General

  • Target

    rrer

  • Size

    118B

  • Sample

    230727-fg27jahf88

  • MD5

    7df22483fc28e11687de7b6ae3dd8112

  • SHA1

    7e8ea44249c9d32827380ab197da96e7579108da

  • SHA256

    6e58e550bd70d90404f4dc31665b65fe94e7d0b522d523b87e1202df1d42aff4

  • SHA512

    c8fb3e2ae60ab8a72adfa680ebff102480fa36a5a7ce69cd06eea0a381b24eaa5cdeb1acb95b16f44fa4a82e3109d7e6938d1530440a7018dffc065bbd49c157

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Targets

    • Target

      rrer

    • Size

      118B

    • MD5

      7df22483fc28e11687de7b6ae3dd8112

    • SHA1

      7e8ea44249c9d32827380ab197da96e7579108da

    • SHA256

      6e58e550bd70d90404f4dc31665b65fe94e7d0b522d523b87e1202df1d42aff4

    • SHA512

      c8fb3e2ae60ab8a72adfa680ebff102480fa36a5a7ce69cd06eea0a381b24eaa5cdeb1acb95b16f44fa4a82e3109d7e6938d1530440a7018dffc065bbd49c157

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Drops startup file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks