"K1w1" InfoStealer Uses gofile.io for Exfiltration, (Fri, May 31st)

This post was originally published on this site

Python remains a nice language for attackers and I keep finding interesting scripts that are usually not very well detected by antivirus solutions. The one I found has a VT score of 7/65! (SHA256:a6230d4d00a9d8ecaf5133b02d9b61fe78283ac4826a8346b72b4482d9aab54c[1]). I decided to call it "k1w1" infostealer because this string is referenced in many variable and function names. The script has classic infostealer capabilities to find interesting pieces of data on the victim's computer but has some interesting techniques. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.