Analysis reports from Hybrid Analysis and ANY.RUN highlight several dangerous activities:
It is used by cybercriminals to obtain unauthorized access to thousands of computers worldwide by decrypting login credentials. NL-Brute 1.2 x64 & 1.2 x64 VPN Edition - KEYGEN...
Approximately 61% to 71% of antivirus engines flag this specific executable as malicious. Analysis reports from Hybrid Analysis and ANY
Created by threat actor "dpxaker" (Dariy Pankov), who was sentenced in 2023 for its development. machine GUID from the registry
High-level system infection. The "Keygen" file acts as a dropper for secondary payloads, including CoinMiners and generic Backdoor Trojans .
The malware reads the computer name, machine GUID from the registry, and even attempts to detect the BIOS version.