Granda Misha Trojan

The Granda Misha is a threatening multi-purpose Trojan that can perform multiple, intrusive, and insidious actions on the computers it infects. The threat is being offered for sale to other potential cybercriminals by its creators. Depending on the goals of the customers, Granda Misha's behavior can be customized to accomplish different harmful purposes.

According to the promotional materials, the Trojan is capable of providing full user-level access to the breached system. The attackers can then execute arbitrary commands and activate the threat's loader functions to drop next-stage malware payloads, such as ransomware, crypto-miners, keyloggers or others.

The Granda Misha also can be used to collect sensitive data from the victim. The threat can extract private information that has been saved in most of the widely used Web browsers - Chrome, Firefox, QQ, Vivaldi, Brave, Opera, Yandex, Chromium and Torch Web. The attackers could potentially gain access to the victim's account credentials, payment and credit/debit card details or banking information.

Granda Misha's data-collecting capabilities do not stop there. The RATalso is supposedly able to extract information from communication services, FTPs and crypto-wallets. Among the list of targeted applications are Telegram, Pidgin, Psi, Gajim, NppFTP, WinSCP, Psi++, CoreFTP, FileZilla, etc.

In addition, the Trojan can execute data-encryption routines and act as part of ransomware-type attacks. The cybercriminals can tailor numerous details to match their preferences, such as the employed encryption algorithm (SHA-256, Cha-Cha, or Curve25519), if a new file extension will be appended to the names of the locked files, whether the desktop background of the infected system will be changed with a custom one provided by the attackers, if the Windows Shadow Volume Copy backups will be deleted and more. The hackers also can customize the ransom note and pick its language out of 16 provided language choices, their preferred communication methods, etc.