System Information Gathering Feature

Description

The System Information Gathering feature in malware serves as an initial reconnaissance tool, collecting a wealth of details about the compromised system's hardware and software configurations. This can include data such as operating system version, installed applications, network interfaces, and even the presence of security solutions. The gathered information can be pivotal for attackers in understanding the landscape they are operating in and in identifying vulnerabilities or weak spots for further exploitation. Significantly, the details about user privileges, running processes, and system configurations can reveal opportunities for privilege escalation. By knowing what level of access is available or what security patches may be missing, attackers can tailor their subsequent actions to exploit these weak points, thus ensuring a more effective and deeper level of system compromise. In essence, System Information Gathering provides a foundational knowledge base that guides the rest of the malware's activities, making it a crucial first step in a targeted attack.

Categories	Spy / Surveillance, Lateral Movements, Privilege Escalation
Dangerousness	High

Existing Techniques

Name	Associated Feature(s)	Has Snippet	Matching Sample
Hardware Information Gathering	System Information Gathering		0
Session Information Gathering	System Information Gathering		0
Windows User Enumeration	System Information Gathering		0

Associated with Releases

Version	Origins	Authors	Languages	Release Date
ProRat 1.4	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Feb, 2004
LanFiltrator 1.5 Beta III	Australia 🇦🇺	Read101	Delphi	Feb, 2004
ProRat 1.6	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Mar, 2004
ProRat 1.8	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Apr, 2004
Infector NG 2004 2.1.0	Belgium 🇧🇪, United Kingdom 🇬🇧	fc , Infiltration	Delphi	May, 2004
Optix Pro 1.33	Unknown 🏴‍☠️	s13az3	Delphi	Aug, 2004
Beast 2.07	Romania 🇷🇴	Tataye	Delphi	Aug, 2004
Flux 1.0	Unknown 🏴‍☠️	Gargamel	C++	Aug, 2004
CIA 1.3	England 🏴󠁧󠁢󠁥󠁮󠁧󠁿	Alchemist	Visual Basic 6 (VB6)	Dec, 2004
ProRat 1.9	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Mar, 2005
Y3K rat 2k5 RC 1.0	Germany 🇩🇪	SHA	Delphi	Jun, 2005
DARKMOON 4.11 / 4.11 Private Edition	Spain 🇪🇸	shukisnike	Delphi	Jun, 2005
Turkojan 3.0	Turkey 🇹🇷	Fungus	Delphi	Sep, 2006
Bifrost 1.2.1	Sweden 🇸🇪	ksv	C++	Jan, 2007
Bandook 1.35	Lebanon 🇱🇧	PrinceAli	Delphi, C++	Apr, 2007
Poison Ivy 2.3.0	Sweden 🇸🇪	Shapeless	Delphi, MASM	Jun, 2007
Hav-Rat 1.3.2	Sweden 🇸🇪	Havalito	Delphi	Jul, 2007
sharK 2.4.0 Fwb+	Germany 🇩🇪	sNiper109 , rockZ	Visual Basic 6 (VB6)	Aug, 2007
Nuclear RAT 2.1.0	Brazil 🇧🇷	Caesar2k	Delphi	Sep, 2007
Poison Ivy 2.3.2	Sweden 🇸🇪	Shapeless	Delphi, MASM	Jan, 2008
Turkojan 4	Turkey 🇹🇷	FµNGµ§	Delphi	Feb, 2008
Turkojan 4.0	Turkey 🇹🇷	Fungus	Delphi	Mar, 2008
sharK 3.1 fwb++	Germany 🇩🇪	sNiper109 , rockZ	Visual Basic 6 (VB6)	Mar, 2008
SynRAT 2.1	France 🇫🇷	DarkCoderSc	Delphi	Oct, 2008
Lost Door 3.0 Stable	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Mar, 2009
PrjRAPTOR 1.8	United States 🇺🇸	Ryan.M	Visual Basic 6 (VB6)	Jul, 2009
Cerberus 1.0 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
Cerberus 1.01 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
Cerberus 1.02 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
SynRAT 4.3.1-A-1	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Aug, 2009
Apocalypse RAT 1.4	Turkey 🇹🇷	ap0calypse	Delphi	Aug, 2009
Cerberus 1.03.4	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Sep, 2009
Spy-Net 2.6	Brazil 🇧🇷	Raphael	Delphi	Oct, 2009
DarkComet RAT 1.3	France 🇫🇷	DarkCoderSc		Nov, 2009
Cerberus 1.03.5 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Dec, 2009
DarkComet RAT 2.0 RC4	France 🇫🇷	DarkCoderSc	Delphi	Mar, 2010
CyberGate 1.04.8	United States 🇺🇸	johnyk	Delphi	Apr, 2010
Lost Door 4.3.1	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Apr, 2010
DarkComet RAT 2.0 RC7	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Jun, 2010
Schwarze Sonne 1.0	Unknown 🏴‍☠️, Germany 🇩🇪, Turkey 🇹🇷	ap0calypse , Slayer616 , Counterstrikewi	Delphi	Jun, 2010
Lost Door 5.1	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Oct, 2010
Coolvibes 1 Update 8	Spain 🇪🇸	Thor	Delphi	May, 2011
Xtreme RAT 2.9	Brazil 🇧🇷	Raphael	Delphi	Jul, 2011
DarkComet RAT 5.3	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Jun, 2012
DarkComet RAT 5.3.1	France 🇫🇷	DarkCoderSc	Assembly, Delphi	Jun, 2012
Quasar 1.0	Unknown 🏴‍☠️	MaxXor	C#	Aug, 2015
Lost Door 9.2 Aws	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Jan, 2022