General

  • Target

    4.zip

  • Size

    381KB

  • Sample

    210618-rg8wqa87qa

  • MD5

    c9f49619c8ca1f787c07f18b0eb1781c

  • SHA1

    0ffaae2ba3e721f6abe6f5667b3196268b6be98a

  • SHA256

    8210b28c599c936e6f4f04796fe6c3955898cdfd5621cdaf727525ff41cd1313

  • SHA512

    4601e4bd2e0fb8e895a607e12844e425c84e7293e39622db9552c1c8e025fc6f20c1a62e8e23d31735126a3c3a9bdc44caabb601a500f641c09fcbf11a6f7a30

Malware Config

Targets

    • Target

      RTGS Payment Confirmation.exe

    • Size

      672KB

    • MD5

      f7ddd19838b5c8a2c4f2231dd2a86277

    • SHA1

      5a4dcbd7135f2ee82bedb90d2cd6ea171fc9f15c

    • SHA256

      d99186a6a7660b1d9e44d2f6c09d94c662031e1888ae48fe623c4f5af56dda38

    • SHA512

      6ef94a552c0edcc8607499531062fc80be3cb9ff77b5aa302986b8ed4bedf6a076e254d6e689e825297e343298cc423f8100e0a1feb75fbe6d24088344e1a531

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks