General

  • Target

    9e13ee156adab18f49542bb2aa805489042260128faf9fd44de825dd2468dc7c

  • Size

    1004KB

  • Sample

    220731-jwqntsgebn

  • MD5

    70d39c25c29fb2dccf9f1ec8c3968fe6

  • SHA1

    be09f6755b4db2349af50ddde6fab592b46854df

  • SHA256

    9e13ee156adab18f49542bb2aa805489042260128faf9fd44de825dd2468dc7c

  • SHA512

    0aa03aec675f95a30a7057e9316d492ce57c2dcbfb24c0990ab38b1a10ac88c2cfe26829201ecd7a92767200e156618f6338798eae7d6b9e86b1aaab1ce03434

Malware Config

Extracted

Family

kutaki

C2

http://maregatu.club/paapoo/pove.php

http://terebinnahi.club/sec/kool.txt

Targets

    • Target

      9e13ee156adab18f49542bb2aa805489042260128faf9fd44de825dd2468dc7c

    • Size

      1004KB

    • MD5

      70d39c25c29fb2dccf9f1ec8c3968fe6

    • SHA1

      be09f6755b4db2349af50ddde6fab592b46854df

    • SHA256

      9e13ee156adab18f49542bb2aa805489042260128faf9fd44de825dd2468dc7c

    • SHA512

      0aa03aec675f95a30a7057e9316d492ce57c2dcbfb24c0990ab38b1a10ac88c2cfe26829201ecd7a92767200e156618f6338798eae7d6b9e86b1aaab1ce03434

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks