MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6eb63858afa241915034f0e38ef048db360a6a1af4cd1a2f10f26de9712805c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CheetahKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6eb63858afa241915034f0e38ef048db360a6a1af4cd1a2f10f26de9712805c5
SHA3-384 hash: cecd10a80a44e1b076eb68f5ba3ade168f448bd84657d86d44ddd014486ba803eee8977b79c2feee5a0562248e97e17c
SHA1 hash: 0eadb54687751cfb330ffca3f43f6f322fe34148
MD5 hash: 3e338d856b8221d6b8794d84fab44e1c
humanhash: ink-nevada-equal-zulu
File name:Payment confirmation.exe
Download: download sample
Signature CheetahKeylogger
Create hunting rule
File size:346'112 bytes
First seen:2020-06-08 06:25:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:XKaUPSl6VEJD6LpuuDV8LiM1PRmR/hkGBuoEI4yYxkyn48:6aUG6VEt6z5LTBuNI4tO0
Threatray 739 similar samples on MalwareBazaar
TLSH EA74AE3D718A41F4C4FF8633041AABC06A376B813696AB1F71EE63085F1374E7B6165A
Reporter abuse_ch
Tags:CheetahKeylogger exe SCB


Avatar
abuse_ch
Malspam distributing CheetahKeylogger:

HELO: outgoing4.jnb.host-h.net
Sending IP: 129.232.250.58
From: Standard Bank <noreply@standardbank.co.za>
Subject: Payment confirmation
Attachment: Payment confirmation.rar (contains "Payment confirmation.exe")

CheetahKeylogger SMTP exfil server:
mail.aviner.co.za:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.681738.32514.31672.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 06:27:04 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n23dqwfpujazcubu6dry54ci3m3au2q26tgrulyq6jw6s4jiaxcq._file
Verdict:
suspicious
Similar samples:
0aa2db35de27670d6ab38b3e054ad0fa5fb46750c2ec32f5fde3a56b9485a103
CheetahKeylogger
10a218233adab0c665d5a4e95a6c9af38bc2de5e9c81e9bf0b12587780e1b97f
CheetahKeylogger
4787bd2bbbc1a97f0c3e3b5ae88bf23e9843271eb4badb9332fea81def56e5b1
CheetahKeylogger
61718d09d668491bf0ff58dfab3df987eb86008c6c79e4558dadda099ab68678
CheetahKeylogger
7e6df8e621709bf5a958031c2826bc1dccc91cc36fc47e783504342061f7f67c
CheetahKeylogger
82c09ef9027f21e7a5fbfffd21e541a1218d9bdc44ad6b785bae222352631c1e
CheetahKeylogger
b8968bfb9319f3bffbc742c99a60acf9dcc47c24eaf92ce5d5c8233807093df8
CheetahKeylogger
c4c568a39e7d764ed403c5fa9315bfc027b578f7649fec4dda4def19848b4a8e
CheetahKeylogger
cc976126805d59f17a49219bf29d4de6707a8972ef94e04f1f9d0e26746854e7
CheetahKeylogger
ebaa784d9f8dd2aa4a65baab9ac9e636cd910ba8b94b076b66e2ac719df4e092
CheetahKeylogger
+ 729 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

CheetahKeylogger

rar 46933cc254d90ae3747da1a294eeb20b0484e8bb3abc0d97c9c3136b268bcd1f

CheetahKeylogger

Executable exe 6eb63858afa241915034f0e38ef048db360a6a1af4cd1a2f10f26de9712805c5

(this sample)

  
Dropped by
MD5 10b97e651c0568ab079d0d89b6c6ed82
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 46933cc254d90ae3747da1a294eeb20b0484e8bb3abc0d97c9c3136b268bcd1f

Comments