General

  • Target

    757bbabd8aa0a349924f8623b2941622a53e343d567ded0c9f1ac347f029a428

  • Size

    472KB

  • Sample

    220731-fwb9nahhd8

  • MD5

    4d1348260342c3c3feb5e575f457f45b

  • SHA1

    41fcdb6cc5159f8e36640afccb84fce965b613a8

  • SHA256

    757bbabd8aa0a349924f8623b2941622a53e343d567ded0c9f1ac347f029a428

  • SHA512

    29ff61ba7e3975453734c17941c193782ae258ca450cf9b59318d050a2ab44f6e5ff57e7b198e03a0636b5c3ff6b17ffaa94f556559f140a0792d2b7413a926c

Malware Config

Targets

    • Target

      757bbabd8aa0a349924f8623b2941622a53e343d567ded0c9f1ac347f029a428

    • Size

      472KB

    • MD5

      4d1348260342c3c3feb5e575f457f45b

    • SHA1

      41fcdb6cc5159f8e36640afccb84fce965b613a8

    • SHA256

      757bbabd8aa0a349924f8623b2941622a53e343d567ded0c9f1ac347f029a428

    • SHA512

      29ff61ba7e3975453734c17941c193782ae258ca450cf9b59318d050a2ab44f6e5ff57e7b198e03a0636b5c3ff6b17ffaa94f556559f140a0792d2b7413a926c

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks