Overview

overview

10

Static

static

Bank Details.exe

windows7_x64

10

Bank Details.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7303654c2cc6af60f1d7033505de273c4291f65a04d252732e9a3abb2684404a

  • Size

    258KB

  • Sample

    220521-b1yagacgh3

  • MD5

    79da96b93b1e361a30d3cf7292b6de04

  • SHA1

    de3269c232ae47442fd5515cfc8e1e0243c3104f

  • SHA256

    7303654c2cc6af60f1d7033505de273c4291f65a04d252732e9a3abb2684404a

  • SHA512

    d6b338f8be30c4108c270c3052a68a5ca492dfb0b2ccc7ebf8369f069297dbf9e5fbcb179f5976053811c4d1ad6f2af13ad41d52554de24e42ed563981f16279

Score
10/10
cheetahkeyloggercollectionkeyloggerstealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.aviner.co.za
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    NoLimits@

Targets

    • Target

      Bank Details.exe

    • Size

      406KB

    • MD5

      602837306612ca096d4729269b4080d3

    • SHA1

      cb8eccbada88f67becdb128bdcd050104cab892f

    • SHA256

      5165df1ccd40fd8cfe1e6646614a97210c3d0890cfa38dd4896fcbb9da88bed1

    • SHA512

      2060d8393abb4be89309d8d00494fcd255924eab4ad085e8d86e26f022d2ca42a8ee61ba0f2dbb6167a4ee25fb1d0a447b96f35babd4e7a657086e9836268573

    Score
    10/10
    cheetahkeyloggercollectionkeyloggerstealer

    • Cheetah Keylogger

      Cheetah is a keylogger and info stealer first seen in March 2020.

      stealerkeyloggercheetahkeylogger

    • Cheetah Keylogger Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks