Catchamas is a Windows Trojan that steals information from compromised systems. [1]

ID: S0261
Platforms: Windows

Version: 1.0

Techniques Used

EnterpriseT1010Application Window DiscoveryCatchamas obtains application windows titles and then determines which windows to perform Screen Capture on.[1]
EnterpriseT1115Clipboard DataCatchamas steals data stored in the clipboard.[1]
EnterpriseT1074Data StagedCatchamas stores the gathered data from the machine in .db files and .bmp files under four separate locations.[1]
EnterpriseT1056Input CaptureCatchamas collects keystrokes from the victim’s machine.[1]
EnterpriseT1036MasqueradingCatchamas adds a new service named NetAdapter in an apparent attempt to masquerade as a legitimate service.[1]
EnterpriseT1112Modify RegistryCatchamas creates three Registry keys to establish persistence by adding a New Service.[1]
EnterpriseT1050New ServiceCatchamas adds a new service named NetAdapter to establish persistence.[1]
EnterpriseT1113Screen CaptureCatchamas captures screenshots based on specific keywords in the window’s title.[1]
EnterpriseT1016System Network Configuration DiscoveryCatchamas gathers the Mac address, IP address, and the network adapter information from the victim’s machine.[1]


Groups that use this software: