General

  • Target

    860b2b3ebe4d2638b63387b725a6c49f61b2900220c1f1c0a16c9ad885918d56

  • Size

    560KB

  • Sample

    220731-fv5jtaahcm

  • MD5

    289ff54dd920551c867a1f0f0204136f

  • SHA1

    3ae6f9879caeefeaf7a7bc62fad5d662a8027add

  • SHA256

    860b2b3ebe4d2638b63387b725a6c49f61b2900220c1f1c0a16c9ad885918d56

  • SHA512

    c7debb469a2ec6b28af5ca520944c1af5f8c99cfc7742223d9932725092eb7e361c195cdb1f031f93e4ce0d6e02060d72bd9054549f1320b371212f4ada95145

Malware Config

Extracted

Family

kutaki

C2

http://maregatu.club/paapoo/pove.php

http://terebinnahi.club/sec/kool.txt

Targets

    • Target

      860b2b3ebe4d2638b63387b725a6c49f61b2900220c1f1c0a16c9ad885918d56

    • Size

      560KB

    • MD5

      289ff54dd920551c867a1f0f0204136f

    • SHA1

      3ae6f9879caeefeaf7a7bc62fad5d662a8027add

    • SHA256

      860b2b3ebe4d2638b63387b725a6c49f61b2900220c1f1c0a16c9ad885918d56

    • SHA512

      c7debb469a2ec6b28af5ca520944c1af5f8c99cfc7742223d9932725092eb7e361c195cdb1f031f93e4ce0d6e02060d72bd9054549f1320b371212f4ada95145

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks