General

  • Target

    https://bongdalu.media/wp-content/plugins/wp-automatic/challan.zip

  • Sample

    240509-ga24mada8w

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Targets

    • Target

      https://bongdalu.media/wp-content/plugins/wp-automatic/challan.zip

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    • Drops startup file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks