MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ea6bd01e613bd93a63711630128ebd9e4f51c411db7d87c62031d06d02127cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CheetahKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ea6bd01e613bd93a63711630128ebd9e4f51c411db7d87c62031d06d02127cb
SHA3-384 hash: 58ab45b5613cde573b3cd2dfe9198a304ad7f744013801057a95c12eb8d0f59a0a6d38d880419debbcc68bae61362cfa
SHA1 hash: 377db42b217e4f6f99885afe1e165c19c3b606a5
MD5 hash: fa5a44cc3ffc8fcacdf9ea7251ae2b85
humanhash: salami-wisconsin-fanta-island
File name:PO2034900.exe
Download: download sample
Signature CheetahKeylogger
Create hunting rule
File size:344'576 bytes
First seen:2020-05-05 10:45:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:DvP83cHWHypsuzFf7qQB02oGvB+hoGKyu:DSCTxB0L0o6
Threatray 117 similar samples on MalwareBazaar
TLSH 7674E705B75EEA34E5A7C630421592638210FDC32AA1F727AFC93D573D5398818FEAD2
Reporter abuse_ch
Tags:CheetahKeylogger exe FNB


Avatar
abuse_ch
Malspam distributing CheetahKeylogger:

HELO: outgoing6.cpt4.host-h.net
Sending IP: 197.189.247.39
From: FNB <Paymentsemail@fnb.co.za>
Subject: PAYMENT NOTIFICATION
Attachment: PO2034900.rar (contains "PO2034900.exe")

CheetahKeylogger SMTP exfil server:
mail.sokutuattorneys.co.za:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisFA5A44CC3FFC.22383.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Downeks
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 07:31:34 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p2tl2apgco6zhjrxcfrqckhl3hspkhcbdw35q7dcamoqnubbe7fq._file
Verdict:
unknown
Similar samples:
0e7f94ab4570af441d76c77300a7de21812222c2411086ef709ba35f0dd438cd
CheetahKeylogger
139226ca48cb1aaf2b44ab1816354569548cdad054aeeffb27f038f9401cc5d4
CheetahKeylogger
3f4906997a52eb2fd4ee5341cc7acadbb66397a2edd75d2781770ede1e14dbef
CheetahKeylogger
55aefb224ad3c9381b95d6c131b58141aeea9e59046eae8b53968a274108cfa8
CheetahKeylogger
84783d501b78575f30aa33097f9c7c885542b892512403424fc069b048189e98
CheetahKeylogger
8ee9784e9c874e7b40e667115655e0965420c5233238ca1499cdd7c25c79dc6c
CheetahKeylogger
9b8107f42878501861702cac98baea7034b91231b362ce08741479aaf7c6cf4d
CheetahKeylogger
af3c8597b7f874293c5b1fe53c4d1c476c7fdf06df678ba31d75c8f126ae90a0
CheetahKeylogger
ccedefbb232fd22909bc7b342fe7d3c1e0551b149a0b2e392a23030ceef1814e
CheetahKeylogger
d5fefea8edb768f5a72cbe2e312098cc2d3ef3894e8c7ba8acab776093e6d9fe
CheetahKeylogger
+ 107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
spyware
Link:
https://tria.ge/reports/201109-154gg4fmqx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

CheetahKeylogger

rar 18590b4c2ee6ef9c9e44396fdeb06ab8530ece6bc2b86be4bd28f666cf1de5f2

CheetahKeylogger

Executable exe 7ea6bd01e613bd93a63711630128ebd9e4f51c411db7d87c62031d06d02127cb

(this sample)

  
Dropped by
MD5 d815695f551067cac364768e01bff72f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 18590b4c2ee6ef9c9e44396fdeb06ab8530ece6bc2b86be4bd28f666cf1de5f2

Comments