General

  • Target

    6736100743479296.zip

  • Size

    379KB

  • Sample

    210713-3pr9ph1r82

  • MD5

    cd463a33230d3b44fb73203ffd540656

  • SHA1

    c92bccc3c45aaba6c5f91d1ab4dd22fffd8d2470

  • SHA256

    b473b7e3b61ea2db92f2c8a20eb405917f5c33954b548cfd1d540dbeaf4b711b

  • SHA512

    1119a9edcf15f1d8585e81266a7ea55d0d779e93bc9718ec58f6811339a57ea2b325b2f7cd45e361502ac8b68255ff817416d8d1eb97406368d45e4e79c3465f

Malware Config

Targets

    • Target

      RTGS Payment Confirmation.exe

    • Size

      672KB

    • MD5

      340035413bb0ca6032b80caa5966d5b7

    • SHA1

      6c0e409a1fdf220f3dfb25a181f8a2fe37bbb2d7

    • SHA256

      7de6e17ff5a7159e725cb5513df573457917db0569869b602f3c2dd33561d99a

    • SHA512

      1eba0ace41f0c4e2b955b7abd948009e4e978adc8784ee2b751a94deb0bf0489df38b736d2cbfb32bfb31dfe83094353f2d7e56eccde1e181671e23235d88bc7

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks