MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18590b4c2ee6ef9c9e44396fdeb06ab8530ece6bc2b86be4bd28f666cf1de5f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CheetahKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18590b4c2ee6ef9c9e44396fdeb06ab8530ece6bc2b86be4bd28f666cf1de5f2
SHA3-384 hash: 6750ac5f945f6b6fbe2ba2a87a097ba443249f2cac7a9038e64afd91c55d8f30dc958f122249cb202a956bf5a8ec7127
SHA1 hash: d3aa35c2df39cf745ce20bfdaabbfd8927692876
MD5 hash: d815695f551067cac364768e01bff72f
humanhash: rugby-december-august-saturn
File name:PO2034900.rar
Download: download sample
Signature CheetahKeylogger
Create hunting rule
File size:178'528 bytes
First seen:2020-05-05 10:45:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:gEGWj2QwbNm8fztGvDBRwce3FQ2GoxeMfsF6XWh3d/6qoMK/dIU6pirSW0T4rGi:aWj3wnfztGvVRw7VQdo46xqoMK/dI3QL
TLSH 2004235E24F5E1CCE180CA876F4B3C7EB253CB1954EC804D639819906F5A19BF5BB389
Reporter abuse_ch
Tags:CheetahKeylogger FNB rar


Avatar
abuse_ch
Malspam distributing CheetahKeylogger:

HELO: outgoing6.cpt4.host-h.net
Sending IP: 197.189.247.39
From: FNB <Paymentsemail@fnb.co.za>
Subject: PAYMENT NOTIFICATION
Attachment: PO2034900.rar (contains "PO2034900.exe")

CheetahKeylogger SMTP exfil server:
mail.sokutuattorneys.co.za:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Downeks
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 11:36:49 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dbmqwtbo43xzzhsehfx55mdkxbjq5ttlyk4gxzf5fd3gnty54xza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

CheetahKeylogger

rar 18590b4c2ee6ef9c9e44396fdeb06ab8530ece6bc2b86be4bd28f666cf1de5f2

(this sample)

CheetahKeylogger

Executable exe 7ea6bd01e613bd93a63711630128ebd9e4f51c411db7d87c62031d06d02127cb

  
Dropping
MD5 fa5a44cc3ffc8fcacdf9ea7251ae2b85
  
Dropping
CheetahKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7ea6bd01e613bd93a63711630128ebd9e4f51c411db7d87c62031d06d02127cb

Comments