Micropsia

Micropsia is a remote access tool written in Delphi.[1][2]

ID: S0339
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1123Audio CaptureMicropsia can perform microphone recording.[2]
EnterpriseT1119Automated CollectionMicropsia executes an RAR tool to recursively archive files based on a predefined list of file extensions (*.xls, *.xlsx, *.csv, *.odt, *.doc, *.docx, *.ppt, *.pptx, *.pdf, *.mdb, *.accdb, *.accde, *.txt).[2]
EnterpriseT1059Command-Line InterfaceMicropsia creates a command-line shell using cmd.exe.[2]
EnterpriseT1002Data CompressedMicropsia creates a RAR archive based on collected files on the victim's machine.[2]
EnterpriseT1083File and Directory DiscoveryMicropsia can perform a recursive directory listing for all volume drives available on the victim's machine and can also fetch specific files by their paths.[2]
EnterpriseT1158Hidden Files and DirectoriesMicropsia creates a new hidden directory to store all components' outputs in a dedicated sub-folder for each.[2]
EnterpriseT1056Input CaptureMicropsia has keylogging capabilities.[2]
EnterpriseT1027Obfuscated Files or InformationMicropsia obfuscates the configuration with a custom Base64 and XOR.[1][2]
EnterpriseT1105Remote File CopyMicropsia can download and execute an executable from the C2 server.[1][2]
EnterpriseT1113Screen CaptureMicropsia takes screenshots every 90 seconds by calling the Gdi32.BitBlt API.[2]
EnterpriseT1063Security Software DiscoveryMicropsia searches for anti-virus software and firewall products installed on the victim’s machine using WMI.[1][2]
EnterpriseT1023Shortcut ModificationMicropsia creates a shortcut to maintain persistence.[1]
EnterpriseT1071Standard Application Layer ProtocolMicropsia uses HTTP and HTTPS for C2 network communications.[1][2]
EnterpriseT1082System Information DiscoveryMicropsia gathers the hostname and OS version from the victim’s machine.[1][2]
EnterpriseT1033System Owner/User DiscoveryMicropsia collects the username from the victim’s machine.[1]
EnterpriseT1047Windows Management InstrumentationMicropsia searches for anti-virus software and firewall products installed on the victim’s machine using WMI.[1][2]

References