The malware utilizes extensive commands from its C2 server, enabling it to exfiltrate valuable user information, including browser credentials and cryptocurrency wallet details.