PowerShell Keylogger

Tags

External References

• https://www.cyfirma.com/
• https://otx.alienvault.com/

Description

A newly identified keylogger operating via PowerShell script has been analyzed, revealing its capabilities to capture keystrokes, gather system information, and exfiltrate data. The malware uses a cloud server in Finland as a proxy and an Onion server for C2 communication, ensuring anonymity. It implements various functions including screen capture, encoded command execution, and persistent connection attempts. The keylogger's code suggests a French-speaking developer. While sophisticated in its approach, the persistence mechanism remains incomplete, indicating potential future enhancements. The analysis highlights the need for robust security measures against such stealthy threats.

Date