General

  • Target

    c26838f117491d8399fea056b0d526071e0d73bf15640f156906f40c249797cd.bin

  • Size

    636KB

  • Sample

    220817-173wzagea7

  • MD5

    8cea967af9330e1173bdf4e26da7fae6

  • SHA1

    03e344254e12b2ac91e47597006e21621185b002

  • SHA256

    c26838f117491d8399fea056b0d526071e0d73bf15640f156906f40c249797cd

  • SHA512

    4f6b4093cf4e69bf1d4ff30f0a69777fc8e916c0733364399ecd08106527322ad85c58f054323f8153acdacc6ef05b56d3b1de28621f78177111b29b76a6020b

  • SSDEEP

    6144:U0Wnw+yGM/Bd+nBf52A2tegcH61S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHx:U2LfQ346A9jmP/uhu/yMS08CkntxYRL5

Malware Config

Extracted

Family

kutaki

C2

http://newloshree.xyz/work/son.php

Targets

    • Target

      c26838f117491d8399fea056b0d526071e0d73bf15640f156906f40c249797cd.bin

    • Size

      636KB

    • MD5

      8cea967af9330e1173bdf4e26da7fae6

    • SHA1

      03e344254e12b2ac91e47597006e21621185b002

    • SHA256

      c26838f117491d8399fea056b0d526071e0d73bf15640f156906f40c249797cd

    • SHA512

      4f6b4093cf4e69bf1d4ff30f0a69777fc8e916c0733364399ecd08106527322ad85c58f054323f8153acdacc6ef05b56d3b1de28621f78177111b29b76a6020b

    • SSDEEP

      6144:U0Wnw+yGM/Bd+nBf52A2tegcH61S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHx:U2LfQ346A9jmP/uhu/yMS08CkntxYRL5

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks