General

  • Target

    Tax Payment Confirmation.exe

  • Size

    805KB

  • Sample

    240322-s76zmadd22

  • MD5

    ff22cbacd681684e683e3cc90b5eeb49

  • SHA1

    ff242e78602ea1c38bf81830932858188a682040

  • SHA256

    026fd16b5f3c3d9d23e9a9dbd29af68d89e6ed4d8cadc250e00d798fd489d74a

  • SHA512

    d012ee702f1566fd99658bc231ddb5152001c11f665351c6a269293f00a5d9d67ade90e3d342f30a4b709067c59e7d01c4eecf5d418f0ea638d1857f5f0c3b25

  • SSDEEP

    12288:cwU/v0YM3/BJzGG6bBiNH46A9jmP/uhu/yMS08CkntxYRjL:BK2BN6BiNYfmP/UDMS08Ckn3W

Malware Config

Extracted

Family

kutaki

C2

http://linkwotowoto.club/new/two.php

Targets

    • Target

      Tax Payment Confirmation.exe

    • Size

      805KB

    • MD5

      ff22cbacd681684e683e3cc90b5eeb49

    • SHA1

      ff242e78602ea1c38bf81830932858188a682040

    • SHA256

      026fd16b5f3c3d9d23e9a9dbd29af68d89e6ed4d8cadc250e00d798fd489d74a

    • SHA512

      d012ee702f1566fd99658bc231ddb5152001c11f665351c6a269293f00a5d9d67ade90e3d342f30a4b709067c59e7d01c4eecf5d418f0ea638d1857f5f0c3b25

    • SSDEEP

      12288:cwU/v0YM3/BJzGG6bBiNH46A9jmP/uhu/yMS08CkntxYRjL:BK2BN6BiNYfmP/UDMS08Ckn3W

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Kutaki Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks