MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 714966e76860740b3fe2ece6be27c67cfef373de8784abbdf7326ad415027938. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CheetahKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 714966e76860740b3fe2ece6be27c67cfef373de8784abbdf7326ad415027938
SHA3-384 hash: 661bd24269dc5c84258de89213f58359a96a1abe2d4c4e7ceb868cdb1b8339c6aa40e3daf81bc8b18cc95763c8605abe
SHA1 hash: f774116df797b8c368f336ec9420e8e96f66fa42
MD5 hash: d5b8388b50600364380beaf65306a0b1
humanhash: solar-white-quebec-crazy
File name:Bank comfimation letter.exe
Download: download sample
Signature CheetahKeylogger
Create hunting rule
File size:387'584 bytes
First seen:2020-05-05 07:37:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:UNjprJlchgeFAdOeFAqYXGiuY8t7KeQ1ldm7M1GK:GrJlwgzdOzqy9upKhVU2
Threatray 636 similar samples on MalwareBazaar
TLSH 44848D376AD585A6E0CA4DB214B9DEC36B3F6A823A42BB5F20F6D3145D03356BB1D10C
Reporter abuse_ch
Tags:CheetahKeylogger exe


Avatar
abuse_ch
Malspam distributing CheetahKeylogger:

HELO: outgoing6.cpt4.host-h.net
Sending IP: 197.189.247.39
From: Mashudu Mafela <mashudu@tealah.co.za>
Subject: Payment Notification
Attachment: Bank comfimation letter.rar (contains "Bank comfimation letter.exe")

CheetahKeylogger SMTP exfil server:
mail.mmpsecurity.co.za:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisD5B8388B5060.12948.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 00:01:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ofewnz3imb2awp7c5ttl4j6gpt7pg466q6ckxppxgjvnificpe4a._file
Verdict:
unknown
Similar samples:
1abc7954f4d2e856726fbe002ee58658d07ed18ad32671e852780bd7b4c2f0e4
CheetahKeylogger
262c1d496f71838d2fc7b82f7d0fd1544bfb9316f33bab04df69b473db2cefde
CheetahKeylogger
29887ae5301d3c3ca584a036c36c509b52006464c7edd86e756518d36ce95a81
CheetahKeylogger
3374d3d11eef1e8fc48019fccac4fb5475ce8fec60c5e019c64662723fd5c1b3
CheetahKeylogger
34b5cac1ca6f60b386393c029a4a9c625690a282c6d7c969ec78e5ece7f19822
CheetahKeylogger
3b96d3e9492d16eed01bb61e349aa7c1096948a9be40fad447872c5ddaf30f2a
CheetahKeylogger
4923037fb58a4491f08c85e0cf38a74d92dd36860932814170dc942a031bad2f
CheetahKeylogger
65ba1403578ca11aedad856e85f17647e3d636a6556ae0a8202336505e244c24
CheetahKeylogger
82052d2d1596128ae63d047a1e239b44961a763bf3ecb0ce831483db2199bb57
CheetahKeylogger
96dc3223427540f520a952e0582b91a0ef388e8f7b6122b838236b1a85e89881
CheetahKeylogger
+ 626 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
agilenet spyware
Link:
https://tria.ge/reports/201109-9b8xbzlpbe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Obfuscated with Agile.Net obfuscator
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

CheetahKeylogger

rar c48737f6ec914fc47a2a97de168d5b817f26cd8dec877c136c9cfe32e721fed6

CheetahKeylogger

Executable exe 714966e76860740b3fe2ece6be27c67cfef373de8784abbdf7326ad415027938

(this sample)

  
Dropped by
MD5 87097ccdbdc6f9a38f8a9c68aae485c3
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c48737f6ec914fc47a2a97de168d5b817f26cd8dec877c136c9cfe32e721fed6

Comments