General
-
Target
18590b4c2ee6ef9c9e44396fdeb06ab8530ece6bc2b86be4bd28f666cf1de5f2
-
Size
174KB
-
Sample
220521-bzszcsfghn
-
MD5
d815695f551067cac364768e01bff72f
-
SHA1
d3aa35c2df39cf745ce20bfdaabbfd8927692876
-
SHA256
18590b4c2ee6ef9c9e44396fdeb06ab8530ece6bc2b86be4bd28f666cf1de5f2
-
SHA512
7423e20a3d3e23327c12b948c48a15df252a88a1da2b700810b0bdab1c8176fcfb5594ec2dadad5ea7970c0b83e0fc9993d826f24ccf46634207b83dfe55666d
Malware Config
Extracted
Protocol: smtp- Host:
mail.sokutuattorneys.co.za - Port:
587 - Username:
[email protected] - Password:
Qs@9711?
Targets
-
-
Target
PO2034900.exe
-
Size
336KB
-
MD5
fa5a44cc3ffc8fcacdf9ea7251ae2b85
-
SHA1
377db42b217e4f6f99885afe1e165c19c3b606a5
-
SHA256
7ea6bd01e613bd93a63711630128ebd9e4f51c411db7d87c62031d06d02127cb
-
SHA512
3173cfdb0a1fa4651c5c24e75cec363bc1c3c78853eb7cd83af3ac9f2935f77d7e2ee6c22e2d153553bdad567e71c50cd550f01490a1f122ddfd37ce990c1f5a
Score10/10-
Cheetah Keylogger
Cheetah is a keylogger and info stealer first seen in March 2020.
-
Cheetah Keylogger Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-