KeyBase Keylogger
Posted: June 11, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 808 |
| First Seen: | June 15, 2015 |
|---|---|
| Last Seen: | March 16, 2023 |
| OS(es) Affected: | Windows |
The KeyBase Keylogger is a spyware product rented for use by third parties, who may employ the KeyBase Keylogger to attack targets at their discretion. Current campaigns using the KeyBase Keylogger have been connected to civilian industrial sectors, as well as to many first world countries. Despite its relatively simple code, the KeyBase Keylogger still is rated as a significant privacy and security risk, and malware analysts would discourage any efforts at deleting the KeyBase Keylogger without proper anti-malware protection.
The KeyBase Keylogger: Every Con-Artist's New Base of Keylogging Operations
One of the most significant functions in any spyware program is the ability to record and collect typed information, an act known as keylogging. Many threat projects focus on this feature above all else, although some, like the KeyBase Keylogger, also include a handful of other features. In their analysis of the KeyBase Keylogger, malware experts found most of its features to focus on user-friendliness for its administrators. Simultaneously, the KeyBase Keylogger's developer neglects basic, exploitable security loopholes that other PC security companies have used to examine this threat.
The KeyBase Keylogger includes many of the standard features of any keylogger-based spyware, such as:
- The KeyBase Keylogger may record typed data, as well as data saved in the Clipboard (for example, via Copy and Paste actions). This data may be uploaded automatically to any of dozens of third parties-controlled C&C servers. The titles of open windows also may be monitored, which allows third parties to determine which program is related to the text input.
- The KeyBase Keylogger may achieve a persistent state on the infected PC by moving itself to the Windows Startup folder or modifying the Registry. In the former case, its file name is hardcoded as 'Important.exe,' which could allow victims to identify it.
- Like most modern keyloggers, the KeyBase Keylogger also may include a screen capture function for collecting visual data.
- PCs infected by the KeyBase Keylogger also may be in danger of being infected by further PC threats. The KeyBase Keylogger includes functions for downloading and launching other files, including, potentially, installers for threats.
The KeyBase Keylogger is rented out to other third parties for relatively cheap prices, driving its popularity in the threat market. As a result, malware analysts have seen operations for the KeyBase Keylogger around the globe.
Breaking a Third-Party's Key to Your Computer
Current KeyBase Keylogger campaigns are attacking institutions in countries ranging from the United States to Japan and Australia, along with most of Europe. Malware analysts often see such attacks distributing themselves via e-mail messages, which also is true of recent the KeyBase Keylogger campaigns. Potential victims may identify common tactics, such as fake bank tracking slips or shipping invoices, that request the opening of mislabeled file attachments.
Since the KeyBase Keylogger launches automatically and commences collecting information without any overt symptoms, PC users shouldn't anticipate being able to identify the KeyBase Keylogger on sight. General anti-malware and anti-spyware products should be able to detect the KeyBase Keylogger, which uses limited means of obfuscating its threatening activities. PC users that are removing the KeyBase Keylogger infections also should prepare themselves for taking any other steps needed to block any future exploitation of transferred information, such as having their accounts hacked with collected passwords.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 1.25 MB (1256448 bytes)
MD5: e9acb2daf1d7f88a94bf25443abe4d30
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 8, 2017
file.exe
File name: file.exeSize: 995.32 KB (995328 bytes)
MD5: ef6f10079281c2f5caece0c22f435a6e
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%APPDATA%\program.exe
File name: program.exeSize: 29.69 KB (29696 bytes)
MD5: 63f9f25465353db0187216144ff92f4a
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: July 30, 2016
file.exe
File name: file.exeSize: 833 KB (833000 bytes)
MD5: 00cee43716a3251fa97b90705c355095
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 31, 2016
%APPDATA%\Program.exe
File name: Program.exeSize: 389.12 KB (389120 bytes)
MD5: cd966cb1e35239d1a134b277f6c2159a
Detection count: 19
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: July 5, 2019
%APPDATA%\Program.exe
File name: Program.exeSize: 352.25 KB (352256 bytes)
MD5: 7563f82019c5d7ad8d58ea2baa1bf625
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: July 30, 2016
file.exe
File name: file.exeSize: 607.39 KB (607392 bytes)
MD5: 01142b5b5716224da67112100717e191
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 13, 2017
Registry Modifications
Regexp file mask%APPDATA%\program.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.