ScreenshotRAT

ScreenshotRAT Report_Print.exe. BitBlt+GetDesktopWindow screen capture. SetThreadContext process injection. CryptAcquireContextA. dRc20#Y! hardcoded credentials h:/crossdev/ TDM-GCC 4.8.1 developer build path.

Threat Profile
Type RAT
Programming LanguageC (MinGW)
C2 ProtocolTCP/HTTP
First Seen2022
Targets Küresel
Purpose / Capabilities
  • Remote Access/Screenshot
No C2 servers have been identified for this family yet.

Research Reports (1)

High

ScreenshotRAT Report_Print.exe -- BitBlt GetDesktopWindow Ekran Yakalama, SetThreadContext Proses Enjeksiyonu, CryptAcquireContextA Windows CryptoAPI, dRc20#Y Hardcoded Kimlik Bilgisi, h:/crossdev TDM-GCC 4.8.1 Geliştirici Yapı Yolu | Yüksek

ScreenshotRAT 23ac461f Report_Print.exe x64. BitBlt GetDesktopWindow ekran yakalama. SetThreadContext proses enjeksiyonu. CryptAcquireContextA. dRc20#Y! hardcoded kimlik. h:/crossdev TDM-GCC 4.8.1.

Read Report →