C2C communication
C2C (Command and Control) communications enable malware operators to remotely control infected systems and issue commands
In remote overlay attacks like Mispadu/Ursa, C2C is used to manage the victim’s keyboard, mouse, and monitor their live screen
C2C communication is typically initialized only when the victim visits a targeted website, reducing the risk of early detection by antivirus software
The malware establishes a socket connection to the C2C server using WIN32 Socket APIs, sending an encoded beacon message upon connection
All messages between the malware and C2C server are encoded to obfuscate commands and evade network monitoring
The decoding process involves mathematical operations on ASCII values, making it difficult to reverse-engineer without the algorithm
Once connected, the malware waits for and decodes commands from the C2C server, which dictate its malicious actions
For more details visit Govindhtech.com