General

  • Target

    34f1f482832ee85f64bc87bce3cc0b0279484669ece9715ab80bc329e2efa380.bin

  • Size

    1.1MB

  • Sample

    211103-mpt98adeg7

  • MD5

    d4d636510b6a7ff0b7e69313c38dce1f

  • SHA1

    91f951ded5b658c5f91b64e527f24dba4c0f31e2

  • SHA256

    34f1f482832ee85f64bc87bce3cc0b0279484669ece9715ab80bc329e2efa380

  • SHA512

    255c88d12cc84e7c3c1cd1bb1296f02663e0c5bd0e4088050d198c8b1b44a277c2cdac1ddc5163abfc2495d34f2d3757d10b647b188c8b51557888e7ece7dce7

Malware Config

Targets

    • Target

      34f1f482832ee85f64bc87bce3cc0b0279484669ece9715ab80bc329e2efa380.bin

    • Size

      1.1MB

    • MD5

      d4d636510b6a7ff0b7e69313c38dce1f

    • SHA1

      91f951ded5b658c5f91b64e527f24dba4c0f31e2

    • SHA256

      34f1f482832ee85f64bc87bce3cc0b0279484669ece9715ab80bc329e2efa380

    • SHA512

      255c88d12cc84e7c3c1cd1bb1296f02663e0c5bd0e4088050d198c8b1b44a277c2cdac1ddc5163abfc2495d34f2d3757d10b647b188c8b51557888e7ece7dce7

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks