cheetahkeylogger | 5165df1ccd40fd8cfe1e6646614a97210c3d0890cfa38dd4896fcbb9da88bed1 | Triage

Submit
Reports

Static

static

Bank Details.exe

windows7_x64

Bank Details.exe

windows10_x64

Sharing

General

Target

Bank Details.exe
Size

406KB
Sample

201109-qynws6ktz6
MD5

602837306612ca096d4729269b4080d3
SHA1

cb8eccbada88f67becdb128bdcd050104cab892f
SHA256

5165df1ccd40fd8cfe1e6646614a97210c3d0890cfa38dd4896fcbb9da88bed1
SHA512

2060d8393abb4be89309d8d00494fcd255924eab4ad085e8d86e26f022d2ca42a8ee61ba0f2dbb6167a4ee25fb1d0a447b96f35babd4e7a657086e9836268573

Score

10^/10

cheetahkeylogger keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Bank Details.exe

Resource

win7v20201028

cheetahkeylogger keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Bank Details.exe

Resource

win10v20201028

cheetahkeylogger keylogger stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.aviner.co.za
Port:
587
Username:
[email protected]
Password:
NoLimits@

Targets

- Target
  
  Bank Details.exe
- Size
  
  406KB
- MD5
  
  602837306612ca096d4729269b4080d3
- SHA1
  
  cb8eccbada88f67becdb128bdcd050104cab892f
- SHA256
  
  5165df1ccd40fd8cfe1e6646614a97210c3d0890cfa38dd4896fcbb9da88bed1
- SHA512
  
  2060d8393abb4be89309d8d00494fcd255924eab4ad085e8d86e26f022d2ca42a8ee61ba0f2dbb6167a4ee25fb1d0a447b96f35babd4e7a657086e9836268573
Score

10^/10

cheetahkeylogger keylogger stealer
- Cheetah Keylogger
  Cheetah is a keylogger and info stealer first seen in March 2020.
  stealer keylogger cheetahkeylogger
- Cheetah Keylogger Payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cheetahkeyloggerkeyloggerstealer

behavioral2

cheetahkeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy