General
-
Target
bb66a2b312b016cf0fa6cc05043f87ba
-
Size
376KB
-
Sample
240308-qxwpsshb9x
-
MD5
bb66a2b312b016cf0fa6cc05043f87ba
-
SHA1
0921f77b7bde2a380056d0a279c87dcc66c047a7
-
SHA256
e539bda619e24bb25719a6d5cf637643965d2561cd35ce24543d6a2f61963cf8
-
SHA512
21099c4190e790c09eb4b83d4070a7699395b7ff7f8743bf27ea5a6dbe38eb40a4d7fa76e8b5f1f3878c75666d7fca95d80bc25e848e1b23482692efee8d83eb
-
SSDEEP
6144:gIaXScb1S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHTonWryFDYRF:T46A9jmP/uhu/yMS08CkntxYRF
Malware Config
Extracted
kutaki
http://sdaskmda.club/papa/love.php
http://terebinnahicc.club/sec/kool.txt
Targets
-
-
Target
bb66a2b312b016cf0fa6cc05043f87ba
-
Size
376KB
-
MD5
bb66a2b312b016cf0fa6cc05043f87ba
-
SHA1
0921f77b7bde2a380056d0a279c87dcc66c047a7
-
SHA256
e539bda619e24bb25719a6d5cf637643965d2561cd35ce24543d6a2f61963cf8
-
SHA512
21099c4190e790c09eb4b83d4070a7699395b7ff7f8743bf27ea5a6dbe38eb40a4d7fa76e8b5f1f3878c75666d7fca95d80bc25e848e1b23482692efee8d83eb
-
SSDEEP
6144:gIaXScb1S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHTonWryFDYRF:T46A9jmP/uhu/yMS08CkntxYRF
Score10/10-
Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
-
Kutaki Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-