General

  • Target

    Payment Invoice.exe

  • Size

    536KB

  • Sample

    220805-lggtgsaehp

  • MD5

    9843b9fbac7c29e981b543b30c66558e

  • SHA1

    bc623264ef801a18de80e47b77dd4b273312222c

  • SHA256

    3638566d6e2badddcb7f89c0b86dc064140d491adbec824cc5cf7386b487160c

  • SHA512

    a9fb7623d0ae4f30d81eef2d3d5904d889d3421d6041c05bbc33531c3d5c484bd81414b7153e8a943d98560ec9a6efdbb0b677c0aaf555af453fb5e513f3b2b9

Malware Config

Extracted

Family

kutaki

C2

http://newloshree.xyz/work/kenny3.php

Targets

    • Target

      Payment Invoice.exe

    • Size

      536KB

    • MD5

      9843b9fbac7c29e981b543b30c66558e

    • SHA1

      bc623264ef801a18de80e47b77dd4b273312222c

    • SHA256

      3638566d6e2badddcb7f89c0b86dc064140d491adbec824cc5cf7386b487160c

    • SHA512

      a9fb7623d0ae4f30d81eef2d3d5904d889d3421d6041c05bbc33531c3d5c484bd81414b7153e8a943d98560ec9a6efdbb0b677c0aaf555af453fb5e513f3b2b9

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks