cheetahkeylogger | c4321f8a7c6225614746430b2f64998ef2bb9f4dcc94d8c5226c70c35eeb9039 | Triage

Submit
Reports

Overview

overview

Static

static

Payment No...on.exe

windows7_x64

Payment No...on.exe

windows10-2004_x64

Sharing

General

Target

c4321f8a7c6225614746430b2f64998ef2bb9f4dcc94d8c5226c70c35eeb9039
Size

175KB
Sample

220521-b5b8ssgahj
MD5

7c62cccec82695007d977aeb0049d406
SHA1

427aab1aa9807f4a1b08762941c13fb2804cfeed
SHA256

c4321f8a7c6225614746430b2f64998ef2bb9f4dcc94d8c5226c70c35eeb9039
SHA512

4b89a3ce965c1645673396c2c5691eca6aa47f437588538e4ef0a625660064a2ed4fc258fa37947b6a236fe2f49737e39abd7a9bedfc95ecc7c0d79fc34679d3

Score

10^/10

cheetahkeylogger agilenet collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Payment Notification.exe

Resource

win7-20220414-en

cheetahkeylogger agilenet collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment Notification.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.mmpsecurity.co.za
Port:
587
Username:
[email protected]
Password:
P@ss@2019

Targets

- Target
  
  Payment Notification.exe
- Size
  
  381KB
- MD5
  
  673a1dd42a4ce1a314a1db4dcbf09a81
- SHA1
  
  2fdb26d92e25c38c6300123278cbcea3be6a0ecc
- SHA256
  
  684aa4d9c333d3ea5db101d239673a76f22e06ae5237ae24b00e43c55cb3b3ae
- SHA512
  
  9be66fa1b076700972797c273bce0d14594fc3cc58728e0ca5552138c9dac04152470ae70d44a7c9c6dbf2b672143085134e14a9f7c6c54cce88aa2715ad6201
Score

10^/10

cheetahkeylogger agilenet collection keylogger stealer
- Cheetah Keylogger
  Cheetah is a keylogger and info stealer first seen in March 2020.
  stealer keylogger cheetahkeylogger
- Cheetah Keylogger Payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cheetahkeyloggeragilenetcollectionkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy