πŸ§–β€β™‚οΈRDP-Stealer

RDP-Stealer is C++ malware that targets Remote Desktop Protocol (RDP) processes. It acts as a keystroke logger, capturing credentials provided by users in RDP and sending back encrypted data to a C2 server.

Features

  • Basic Sandbox Evasion

  • Executes without a visible window (in the background).

  • Captures keystrokes in RDP processes using the context of mstsc.exe and CredentialUIBroker.exe.

  • Encrypts the captured data using XOR and BASE64.

  • Sends data to a C2 server.

Usage

  1. Create a recvData folder in the directory.

  2. Before running the RDPStealer.exe on the victim machine, first run the server.php.

php -S 0.0.0.0:8000

  1. Run the RDPStealer.exe on the victim machine and enjoy :).

.\RDPStealer.exe

Note ⚠️

  • It is better to use an HTTPS server instead of an HTTP server.

POC

PreviousAMSI Patcher (Bypassing Antivirus)NextTakeScreenShot

Last updated