cheetahkeylogger | 9e2a002527bd520f50a4844c8381e89a09e3489a239766120d63db503eb97910 | Triage

Submit
Reports

Overview

overview

Static

static

9e2a002527...10.exe

windows7_x64

9e2a002527...10.exe

windows10-2004_x64

5

Sharing

General

Target

9e2a002527bd520f50a4844c8381e89a09e3489a239766120d63db503eb97910
Size

378KB
Sample

220205-pgaa7abbh8
MD5

d0d25ddde9388ab0feb47b9ec3cb7733
SHA1

de6f89f2c17b229a0068a75bf476720a0724fe18
SHA256

9e2a002527bd520f50a4844c8381e89a09e3489a239766120d63db503eb97910
SHA512

25d76db3137a9ee2b0fd9a4e562a6cb89fba025a787e443f0361580b0d7fdbe43f5ebe99c204103939f01a4fedc2e1182aea90b69d3833d001141280805c386f

Score

10^/10

cheetahkeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

9e2a002527bd520f50a4844c8381e89a09e3489a239766120d63db503eb97910.exe

Resource

win7-en-20211208

cheetahkeylogger collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9e2a002527bd520f50a4844c8381e89a09e3489a239766120d63db503eb97910.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.baconplumbing.co.za
Port:
587
Username:
[email protected]
Password:
Andrew@1652

Targets

- Target
  
  9e2a002527bd520f50a4844c8381e89a09e3489a239766120d63db503eb97910
- Size
  
  378KB
- MD5
  
  d0d25ddde9388ab0feb47b9ec3cb7733
- SHA1
  
  de6f89f2c17b229a0068a75bf476720a0724fe18
- SHA256
  
  9e2a002527bd520f50a4844c8381e89a09e3489a239766120d63db503eb97910
- SHA512
  
  25d76db3137a9ee2b0fd9a4e562a6cb89fba025a787e443f0361580b0d7fdbe43f5ebe99c204103939f01a4fedc2e1182aea90b69d3833d001141280805c386f
Score

10^/10

cheetahkeylogger collection keylogger stealer
- Cheetah Keylogger
  Cheetah is a keylogger and info stealer first seen in March 2020.
  stealer keylogger cheetahkeylogger
- Cheetah Keylogger Payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cheetahkeyloggercollectionkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy