the remote host
Right Clickand selectRefreshorKill- Selecting
Killattempts to kill the process creating that network connection
- Record the audio off the remote systems microphone
- If the remote system has no microphone you will get an error in the logs
- Requires the
Audio.dllfile to be automatically loaded onto the remote systems memory
- Alert the operator when a specific remote process is launched on the system
- Defaults to
Uplay,QQ,Chrome,Edge,Word,Excel,PowerPoint,Epic,Steam - Currently changed to:
Chrome,Edge,Firefox,Word,Excel,PowerPoint,Task Manager
| Control | |||
|---|---|---|---|
| Send File --> | From URL | Send File to Disk | Send File to Memory |
| Run Shellcode | |||
| Message Box | |||
| Chat | |||
| Visit Website | |||
| Change Wallpaper | |||
| Keylogger | |||
| File Search |
| Malware | ||
|---|---|---|
| DDOS | ||
| Ransomware --> | Encrypt | Decrypt |
| Disable WD | ||
| Password Recovery | ||
| Disable UAC |
-- All modules not currently listed yet
 (3).png)
 (2).png)
 (1) (1) (1) (1).png)
.png)
.png)
.png)
.png)
.png)