Extracted

• • Target

    Payment relief form.exe

  • Size

    378KB

  • MD5

    d0d25ddde9388ab0feb47b9ec3cb7733

  • SHA1

    de6f89f2c17b229a0068a75bf476720a0724fe18

  • SHA256

    9e2a002527bd520f50a4844c8381e89a09e3489a239766120d63db503eb97910

  • SHA512

    25d76db3137a9ee2b0fd9a4e562a6cb89fba025a787e443f0361580b0d7fdbe43f5ebe99c204103939f01a4fedc2e1182aea90b69d3833d001141280805c386f

  Score

  10^/10

  cheetahkeyloggercollectionkeyloggerstealer

  • Cheetah Keylogger

    Cheetah is a keylogger and info stealer first seen in March 2020.

    stealerkeyloggercheetahkeylogger

  • Cheetah Keylogger Payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2