9855bb648dd60519f037e2f8fa4c8c8b.exe

General
Target

9855bb648dd60519f037e2f8fa4c8c8b.exe

Size

332KB

Sample

201109-27358bkcg6

Score
10 /10
MD5

9855bb648dd60519f037e2f8fa4c8c8b

SHA1

a9c625e35862ee791432980a60b68d086102816e

SHA256

bf4c1b1e3d2c229a1238bffcf18e4b49e875f6bbe92bca5d79ab2a4ef27d0ae2

SHA512

24a37d422ec28b755c02be9f4dab30a42e50a285c4919ffcf8c1968317cdf2f1ed16d4b8b26748f64fccc4eb3d041763edafef84af0f28d6c0df7597800a255a

Malware Config

Extracted

Credentials

Protocol: smtp

Host: mail.aviner.co.za

Port: 587

Username: christine@aviner.co.za

Password: NoLimits@

Targets
Target

9855bb648dd60519f037e2f8fa4c8c8b.exe

MD5

9855bb648dd60519f037e2f8fa4c8c8b

Filesize

332KB

Score
10 /10
SHA1

a9c625e35862ee791432980a60b68d086102816e

SHA256

bf4c1b1e3d2c229a1238bffcf18e4b49e875f6bbe92bca5d79ab2a4ef27d0ae2

SHA512

24a37d422ec28b755c02be9f4dab30a42e50a285c4919ffcf8c1968317cdf2f1ed16d4b8b26748f64fccc4eb3d041763edafef84af0f28d6c0df7597800a255a

Tags

Signatures

  • Cheetah Keylogger

    Description

    Cheetah is a keylogger and info stealer first seen in March 2020.

    Tags

  • Cheetah Keylogger Payload

  • Obfuscated with Agile.Net obfuscator

    Description

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    Tags

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation