cheetahkeylogger | cdf96811c3ce5645b19c096fa4fffca84bcb7dc4885008f83373fe580ea57f01

General

Target

cdf96811c3ce5645b19c096fa4fffca84bcb7dc4885008f83373fe580ea57f01
Size

379KB
Sample

220205-lxwmksadbp
MD5

8cc7544c09deb420b50ef840f6f1c289
SHA1

d2e1989c3efc56909510b6aec7ee20f720afb1df
SHA256

cdf96811c3ce5645b19c096fa4fffca84bcb7dc4885008f83373fe580ea57f01
SHA512

a211d88e815dcd246202a69b2ea8ac02ee8a6a1329eb4b4c3112e490572de9995c7ececee2239f463f5fcd90a3f9455fb98c8225b46a01dab77f661acfcc297c

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.baconplumbing.co.za
Port:
587
Username:
[email protected]
Password:
Andrew@1652

Targets

- Target
  
  cdf96811c3ce5645b19c096fa4fffca84bcb7dc4885008f83373fe580ea57f01
- Size
  
  379KB
- MD5
  
  8cc7544c09deb420b50ef840f6f1c289
- SHA1
  
  d2e1989c3efc56909510b6aec7ee20f720afb1df
- SHA256
  
  cdf96811c3ce5645b19c096fa4fffca84bcb7dc4885008f83373fe580ea57f01
- SHA512
  
  a211d88e815dcd246202a69b2ea8ac02ee8a6a1329eb4b4c3112e490572de9995c7ececee2239f463f5fcd90a3f9455fb98c8225b46a01dab77f661acfcc297c
Score

10^/10

cheetahkeylogger agilenet collection keylogger stealer
- Cheetah Keylogger
  Cheetah is a keylogger and info stealer first seen in March 2020.
  stealer keylogger cheetahkeylogger
- Cheetah Keylogger Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Cheetah Keylogger

Cheetah Keylogger Payload

Suspicious use of NtCreateProcessExOtherParentProcess

Obfuscated with Agile.Net obfuscator

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2