General

  • Target

    Tax Payment Confirmation.exe

  • Size

    376KB

  • Sample

    210802-xcwe65j9va

  • MD5

    9693fd176c8734b1928a56cb9771a0c8

  • SHA1

    35d2579e6a03c2e769b17f1aa8ce934f91fd5e13

  • SHA256

    381ec80e02dba4fe1877e427522ea92a94b29b7f45bddd11c1f2ef9724dd6d2e

  • SHA512

    cb68ab4fb44c52763294fbe010ae6383d1feafa0ea67c663c333f36b5ddac7374b2a787fe7f6b331893c40e94c060782a6d2a65acadb5771c05defe103a6a847

Malware Config

Targets

    • Target

      Tax Payment Confirmation.exe

    • Size

      376KB

    • MD5

      9693fd176c8734b1928a56cb9771a0c8

    • SHA1

      35d2579e6a03c2e769b17f1aa8ce934f91fd5e13

    • SHA256

      381ec80e02dba4fe1877e427522ea92a94b29b7f45bddd11c1f2ef9724dd6d2e

    • SHA512

      cb68ab4fb44c52763294fbe010ae6383d1feafa0ea67c663c333f36b5ddac7374b2a787fe7f6b331893c40e94c060782a6d2a65acadb5771c05defe103a6a847

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks