Overview

overview

10

Static

static

5

aa65645936...4a.exe

windows7_x64

10

aa65645936...4a.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa65645936619d50557577d89918f57bb14364e6cfd562ebfa288abc43b5c54a

  • Size

    1.5MB

  • Sample

    220625-f4qr1sfgcj

  • MD5

    eb3a80f5df4896b582fbdec56aff1c2f

  • SHA1

    1688c16df9fbcadabf314491b0cc9fa216d7ac86

  • SHA256

    aa65645936619d50557577d89918f57bb14364e6cfd562ebfa288abc43b5c54a

  • SHA512

    3e4dc5656d884f1782163a5af4a605c8ca836835ee1016907768b1c83d63f8134664e19f505f75ba3426e03da9594064d85224312f0d428deaea155e068257fd

Score
10/10
cheetahkeyloggercollectionkeyloggerstealer

Malware Config

Targets

    • Target

      aa65645936619d50557577d89918f57bb14364e6cfd562ebfa288abc43b5c54a

    • Size

      1.5MB

    • MD5

      eb3a80f5df4896b582fbdec56aff1c2f

    • SHA1

      1688c16df9fbcadabf314491b0cc9fa216d7ac86

    • SHA256

      aa65645936619d50557577d89918f57bb14364e6cfd562ebfa288abc43b5c54a

    • SHA512

      3e4dc5656d884f1782163a5af4a605c8ca836835ee1016907768b1c83d63f8134664e19f505f75ba3426e03da9594064d85224312f0d428deaea155e068257fd

    Score
    10/10
    cheetahkeyloggercollectionkeyloggerstealer

    • Cheetah Keylogger

      Cheetah is a keylogger and info stealer first seen in March 2020.

      stealerkeyloggercheetahkeylogger

    • Cheetah Keylogger Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks