PowerShell Keylogger

SUMMARY :

A newly identified keylogger operating via PowerShell script has been analyzed, revealing its capabilities to capture keystrokes, gather system information, and exfiltrate data. The malware uses a cloud server in Finland as a proxy and an Onion server for C2 communication, ensuring anonymity. It implements various functions including screen capture, encoded command execution, and persistent connection attempts. The keylogger's code suggests a French-speaking developer. While sophisticated in its approach, the persistence mechanism remains incomplete, indicating potential future enhancements. The analysis highlights the need for robust security measures against such stealthy threats.

OPENCTI LABELS :

powershell,keylogger,proxy,screen capture


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


PowerShell Keylogger