Static

static

Bank Details.exe

windows7_x64

10

Bank Details.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bank Details.exe

  • Size

    406KB

  • Sample

    201109-qynws6ktz6

  • MD5

    602837306612ca096d4729269b4080d3

  • SHA1

    cb8eccbada88f67becdb128bdcd050104cab892f

  • SHA256

    5165df1ccd40fd8cfe1e6646614a97210c3d0890cfa38dd4896fcbb9da88bed1

  • SHA512

    2060d8393abb4be89309d8d00494fcd255924eab4ad085e8d86e26f022d2ca42a8ee61ba0f2dbb6167a4ee25fb1d0a447b96f35babd4e7a657086e9836268573

Score
10/10
cheetahkeyloggerkeyloggerstealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.aviner.co.za
  • Port:
    587
  • Username:
    christine@aviner.co.za
  • Password:
    NoLimits@

Targets

    • Target

      Bank Details.exe

    • Size

      406KB

    • MD5

      602837306612ca096d4729269b4080d3

    • SHA1

      cb8eccbada88f67becdb128bdcd050104cab892f

    • SHA256

      5165df1ccd40fd8cfe1e6646614a97210c3d0890cfa38dd4896fcbb9da88bed1

    • SHA512

      2060d8393abb4be89309d8d00494fcd255924eab4ad085e8d86e26f022d2ca42a8ee61ba0f2dbb6167a4ee25fb1d0a447b96f35babd4e7a657086e9836268573

    Score
    10/10
    cheetahkeyloggerkeyloggerstealer

    • Cheetah Keylogger

      Cheetah is a keylogger and info stealer first seen in March 2020.

      stealerkeyloggercheetahkeylogger

    • Cheetah Keylogger Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks