Description

The System Information Gathering feature in malware serves as an initial reconnaissance tool, collecting a wealth of details about the compromised system's hardware and software configurations. This can include data such as operating system version, installed applications, network interfaces, and even the presence of security solutions. The gathered information can be pivotal for attackers in understanding the landscape they are operating in and in identifying vulnerabilities or weak spots for further exploitation. Significantly, the details about user privileges, running processes, and system configurations can reveal opportunities for privilege escalation. By knowing what level of access is available or what security patches may be missing, attackers can tailor their subsequent actions to exploit these weak points, thus ensuring a more effective and deeper level of system compromise. In essence, System Information Gathering provides a foundational knowledge base that guides the rest of the malware's activities, making it a crucial first step in a targeted attack.

Categories Spy / Surveillance, Lateral Movements, Privilege Escalation
Dangerousness High

Existing Techniques

Name Associated Feature(s) Has Snippet Matching Sample
Hardware Information Gathering logoHardware Information Gathering System Information Gathering 0
Session Information Gathering logoSession Information Gathering System Information Gathering 0
Windows Users Enumeration logoWindows Users Enumeration System Information Gathering 0

Associated with Releases

Version Origins Authors Languages Release Date
Back Orifice 1.20 logoBack Orifice 1.20 United States 🇺🇸 Cult of the Dead Cow (cDc) C++ Jul, 1998
SubSeven 1.0 logoSubSeven 1.0 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Feb, 1999
SubSeven 1.1 logoSubSeven 1.1 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Mar, 1999
SubSeven 1.2 logoSubSeven 1.2 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Mar, 1999
Coma 1.0.9 logoComa 1.0.9 Unknown 🏴‍☠️ ThePr0 , UserUnFriendly , GoatAss , JohnFive Visual Basic 6 (VB6) Mar, 1999
SubSeven 1.3 logoSubSeven 1.3 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Mar, 1999
SubSeven 1.4 logoSubSeven 1.4 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Mar, 1999
SubSeven 1.5 logoSubSeven 1.5 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Apr, 1999
SubSeven 1.6 logoSubSeven 1.6 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Apr, 1999
SubSeven 1.7 logoSubSeven 1.7 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi May, 1999
SubSeven 1.8 logoSubSeven 1.8 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi May, 1999
NetSphere 1.31.337 Final logoNetSphere 1.31.337 Final Unknown 🏴‍☠️ DeathBreadstick Delphi Jun, 1999
SubSeven 1.9 logoSubSeven 1.9 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Jun, 1999
Back Orifice 2000 (BO2K) 1.0 logoBack Orifice 2000 (BO2K) 1.0 United States 🇺🇸 Cult of the Dead Cow (cDc) C++ Jul, 1999
Vampire 1.2 logoVampire 1.2 Unknown 🏴‍☠️ Ju1c3 Visual Basic 6 (VB6) Jul, 1999
SubSeven 1.9 Apocalypse logoSubSeven 1.9 Apocalypse Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Aug, 1999
SubSeven 2.0 logoSubSeven 2.0 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Sep, 1999
SubSeven 2.1 logoSubSeven 2.1 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Nov, 1999
Hack a Tack 2000 logoHack a Tack 2000 Unknown 🏴‍☠️ The Bart33 , Da SuckA Delphi Feb, 2000
SubSeven 2.1.1 GOLD edition logoSubSeven 2.1.1 GOLD edition Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Feb, 2000
SubSeven 2.1.2 M.U.I.E logoSubSeven 2.1.2 M.U.I.E Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Apr, 2000
Y3K rat 1.0 logoY3K rat 1.0 Greece 🇬🇷 firelarm , Chucky Delphi May, 2000
SubSeven 2.1.3 BONUS logoSubSeven 2.1.3 BONUS Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Jun, 2000
SubSeven 2.1.4 DEFCON 8 logoSubSeven 2.1.4 DEFCON 8 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Jul, 2000
RUX The TIc.K 3.0 logoRUX The TIc.K 3.0 Germany 🇩🇪 AGM65 Visual Basic 5 (VB5), Visual Basic 6 (VB6) Oct, 2000
MoonPie 4.0 Beta logoMoonPie 4.0 Beta Germany 🇩🇪 Simon Moon Delphi Dec, 2000
Y3K rat 1.5 logoY3K rat 1.5 Greece 🇬🇷 firelarm , Chucky Delphi Jan, 2001
RUX The TIc.K 4.0 TLSecurity Edition logoRUX The TIc.K 4.0 TLSecurity Edition Germany 🇩🇪 AGM65 Visual Basic 6 (VB6) Jan, 2001
RUX The TIc.K 4.0 logoRUX The TIc.K 4.0 Germany 🇩🇪 AGM65 Visual Basic 6 (VB6) Jan, 2001
SubSeven 2.2 logoSubSeven 2.2 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Mar, 2001
Y3K rat 1.6 logoY3K rat 1.6 Greece 🇬🇷 firelarm , Chucky Delphi May, 2001
Y3K rat 1.6 MS logoY3K rat 1.6 MS Greece 🇬🇷 firelarm , Chucky Delphi Jul, 2001
Cyn 2.0 logoCyn 2.0 Australia 🇦🇺 Read101 Delphi Jan, 2002
Optix Pro 1.0 logoOptix Pro 1.0 Unknown 🏴‍☠️ s13az3 Delphi Apr, 2002
Net-Devil 1.5 logoNet-Devil 1.5 Unknown 🏴‍☠️ Nilez Delphi Jul, 2002
Ghost 2.4 logoGhost 2.4 Israel 🇮🇱 Lame_Joker Visual Basic 6 (VB6) Sep, 2002
Beast 1.8 logoBeast 1.8 Romania 🇷🇴 Tataye Delphi Nov, 2002
MoSucker 3.0b logoMoSucker 3.0b Germany 🇩🇪 Superchachi Visual Basic 6 (VB6) Nov, 2002
Beast 1.90 logoBeast 1.90 Romania 🇷🇴 Tataye Delphi Dec, 2002
Turkojan 1.0 logoTurkojan 1.0 Turkey 🇹🇷 Fungus Delphi Jan, 2003
Beast 1.91 logoBeast 1.91 Romania 🇷🇴 Tataye Delphi Jan, 2003
Beast 1.92 logoBeast 1.92 Romania 🇷🇴 Tataye Delphi Feb, 2003
SubSeven 2.1.5 Legends logoSubSeven 2.1.5 Legends Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Feb, 2003
CIA 1.0 logoCIA 1.0 England 🏴󠁧󠁢󠁥󠁮󠁧󠁿 Alchemist Visual Basic 6 (VB6) Mar, 2003
Z-dem0n 1.26 logoZ-dem0n 1.26 Unknown 🏴‍☠️ ZnAsH Delphi Mar, 2003
CIA 1.1 logoCIA 1.1 England 🏴󠁧󠁢󠁥󠁮󠁧󠁿 Alchemist Visual Basic 6 (VB6) Apr, 2003
Beast 2.00 logoBeast 2.00 Romania 🇷🇴 Tataye Delphi May, 2003
Beast 2.01 logoBeast 2.01 Romania 🇷🇴 Tataye Delphi Jun, 2003
LanFiltrator 1.1 Fix 1 logoLanFiltrator 1.1 Fix 1 Australia 🇦🇺 Read101 Delphi Aug, 2003
A-311 Death 1.03 logoA-311 Death 1.03 Russia 🇷🇺 Corpse Assembly, MASM Aug, 2003