General

  • Target

    Tanks

  • Size

    536KB

  • Sample

    220805-ggn6caffb6

  • MD5

    a695ab311e3449cacf5a2611dffac5bd

  • SHA1

    919bcf5d483dc9f3875114cc5fd680218f1316e5

  • SHA256

    adf9efacd9820fcb0f0fa83f1eb39732e53706cce443286a6484eb59abcc91ff

  • SHA512

    59f512f5a778fd79e6312f5fe9a7edc6987fa1049ba9570dbc1cc43f93c673fcb4a04ae2cae417576f5579cce644bf7567fae4d1996e45572b243bdb987799dc

Malware Config

Extracted

Family

kutaki

C2

http://newloshree.xyz/work/kenny3.php

Targets

    • Target

      Tanks

    • Size

      536KB

    • MD5

      a695ab311e3449cacf5a2611dffac5bd

    • SHA1

      919bcf5d483dc9f3875114cc5fd680218f1316e5

    • SHA256

      adf9efacd9820fcb0f0fa83f1eb39732e53706cce443286a6484eb59abcc91ff

    • SHA512

      59f512f5a778fd79e6312f5fe9a7edc6987fa1049ba9570dbc1cc43f93c673fcb4a04ae2cae417576f5579cce644bf7567fae4d1996e45572b243bdb987799dc

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks