Home / malware MonitoringTool:Win32/RefogKeylogger
First posted on 08 March 2019.
Source: MicrosoftAliases :
MonitoringTool:Win32/RefogKeylogger is also known as KGB Keylogger, Mipko.
Explanation :
Installation
The tool creates a registry entry in HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon so that it runs each time you start your PC.
It can install the following files into the folder %SystemRoot%system32mpk:
cinfo.bin icon_1.ico libeay32.dll lnkmst.exe lsynchost.exe MPK.dll MPK.exe MPK64.dll MpkHCA.dll MpkHCQ12.dll MPKInst.exe MpkL64.exe MPKView.exe ogg.dll sqlite3.dll ssleay32.dll unins000.dat unins000.exe unins000.msg Vorbis.dll vorbisenc.dll vorbisfile.dll zlib1.dll Behavior
It can capture or record what you are doing on your PC without you knowing. In particular, it can:
Send an alert via email when it sees specified keywords and phrases Periodically take pictures with your webcam Take screenshots Intercept and keep a record of communications in chat rooms and instant messengers Log and record what you type on your keyboard, such as usernames and passwords Record what you copy to the clipboard Record the websites you visit Track changes you make to files Track what programs you run and other things you do on your PC
It can send this information to an email address or over an FTP connection that is specified when the tool is installed.
It can be run by a user on the PC, by clicking on a desktop shortcut, or it can automatically run whenever the PC starts. It might appear in the task bar icon tray. However, if it is running in hidden mode, you might not see an icon in the task bar, on the desktop, or in the Start menu or Start screen.
When installed, it may display the following screens:
When run, it might look like the following:
Analysis by Francis Allan Tan SengLast update 08 March 2019
