MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 432feb3811e7e4993eedfdea5735d5790ec0dd0a660a4940841969ffee54194c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CheetahKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 432feb3811e7e4993eedfdea5735d5790ec0dd0a660a4940841969ffee54194c
SHA3-384 hash: d0817da2eb314e8f96ee68283e2718d986535f00fb955ffeb0d2e364be15ace7256d1dcda0cffb51089eb768cbbca720
SHA1 hash: accd9fdf8c6166e8e887e3bfc92c4cf3cb91ca46
MD5 hash: 09e1f9b49bb6d33d6b88518c9449fde1
humanhash: don-artist-london-two
File name:Payment confirmation.exe
Download: download sample
Signature CheetahKeylogger
Create hunting rule
File size:323'584 bytes
First seen:2020-07-03 06:13:11 UTC
Last seen:2020-07-03 06:51:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 3072:lcACVBl7o41Dc6bK0lhyWG8ChuxqRygI9UAWkNduy+4/6wLPU+2pEKamTeEh7i65:lMlL1DW0lhyWL0uLvUn+tPb2/amTphm
Threatray 315 similar samples on MalwareBazaar
TLSH EC644B177E46C659C48A5A3780EE598063B2B9C73773CB0F3989A76C1E023973F6225D
Reporter abuse_ch
Tags:CheetahKeylogger exe


Avatar
abuse_ch
Malspam distributing CheetahKeylogger:

HELO: outgoing21.jnb.host-h.net
Sending IP: 129.232.250.52
From: Standard Bank <noreply@standardbank.co.za>
Subject: Payment confirmation
Attachment: Payment confirmation.rar (contains "Payment confirmation.exe")

CheetahKeylogger SMTP exfil server:
mail.aviner.co.za

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18579/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WRE.6739.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/432feb3811e7e4993eedfdea5735d5790ec0dd0a660a4940841969ffee54194c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:15:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=imx6woar47sjspxn7xvfonovpehmbxikmyfesqeedfu773sudfga._file
Verdict:
unknown
Similar samples:
0c91c97182b3f1389437d15ff6aaa935156fc5ecc1c71c5588c0d831943acf4e
CheetahKeylogger
149ac2ad908fb039e8fe9f88831ba15c33bcb7cf4f0a4a4d14dcfc610ec18826
CheetahKeylogger
39f11c07469a7c80d1ec02da5e69b70c761597cf0032c1937c452c2229f66459
CheetahKeylogger
73d6359dc3a16ccbb8cab9ae3de49b70fea3e2c905d36490b78f1ab992fdb51d
CheetahKeylogger
7d8d00b43a36eab27afc82ec163ecf4b802f38c387fdda2274e1e17eb29fc83c
CheetahKeylogger
7f511f157c4e3d413f1c71248bcf9abcc59edf12715db9e031270ae7acb0eb67
CheetahKeylogger
851cceaa8323eef0f78bfba37abcb59911dc8818ee0fca089dbd5b46b9d7afd0
CheetahKeylogger
900c5f661c7282eb7ca45dfcd7f4eae2cbabd67b887f446eb034df0c98180c58
CheetahKeylogger
b20e67792a0edf233f319f7af96f189451bb8cd4df24c93fcf0e586a473f552d
CheetahKeylogger
f69a226eff787090505d361801a4a61d10658bde44759b9e5f80420e3e40e02f
CheetahKeylogger
+ 305 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200703-4bd6vvsl3e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

CheetahKeylogger

rar 358f27d29797fdd183f88b02fb2cc8f322a7ccbdb32e927fc14f22004a63b72f

CheetahKeylogger

Executable exe 432feb3811e7e4993eedfdea5735d5790ec0dd0a660a4940841969ffee54194c

(this sample)

  
Dropped by
MD5 d0de53b48ebea1bfc7b20c85abea4426
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 358f27d29797fdd183f88b02fb2cc8f322a7ccbdb32e927fc14f22004a63b72f
Cape
Cape
https://www.capesandbox.com/analysis/18579/

Comments