Overview

overview

10

Static

static

Vital Information.exe

windows7_x64

10

Vital Information.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d782ae31ebfa573f5c014160b06d8cfbf1b9047a7470b4123846719e85234e20

  • Size

    185KB

  • Sample

    220205-lc6l2shhg3

  • MD5

    53d1a0781d68ea4cfd8382aad53ab86b

  • SHA1

    7ae58ff5d46866436382eac3ad7f8b8a7c80b7ad

  • SHA256

    d782ae31ebfa573f5c014160b06d8cfbf1b9047a7470b4123846719e85234e20

  • SHA512

    63e742aa81f9557b52906a1e93d802e1416e33d2d776c0ebe1412f484aa16a7720f475a2306d7ef113761a55d308c2c990ad18234a3dfe81a2266a3866c7adfb

Score
10/10
cheetahkeyloggeragilenetcollectionkeyloggerstealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.lubrimax.co.za
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    DaviD111

Targets

    • Target

      Vital Information.exe

    • Size

      367KB

    • MD5

      97f0bc3ec5abdf8f7e84c6d19a58c496

    • SHA1

      081eb303fc0695f295ead9e347955ea16261576e

    • SHA256

      1ffe4436ccc049b0200df95c76b9ec4c601a597a5650ebbcc384dbb0b08ef14f

    • SHA512

      bbf428c3be49ca222738e12462776fda2b45dfa93270256ec8d05e3dbbf3567b1cf2480f58f0320eb4873ba0359f7a3fa2309e883b71dbdd527be581021e424f

    Score
    10/10
    cheetahkeyloggeragilenetcollectionkeyloggerstealer

    • Cheetah Keylogger

      Cheetah is a keylogger and info stealer first seen in March 2020.

      stealerkeyloggercheetahkeylogger

    • Cheetah Keylogger Payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks