RichDrama
The Dramatic Work of Rich and Joyce Swingle
: Commands to shut down, restart, or log off the victim. Malicious Payloads & Propagation
| Module | Functionality | |--------|----------------| | | Interactive remote shell with pseudo-TTY support. | | FileManager | Full file system navigation, upload, download, execute, and delete. | | Keylogger | Captures keystrokes from all active windows, with periodic exfiltration. | | Clipboard Manager | Monitors and steals copied text, passwords, crypto addresses. | | Webcam Capture | Allows remote photo capture or video streaming (if webcam drivers exist). | | Microphone Recording | Audio capture via winmm.dll or NAudio library. | | Process Manager | List, kill, or start processes on the victim machine. | | Registry Editor | Remote read/write of Windows registry keys. | | Password Recovery | Steals saved credentials from Chrome, Firefox, Outlook, FileZilla, and more using internal decryption routines. | | Hidden VNC (hVNC) | Creates an invisible remote desktop session, undetectable to the logged-in user. | | Reverse Proxy | Turns the victim into a SOCKS5 proxy, anonymizing attacker traffic. | xworm 3.1
The ability to download, upload, delete, or encrypt files. : Commands to shut down, restart, or log off the victim
A/B testing before deprecating older behavior | | Keylogger | Captures keystrokes from all
Upon execution, version 3.1 performs a series of environment checks to ensure it is not running within a malware analysis sandbox or virtual machine. It scans for: Virtualization artifacts (VirtualBox, VMware, QEMU).