General

  • Target

    5575d516016285aaa303aef92c9e9ee7f65aa2982bff91664faeb4d767893594

  • Size

    718KB

  • Sample

    220503-y3qpqsedfl

  • MD5

    90e430e87fa6264866426242ea4c3ad0

  • SHA1

    f759eae55a8231875c2e1468a6cb7004f70d5665

  • SHA256

    5575d516016285aaa303aef92c9e9ee7f65aa2982bff91664faeb4d767893594

  • SHA512

    e89bbf82c52f02010c5ab788681cab637b716150f1b752fe096e587fa04fb68d0782674ec30da66a2e7d717bec9bae1854023c7296fc80d7039f32c7b933c485

Malware Config

Targets

    • Target

      TRANSFER COPY.exe

    • Size

      1.9MB

    • MD5

      409c3e610fdff7165ea03ae828a10a85

    • SHA1

      6c74e3488bc6b2dd6ae7c4f6dcb0388a50282d61

    • SHA256

      f8a24fe1aa9092c805572d4e2e6188dc4c99ca9255f0fbf98fb101f33e9e99b7

    • SHA512

      12c93a24ac73e4bb1eb2040107fdb845e48f96f91bd301e91614a247ef002e4b8657603d636de6c87f338dc3a3dc55f1dbf3a3cddec1e021fe68f29baf41b53f

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks