General
-
Target
e469d954208648089041e21f6d882702_JaffaCakes118
-
Size
2.7MB
-
Sample
240407-jksdaagf79
-
MD5
e469d954208648089041e21f6d882702
-
SHA1
454bf06e9f471a7590187c7806231cb957fec5e5
-
SHA256
03dd5030cf9419d5f328b6ddf8bce820199c0aad46caf85c68aeb1645133972d
-
SHA512
54f53702056611a8be894a77651f8635bfddaa0be1705a983497b290b4b1ea8fd8513db4ddcb0831beba9fda421efb2cf67921679a5863ead16462fba478ca9a
-
SSDEEP
24576:pZKlRgOIfgOIcVylQpgst89780uEOjxWfmP/UDMS08Ckn3U:pZMW5/pVP5tI7nfmP/SA8Nk
Malware Config
Extracted
kutaki
http://sdaskmda.club/papa/love.php
http://terebinnahicc.club/sec/kool.txt
Targets
-
-
Target
e469d954208648089041e21f6d882702_JaffaCakes118
-
Size
2.7MB
-
MD5
e469d954208648089041e21f6d882702
-
SHA1
454bf06e9f471a7590187c7806231cb957fec5e5
-
SHA256
03dd5030cf9419d5f328b6ddf8bce820199c0aad46caf85c68aeb1645133972d
-
SHA512
54f53702056611a8be894a77651f8635bfddaa0be1705a983497b290b4b1ea8fd8513db4ddcb0831beba9fda421efb2cf67921679a5863ead16462fba478ca9a
-
SSDEEP
24576:pZKlRgOIfgOIcVylQpgst89780uEOjxWfmP/UDMS08Ckn3U:pZMW5/pVP5tI7nfmP/SA8Nk
Score10/10-
Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
-
Kutaki Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-