Overview

overview

10

Static

static

10

Invoice Co...on.exe

windows7_x64

10

Invoice Co...on.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c54b16036d4bb6c8600a74e75316b8712725f2ef1a2bce660d7227a74bd68bb

  • Size

    338KB

  • Sample

    220208-br7gsabfc8

  • MD5

    b87c8c14a1a3a23ba4b6a36f644b7ed2

  • SHA1

    8b672a3f1883ed264f5cfe11949e3e8ba3899abe

  • SHA256

    6c54b16036d4bb6c8600a74e75316b8712725f2ef1a2bce660d7227a74bd68bb

  • SHA512

    835555d58160cdc8ce0d527145ccc4f7c4057f1ce1a3ea6c9ab1a040bc014b754e1ee6dc20024c317caa74c456b5767f3deab2eaee4f12d3b085bdcdd73dad80

Score
10/10
kutakikeyloggerstealer

Malware Config

Targets

    • Target

      Invoice Confirmation.exe

    • Size

      532KB

    • MD5

      ddba3b95498cd1cb484ac05fcc362309

    • SHA1

      25589926b5c189b8bee1c942839993c966c2a48a

    • SHA256

      6d1939969f1763fa1f69073ed09fa37d443fd3a6739584bf5943ca8e54963023

    • SHA512

      01db638e872d7f257a30586f989802e1d17f0c5aea06ac6d19939fef2e507e7bcd2e7fa07589d39f3e2a166ed1a900d4869be86a876c58dcf3f34c5efdd53cae

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks