General
-
Target
SAMPLE_FILES_20240318-093859.ZIP
-
Size
364KB
-
Sample
240318-bj8d4scg32
-
MD5
e21e096ef13b5269858350be52444cf6
-
SHA1
247561fcbd950ef2736679eacd2bf62a390de242
-
SHA256
b011f563c0b25f73466fc615af1a11573670a09949763d15a19dff56891b0717
-
SHA512
fea2e75e8ae52196d5c4b87a9dda2451553891c70429e6a4846b006f89b73130e19b0b0fe667e80fb3b308058b74e6d52ed2dddeac1e3102e2fd0d50dbb6b84a
-
SSDEEP
6144:m29dJg59juoFg3zaWC7Are4glA9nm3v/VuSY39w9labkOuhQAS0y+lMiHTonWLyF:mGtoyDaWC7Are4oA9nmf/O9uNWAS0iCU
Behavioral task
behavioral1
Sample
EC240316AAAAK-000001_Tax Payment Challan.exe
Resource
win7-20240221-en
Malware Config
Extracted
kutaki
http://linkwotowoto.club/new/two.php
Targets
-
-
Target
EC240316AAAAK-000001_Tax Payment Challan.exexx
-
Size
637KB
-
MD5
bbf998f39ff78309effce75ce3ed0020
-
SHA1
0050caf84cfc083ea0af0cb8cee13955b7e13d2b
-
SHA256
4eb1e5e57cada95932e85d71062c1d3f95ca3b7a3764c26e95bc90171d21d543
-
SHA512
f90c300691fdc6a83f2a5ef986562df0fe06982f7dfa7886ff09096e15cc32a7a842bb20e4493b6afab68a5978a3cfef7b84bca6d17d33bfc0540414615aad99
-
SSDEEP
12288:hRxbFaGd/kcAR/46A9jmP/uhu/yMS08CkntxYR3L:tbFaGNrfmP/UDMS08Ckn3u
-
Kutaki Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-