Overview

overview

10

Static

static

10

Payment Invoice.exe

windows7_x64

10

Payment Invoice.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45aecd6123f928ed68dd96ff464e22bdcd92ff3872159649edf8a082bbaa5d8c

  • Size

    300KB

  • Sample

    220205-haw32shahr

  • MD5

    453db202ff5606e4a28dd8d168b7bf1a

  • SHA1

    806a1e8bde11304541d6d395e649ad6813f467ff

  • SHA256

    45aecd6123f928ed68dd96ff464e22bdcd92ff3872159649edf8a082bbaa5d8c

  • SHA512

    87b23c1ce682d43e945c6eb1f34a84be5f019928badf887acfc796ba1f7782f1948ab5b029f65dfa5eb72db88d12a5c8d069d0aef0db6b4bbe2b688a1a3cd11b

Score
10/10
kutakikeyloggerpersistencestealer

Malware Config

Targets

    • Target

      Payment Invoice.exe

    • Size

      376KB

    • MD5

      a7f37abc65de8b02ac67af17a289ad69

    • SHA1

      6d271d0f377728657f4c284253cdc51faa3fdb5c

    • SHA256

      7dfb08f5a669070d545d5e1e4d72c27b8c80d9c95820e441bbbacf1e9dd4aa31

    • SHA512

      fec499c6dc1f5bbef6f36aa90cbbe35217633ebbafad5429af229a72909445273cecfb0c5b109bec680f54663d51d3b9fa4376c6926c56ef81112d32c8737f3b

    Score
    10/10
    kutakikeyloggerstealerpersistence

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks