Purchase Order.exe

General
Target

Purchase Order.exe

Size

282KB

Sample

200816-5yklmkd61s

Score
10 /10
MD5

b861f4c2cd486258a79a2078c58885e8

SHA1

a52c73cecef8c37bcaf95aeeb456580544a6e27c

SHA256

e0dd9126e9038ec946d016833bad57afb1d3eb06e453ec8a0bdd60661e6a3da2

SHA512

2d51a0096e6c99209bbd020f8523143c1651567296e3123cc4650e9809dc5c5f560fa8b1848d18cd240a53f5ae9fcfbf11bca98eb04d2a678f6d45c682d36371

Malware Config

Extracted

Credentials

Protocol: smtp

Host: mail.aviner.co.za

Port: 587

Username: christine@aviner.co.za

Password: NoLimits@

Targets
Target

Purchase Order.exe

MD5

b861f4c2cd486258a79a2078c58885e8

Filesize

282KB

Score
10 /10
SHA1

a52c73cecef8c37bcaf95aeeb456580544a6e27c

SHA256

e0dd9126e9038ec946d016833bad57afb1d3eb06e453ec8a0bdd60661e6a3da2

SHA512

2d51a0096e6c99209bbd020f8523143c1651567296e3123cc4650e9809dc5c5f560fa8b1848d18cd240a53f5ae9fcfbf11bca98eb04d2a678f6d45c682d36371

Tags

Signatures

  • Cheetah Keylogger

    Description

    Cheetah is a keylogger and info stealer first seen in March 2020.

    Tags

  • Cheetah Keylogger Payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks