Bank Details.exe

General
Target

Bank Details.exe

Size

406KB

Sample

201109-qynws6ktz6

Score
10 /10
MD5

602837306612ca096d4729269b4080d3

SHA1

cb8eccbada88f67becdb128bdcd050104cab892f

SHA256

5165df1ccd40fd8cfe1e6646614a97210c3d0890cfa38dd4896fcbb9da88bed1

SHA512

2060d8393abb4be89309d8d00494fcd255924eab4ad085e8d86e26f022d2ca42a8ee61ba0f2dbb6167a4ee25fb1d0a447b96f35babd4e7a657086e9836268573

Malware Config

Extracted

Credentials

Protocol: smtp

Host: mail.aviner.co.za

Port: 587

Username: christine@aviner.co.za

Password: NoLimits@

Targets
Target

Bank Details.exe

MD5

602837306612ca096d4729269b4080d3

Filesize

406KB

Score
10 /10
SHA1

cb8eccbada88f67becdb128bdcd050104cab892f

SHA256

5165df1ccd40fd8cfe1e6646614a97210c3d0890cfa38dd4896fcbb9da88bed1

SHA512

2060d8393abb4be89309d8d00494fcd255924eab4ad085e8d86e26f022d2ca42a8ee61ba0f2dbb6167a4ee25fb1d0a447b96f35babd4e7a657086e9836268573

Tags

Signatures

  • Cheetah Keylogger

    Description

    Cheetah is a keylogger and info stealer first seen in March 2020.

    Tags

  • Cheetah Keylogger Payload

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1