Extracted

• • Target

    9855bb648dd60519f037e2f8fa4c8c8b.exe

  • Size

    332KB

  • MD5

    9855bb648dd60519f037e2f8fa4c8c8b

  • SHA1

    a9c625e35862ee791432980a60b68d086102816e

  • SHA256

    bf4c1b1e3d2c229a1238bffcf18e4b49e875f6bbe92bca5d79ab2a4ef27d0ae2

  • SHA512

    24a37d422ec28b755c02be9f4dab30a42e50a285c4919ffcf8c1968317cdf2f1ed16d4b8b26748f64fccc4eb3d041763edafef84af0f28d6c0df7597800a255a

  Score

  10^/10

  cheetahkeyloggeragilenetkeyloggerstealer

  • Cheetah Keylogger

    Cheetah is a keylogger and info stealer first seen in March 2020.

    stealerkeyloggercheetahkeylogger

  • Cheetah Keylogger Payload

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2