HKTL_REINLOG.GA

This hacking tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user.

Arrival Details

This hacking tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be manually installed by a user.

Other Details

This hacking tool does the following:

• Send reports to certain smtp servers when the first button is clicked:
  • smtp.{user input}.com
• Generate an executable and .ini file when the second button is clicked:
  A dialog box will be displayed to give the user the option to choose the location and name the generated file.
  • {user chosen path}\{user-defined file name}.exe - Detected as TSPY_KEYLOG.NTS
  • config.ini - storage of userdata, deleted after use
  • 
• Displays a text file that contains the features and how to remove the generated file TSPY_KEYLOG.NTS when the third button is clicked:
  • readme.txt - deleted after opening with notepad.exe
  • 

NOTES:

This hacking tool uses Chinese (Simplified).

It tries to locate and load the following as libraries:

• {hacking tool path and name}.EN
• {hacking tool path and name}.ENU

It requires the correct user name and password for the reporting routine.

It links to website www.{BLOCKED}se.com.

It has the following graphical user interface (GUI):