Due for disapproved I’ve move remove some of information. Thanks
The malware is keylogger and is assembly that is good so I can use dnspy. The code is obfuscated easily and I can will deobfuscate for you.
Here is Information:
Source Code: -
Obfuscation → Rename namespaces, to random strings. Stil code is readable.
Obfuscator Name: .NET Reactor
Connections Made: 184.108.40.206 (WHO.IS | VirusTotal)
- The IP (220.127.116.11) has similar files whoose also are stubs from RATS.