Overview

overview

10

Static

static

Purchase Order.exe

windows7_x64

10

Purchase Order.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    771750971a05a00827d90831fd751117160cfb014f8171c9999b13631439deff

  • Size

    255KB

  • Sample

    220521-c72f5saccj

  • MD5

    cace0eb388a12a4c353a36057f401109

  • SHA1

    025fb514ecab7ec0106d56a4d129db2feb47c2f3

  • SHA256

    771750971a05a00827d90831fd751117160cfb014f8171c9999b13631439deff

  • SHA512

    c7fde954bc98d3c2523dc1e5017b85c501d2bbc2c91123e40ddb698c6cd0d775889ee3f07caabb695db6407771c2c5f35a9932649e965c7d6645d33ccce467fc

Score
10/10
cheetahkeyloggeragilenetcollectionkeyloggerstealer

Malware Config

Targets

    • Target

      Purchase Order.exe

    • Size

      399KB

    • MD5

      ab969727c2995cb6f638497bf4c78624

    • SHA1

      5fd9403239d12729020514292af459294a7db885

    • SHA256

      0126bb5bedfa1d8a433bfa4bf885c9a86d0d98630254c7293d70e766f372432e

    • SHA512

      f969bc469981180dc8bad174bc87f86d83f22f20426b4997f8c93d203f434f8a5d273044711a50830a345b81ae24bd876a605322204e3c7214f183a555cd60ed

    Score
    10/10
    cheetahkeyloggeragilenetcollectionkeyloggerstealer

    • Cheetah Keylogger

      Cheetah is a keylogger and info stealer first seen in March 2020.

      stealerkeyloggercheetahkeylogger

    • Cheetah Keylogger Payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.