General

  • Target

    bf51b56b57a92f9c4593337428209f032afa0b4df571190f99e4368415e42a09

  • Size

    568KB

  • Sample

    220701-htb7zsafa7

  • MD5

    3acd878dcad8af0f84eae82ae801b654

  • SHA1

    14931b89a4adada1d61e9aa3d437ce74045898ce

  • SHA256

    bf51b56b57a92f9c4593337428209f032afa0b4df571190f99e4368415e42a09

  • SHA512

    934131e128f7ed31b92e7340100b6a50d1fa40482c3ea8fbff91f21cc6718fc7cc66eaf235d5746d51ba22872a499c1f659c69477bf07f3d60ac1bb6a74075c6

Malware Config

Targets

    • Target

      bf51b56b57a92f9c4593337428209f032afa0b4df571190f99e4368415e42a09

    • Size

      568KB

    • MD5

      3acd878dcad8af0f84eae82ae801b654

    • SHA1

      14931b89a4adada1d61e9aa3d437ce74045898ce

    • SHA256

      bf51b56b57a92f9c4593337428209f032afa0b4df571190f99e4368415e42a09

    • SHA512

      934131e128f7ed31b92e7340100b6a50d1fa40482c3ea8fbff91f21cc6718fc7cc66eaf235d5746d51ba22872a499c1f659c69477bf07f3d60ac1bb6a74075c6

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks