cheetahkeylogger | de6e2e7f6a62e423de92ab7063199beebaf2d4d02b1b4646963738d1a9c9bffe | Triage

Submit
Reports

Overview

overview

Static

static

Purchase Order.exe

windows7_x64

Purchase Order.exe

windows10-2004_x64

6

Sharing

General

Target

de6e2e7f6a62e423de92ab7063199beebaf2d4d02b1b4646963738d1a9c9bffe
Size

258KB
Sample

220521-b5bl9sgagr
MD5

d2d6c2cda1dd232d9b1075d1f60c204c
SHA1

cf0de3eba2e5fd6e6fe13d0efb17d1c818c30052
SHA256

de6e2e7f6a62e423de92ab7063199beebaf2d4d02b1b4646963738d1a9c9bffe
SHA512

666a75b0d338f56c4ccdc16d16eaa4f8e80e7aba89f12c72f881e409e6a066dae9401b81a6970ec8266cc618620cb34f1d49794803a0b7a64f1e4575d15f61ca

Score

10^/10

cheetahkeylogger agilenet collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order.exe

Resource

win7-20220414-en

cheetahkeylogger agilenet collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.powersupplies.co.za
Port:
587
Username:
[email protected]
Password:
P@$$w0rd.R.S

Targets

- Target
  
  Purchase Order.exe
- Size
  
  403KB
- MD5
  
  130892ccfa6d7a46febac4ac15bd6e7f
- SHA1
  
  bd8339310896ea0e1c102c39896b1698d6c8433b
- SHA256
  
  0b5d1cae663270d11148b52e122f4dabf7a9245a1fab3a726d462a1c48668481
- SHA512
  
  eeebce3c77befc7e38c4c3c0fb7ec97bc69aa3b7cc1d743c00601a5ad4211b24e79603214809406817c92dcd678ead5c3d3cb3d3e0a20d941f36ed0d2e947163
Score

10^/10

cheetahkeylogger agilenet collection keylogger stealer
- Cheetah Keylogger
  Cheetah is a keylogger and info stealer first seen in March 2020.
  stealer keylogger cheetahkeylogger
- Cheetah Keylogger Payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cheetahkeyloggeragilenetcollectionkeyloggerstealer

behavioral2

© 2018-2025

Terms | Privacy